Windows Command-Line Obfuscation

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables.

Command-Line Obfuscation

Windows Command-Line Obfuscation

Invoke-Obfuscation – Liam Cleary [MVP Alumni and MCT]

Deconstructing PowerShell Obfuscation in Malspam Campaigns

Safelist Command Obfuscation With Symbols in Secure Endpoint

Using Deep Learning to Better Detect Command Obfuscation

PowerShell Obfuscation: Stealth Through Confusion, Part I

PowerShell Obfuscation using SecureString

Villain: Evading Windows Defender, by Cybertech Maven

Florian Roth on X: Sigma rule to detect suspicious Unicode

Flerken - Obfuscated Command Detection Tool - vulnerability

Obfuscating PowerShell Commands – Liam Cleary [MVP Alumni and MCT]

Obfuscated Command Line Detection Using Machine Learning

Exploring Windows Command-Line Obfuscation