{"id":11662,"date":"2016-03-07T14:46:24","date_gmt":"2016-03-07T22:46:24","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/powershell\/?p=11662"},"modified":"2019-02-18T12:38:19","modified_gmt":"2019-02-18T19:38:19","slug":"announcing-the-underhanded-powershell-contest","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/announcing-the-underhanded-powershell-contest\/","title":{"rendered":"Announcing the Underhanded PowerShell Contest"},"content":{"rendered":"<p><span style=\"font-family: Ver;font-size: small\">In an effort to improve the validation capability of PowerShell Script Analyzer, we are running a series of contests. We want you &#8211; the community members &#8211; to help us identify underhanded PowerShell scripts, and then create rules to catch them. There are specific areas where Script Analyzer rules are needed and we need your skills to help us hone them.<\/span><\/p>\n<h3>What is underhanded PowerShell code?<\/h3>\n<p><span style=\"font-family: Ver;font-size: small\">Basically, code that is designed to do something the user would not intend, or takes actions that are not apparent to someone who would casually read the code.<\/span><\/p>\n<p style=\"margin-bottom: 16px;margin-top: 0px;color: #333333;font: 16px\/25px 'Helvetica Neue', helvetica, 'Segoe UI', arial, freesans, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';letter-spacing: normal;text-indent: 0px\"><span style=\"font-family: Ver;font-size: small\">For example, an underhanded approach to running \u2018<span style=\"float: none;color: #333333;font: 13px\/21px consolas, 'Liberation Mono', menlo, courier, monospace;letter-spacing: normal;text-indent: 0px\">[System.Runtime.InteropServices.Marshal]::SystemDefaultCharSize<\/span>\u2019 might be:<\/span><\/p>\n<div class=\"highlight highlight-source-powershell\" style=\"margin-bottom: 16px;color: #333333;font: 16px\/25px 'Helvetica Neue', helvetica, 'Segoe UI', arial, freesans, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';letter-spacing: normal;text-indent: 0px\">\n<pre style=\"overflow: auto;margin-bottom: 0px;margin-top: 0px;font: 13px\/1.45 consolas, 'Liberation Mono', menlo, courier, monospace;background-color: #f7f7f7;padding: 16px\"><span class=\"pl-k\" style=\"color: #a71d5d\">$<\/span><span class=\"pl-smi\" style=\"color: #333333\">type<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">=<\/span> <span class=\"pl-e\" style=\"color: #795da3\">[Type]<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">(<\/span><span class=\"pl-s\" style=\"color: #183691\">\"System.Runtime.InteropSe\"<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">+<\/span> <span class=\"pl-s\" style=\"color: #183691\">\"rvices.Mar\"<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">+<\/span> <span class=\"pl-s\" style=\"color: #183691\">\"shal\"<\/span><span class=\"pl-k\" style=\"color: #a71d5d\">)<\/span>\n<span class=\"pl-k\" style=\"color: #a71d5d\">$<\/span><span class=\"pl-smi\" style=\"color: #333333\">property<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">=<\/span> <span class=\"pl-s\" style=\"color: #183691\">\"SystemDef\"<\/span> <span class=\"pl-k\" style=\"color: #a71d5d\">+<\/span> <span class=\"pl-s\" style=\"color: #183691\">\"aultCharSize\"<\/span>\n<span class=\"pl-k\" style=\"color: #a71d5d\">$<\/span><span class=\"pl-smi\" style=\"color: #333333\">type<\/span>::<span class=\"pl-k\" style=\"color: #a71d5d\">$<\/span><span class=\"pl-smi\" style=\"color: #333333\">property<\/span><\/pre>\n<\/div>\n<p><span style=\"font-size: small\">We&#8217;ll be running this contest in two phases: &#8220;Red Team&#8221;, and &#8220;Blue Team&#8221;. In the &#8220;Red Team&#8221; phase, you get to unleash your underhanded creativity in <em>writing<\/em> underhanded PowerShell code. In an upcoming &#8220;Blue Team&#8221; phase, we&#8217;ll be looking for creative and reliable defenses to detect underhanded PowerShell. Participation in both contests will be allowed &#8211; and in fact encouraged!<\/span><\/p>\n<p><span style=\"font-size: small\">For more details and participation instructions, come visit us on the <a href=\"https:\/\/github.com\/PowerShell\/underhanded-powershell\">Contest Page<\/a>!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an effort to improve the validation capability of PowerShell Script Analyzer, we are running a series of contests. We want you &#8211; the community members &#8211; to help us identify underhanded PowerShell scripts, and then create rules to catch them. There are specific areas where Script Analyzer rules are needed and we need your [&hellip;]<\/p>\n","protected":false},"author":600,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell"],"acf":[],"blog_post_summary":"<p>In an effort to improve the validation capability of PowerShell Script Analyzer, we are running a series of contests. We want you &#8211; the community members &#8211; to help us identify underhanded PowerShell scripts, and then create rules to catch them. There are specific areas where Script Analyzer rules are needed and we need your [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/11662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/600"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=11662"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/11662\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=11662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=11662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=11662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}