PoshCode
Community resources for PowerShell coders
Omaha PSUG 11/11/2014 - Matt Graeber - PowerShell and .NET Malware Analysis
Matt Graeber speaking to the Omaha PowerShell User Group on PowerShell and .Net Malware Analysis.
Most people that the extent of "reverse engineering" .NET code is throwing a .NET executable into their decompiler of choice and reading source code. Those people have never had the privilege of analyzing heavily obfuscated code designed to hamper analysis and in some cases, deliberately crash analysis tools. In this talk, Matt will show how he integrates PowerShell into his workflow to overcome most of the challenges that come with analyzing obfuscated .NET code. Get ready for a technical deep dive!
Matt is a malware reverse engineer, security professional, and PowerShell MVP who is always finding new ways to incorporate PowerShell into his workflow. As one of just a handful of security-minded PowerShell hackers, he also promotes PowerShell as an attack platform in an effort to raise awareness of its security implications in the enterprise. Recently, Matt has made extensive use of PowerShell to perform static and dynamic analysis of .NET malware and obfuscation utilities. When he’s not using PowerShell, you will often find him reversing native code in IDA Pro and WinDbg.