该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容，希望对您有所帮助！

LotL离地攻击：

• https://github.com/LOLBAS-Project/LOLBAS

作者博客：

• Powershell恶意代码检测 (1)论文总结及抽象语法树（AST）提取
• Powershell恶意代码检测 (2)抽象语法树自动提取万字详解
• Powershell恶意代码检测 (3)Token关键词自动提取
• Powershell恶意代码检测 (4)混淆和反混淆
• Powershell恶意代码检测 (5)APT中的Powershell、常用数据集及数据标注实验

(1) Zhenyuan Li, et al. Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts. CCS, 2019: 1831-1847.

• https://dl.acm.org/doi/pdf/10.1145/3319535.3363187
• 浙江大学，最经典的一篇Powershell论文，详细介绍解混淆工作
• https://www.bilibili.com/video/av800038481/

(2) Danny Hendler, et al. Detecting Malicious PowerShell Commands using Deep Neural Networks. AsiaCCS, 2018: 187-197.

• BGU、微软
• https://dl.acm.org/doi/pdf/10.1145/3196494.3196511

(3) Danny Hendler, et al. AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings. AsiaCCS, 2020: 679-693

• BGU、微软
• https://dl.acm.org/doi/pdf/10.1145/3320269.3384742

(4) 刘岳, 刘宝旭, 等. 基于特征组合的Powershell恶意代码检测方法[J]. 信息安全学报, 2021, 6(1): 40-53.

• 中科院信工所

(5) Yong Fang, Xiangyu Zhou, Cheng Huang. Effective method for detecting malicious PowerShell scripts based on hybrid features. Neurocomputing, 448: 30-39 (2021).

• 四川大学
• https://www.sciencedirect.com/science/article/pii/S0925231221005099

(6) 彭国军, 等. 基于深度学习的PowerShell恶意代码家族分类研究[J]. 武汉大学学报（理学版）, 2022(1)

• 武汉大学国家网络安全学院

(7) Gili Rusak, et al. AST-Based Deep Learning for Detecting Malicious PowerShell. CCS, 2018: 2276-2278.

• CSAIL, MIT, USA
• https://dl.acm.org/doi/10.1145/3243734.3278496

(8) Chao Liu, et al. PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. ISCC, 2018: 825-831.

• 中科院信工所
• https://ieeexplore.ieee.org/document/8538691

(9) Denis Ugarte, et al. PowerDrive: Accurate De-obfuscation and Analysis of PowerShell Malware. DIMVA，2019: 240-259.

• University of Cagliari
• https://link.springer.com/chapter/10.1007/978-3-030-22038-9_12

(10) Jian Zhang, et al. A Novel Neural Source Code Representation Based on Abstract Syntax Tree. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), 2019.

• C语言抽象语法树
• https://ieeexplore.ieee.org/document/8812062

(11) G. M. Malandrone, G. Virdis, G. Giacinto , D. Maiorca. PowerDecode: a PowerShell Script Decoder Dedicated to Malware Analysis. 5th Italian Conference on CyberSecurity (ITASEC), 2021.

• 解混淆工具
• https://github.com/Malandrone/PowerDecode

(12) C. Xiong, Z. Li, et al. Generic, efficient, and effective deobfuscation and semantic-aware attack detection for PowerShell scripts. Frontiers of Information Technology & Electronic Engineering, vol.23, no.3, 2022, pp. 361-381.

• 浙大团队
• https://link.springer.com/article/10.1631/FITEE.2000436

(13) A. Alahmadi, N. Alkhraan, et al. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder. Computers & Security, vol.116, 2022, p. 102658.

• https://www.sciencedirect.com/science/article/pii/S0167404822000578

(1) github

• https://github.com/danielbohannon/Invoke-Obfuscation
• https://github.com/Malandrone/PowerDecode
• https://github.com/zhangj111/astnn
• https://github.com/lzybkr/ShowPSAst
• https://github.com/thewhiteninja/deobshell

(2) 其他

• https://powershell.one/powershell-internals/parsing-and-tokenization/abstract-syntax-tree
• https://powershell.one/powershell-internals/parsing-and-tokenization/simple-tokenizer
• https://docs.microsoft.com/en-us/dotnet/api/system.management.automation.psparser.tokenize?view=powershellsdk-7.0.0

By：Eastmount CSDN 2022-03-20