this post was submitted on 31 May 2025
10 points (100.0% liked)
Pulse of Truth
1146 readers
36 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So how do these embedded scripts get extracted? You need a separate executable to do the actual extraction/execution?
Yes. And you will have a good chance that the EDR wont flag the extractor since its not suspicious code per se.
Interesting thanks!