What are the advantages of malwares written in VBScript/JScript rather than in PowerShell? I'm talking about more advanced malwares than simple droppers, like RATs and cryptojackers.
I personally find the WSH languages to be very primitive and syntax to not be so pleasant. Is there any specific reason why attackers are choosing to write their malwares in WSH language? I have come up with some thoughts:
- WSH languages works pretty much in every windows platforms. There is no problems with version incapability like with powershell and .NET.
- There is less logging capabilites compared to powershell, no scriptblock logging for example.
- While powershell might be blocked, WSH is often overlooked.
- Various LOLBins offer fileless execution (mshta, regsvr32, rundll32)
WSH languages are quite unknown topic for me and I would like to learn more about prevention of WSH based malware. I have a few questions I'm hoping to get answered by:
- Does JScript offer more functionality over VBScript or are they just different by syntax?
- What are the most efficient ways of blocking and logging WSH based malware?
[link] [comments]
from hacking: security in practice https://ift.tt/DxKTA7e
Comments
Post a Comment