Obfuscation and Detection Techniques

Attackers are constantly improving and therefore are looking for new attacks, using evasion techniques to maintain the effectiveness of old vectors in the ever-changing protective landscape. Many of these threat participants use the obfuscation framework for common scripting languages, such as JavaScript and PowerShell, to prevent signature-based detection of conventional offensive tradecraft written in these languages. Some hidden intruders have translated their tradecraft into languages ​​that do not support this additional visibility.

In this technical documentation DOSfuscation, first introduced in Black Hat Asia 2018. The study was conducted for 9 months, in which the possibilities of cmd.exe were explored for entangling command-line arguments in several layers, using numerous multi-level methods. And also this study includes the development of coding methods from existing building blocks cmd.exe and write fuzzers to create thousands of samples of obfuscation teams.

Since intruders continue to rely on these methods, defenders must constantly adjust detection methods to keep up with evasion.
Perhaps this study allows advocates to more effectively understand and develop reliable detection capabilities for the genre cmd.exe
obfuscation, which is DOSfuscation.

More.