Security researcher Pracsec demonstrated that despite Microsoft’s extensive efforts to improve heuristic signatures and detect AMSI bypass techniques, including the detection of code manipulation within AMSI.dll, certain methodologies still allow attackers to evade these protections. “Microsoft has put a ton of effort into deploying good heuristic signatures to block known AMSI bypass techniques and common ways they are obfuscated,” notes the researcher at Practical Security Analytics LLC, highlighting how the security landscape has evolved. The technique allows threat actors to evade detection while loading malicious .NET payloads into memory, presenting significant challenges for security teams. The researcher noted that NICS Labs identified “suspicious things about the script” but couldn’t see through the obfuscation, indicating that while AI integration into antivirus solutions may present future challenges for attackers, current implementations remain vulnerable. The attack relies on a sophisticated combination of logging bypass, AMSI bypass, and carefully applied obfuscation techniques to avoid detection. Security teams are advised to implement defense-in-depth strategies and consider advanced endpoint detection and response solutions that look beyond signature-based detection methods. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The attack chain leverages multiple stages of obfuscation, including removing comments, obfuscating member expressions, type expressions, function names, cmdlets, variables, and strings.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 04 Mar 2025 19:50:04 +0000