BYOSI
- Bring-Your-Own-Script-Interpreter
- Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter.
PolyDrop
- Leverages thirteen scripting languages to perform the above attack.
The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp -丹诺所有这些语言都可以完全执行,并由MS-Defender建立反向外壳。我们假设列表更长,因为诸如PHP之类的语言被认为是“死”语言。
- Currently undetectable by most mainstream Endpoint-Detection Response vendors.
无法扫描或处理PHP文件类型的供应商总数为14,它们在:以下列出Alibaba Avast-Mobile BitDefenderFalx Cylance DeepInstinct Elastic McAfee Scanner Palo Alto Networks SecureAge SentinelOne (Static ML) Symantec Mobile Insight Trapmine Trustlook Webroot And the total number of vendors that are unable to accurately identify malicious PHP scripts is 54, and they are listed below:
Acronis(静态ML)AHNLAB-V3 Alyac Alyac Alyac Artiy-Avl Arcabit Avira(无云)Baidu Bitdefender bitdefenderTefenderTheta Clamav Cmc CRAWDSTRIKE CRAWDSTRIKE CYBERSTRIKE CYBEREAN CYNENET CYNET CYNET DRWEWEBE drwebe emsisoft eSteSoft eSteSoft Estecan Eset eset eset eset eSet-nod32 fort nod32 fortinet gdata gdata gridisef(no) lionic恶意软件最大最大纳米抗病毒panda QuickSheal发动机零天海(SWG)Shophos Sphyos Suphos Superantispyware Symantec Tachyon tachyon tachyon tachyon tencent tencent tencent Trellix(ens)Trellix(ENS)Trellix(HX)Trellix(HX)考虑到这一点,检查点分区以及确定基于PHP的恶意软件的绝对缺点,我们提出了这样的理论,即这些供应商也是这些供应商的监督,包括CrowdStrike,Sentinel1,Palo Alto,Fortinet等。我们至少能够确定这些明显的恶意发挥作用。
