+ SECURE \ Kusto Query Language \ Microsoft PowerShell

February 26, 2024 Wayne Andes 76 Views 0 Comments 37 min read

Hunt For Suspicious Encoded PowerShell

PowerShell can be used encoded to obfuscate the commands that have been executed. An attacker can choose encoding to hide

+ SECURE Kusto Query Language Microsoft Defender for Endpoint Microsoft PowerShell Microsoft Sentinel

August 21, 2023 Wayne Andes 78 Views 0 Comments 9 min read

List PowerShell Invoke-Webrequest Execution

Description Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment

+ SECURE Kusto Query Language Microsoft Defender for Endpoint Microsoft PowerShell Microsoft Sentinel

August 14, 2023 Wayne Andes 72 Views 0 Comments 3 min read

Detect PowerShell Launching Scripts From WindowsApps Directory (FIN7)

Description Detection opportunity: Launching PowerShell scripts from windowsapps directory This pseudo-detector looks for the execution of PowerShell scripts from the windowsapps directory.

Build+Break+Secure

Build+Break+Secure

+ SECURE \ Kusto Query Language \ Microsoft PowerShell

Hunt For Suspicious Encoded PowerShell

List PowerShell Invoke-Webrequest Execution

Detect PowerShell Launching Scripts From WindowsApps Directory (FIN7)