Announcing the Underhanded PowerShell Contest
In an effort to improve the validation capability of PowerShell Script Analyzer, we are running a series of contests. We want you – the community members – to help us identify underhanded PowerShell scripts, and then create rules to catch them. There are specific areas where Script Analyzer rules are needed and we need your skills to help us hone them.
What is underhanded PowerShell code?
Basically, code that is designed to do something the user would not intend, or takes actions that are not apparent to someone who would casually read the code.
For example, an underhanded approach to running ‘[System.Runtime.InteropServices.Marshal]::SystemDefaultCharSize’ might be:
$type = [Type] ("System.Runtime.InteropSe" + "rvices.Mar" + "shal") $property = "SystemDef" + "aultCharSize" $type::$property
We’ll be running this contest in two phases: “Red Team”, and “Blue Team”. In the “Red Team” phase, you get to unleash your underhanded creativity in writing underhanded PowerShell code. In an upcoming “Blue Team” phase, we’ll be looking for creative and reliable defenses to detect underhanded PowerShell. Participation in both contests will be allowed – and in fact encouraged!
For more details and participation instructions, come visit us on the Contest Page!