Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are “living off the land”. To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile, numerous obfuscators (namely tools perform syntax transformation) are open source, thus making obfuscating given commands increasingly effortless.
However, the number of suitable defenses remains to be few. For Linux command line obfuscation, we can barely find any detection tools. Concerning defenses against Windows command obfuscation, existing schemes turn out to either lack of toolization, or only partially resolve the entire problem, sometimes even inaccurately.