Skip to content

Commit

Permalink
add POSHSPY
Browse files Browse the repository at this point in the history
  • Loading branch information
@shutupandhax
shutupandhax committed Jun 13, 2017
1 parent 990898f commit c7ac848
Show file tree
Hide file tree
Showing 3 changed files with 939 additions and 0 deletions.
10 changes: 10 additions & 0 deletions POSHSPY/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# POSHSPY
Fileless WMI and PowerShell Backdoors (POSHSPY)

APT29 POSHSPY backdoor sample (redacted) forked from: https://github.com/matthewdunwoody/POSHSPY/

### References

* https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
* https://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016
* https://www.youtube.com/watch?v=Ldzr0bfGtHc
Loading

0 comments on commit c7ac848

Please sign in to comment.