Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scripts. You will learn, which events to check, how to detect PowerShell and decode scripts. According to Mari, it’s only the first part, she will keep writing and teach us how to detect malicious PowerShell scripts in registry (part 2) and memory (part 3).
-
No Tool Fits All – Why Building a Solid Toolbox Matters
In the world of forensics, mobile device investigations could be the most complicated of a… -
Security Event Logging and Monitoring Techniques for Incident Response in Hadoop
This presentation will share some of the techniques and lessons learned in real-world Hado… -
Smart Car Forensics and Vehicle Weaponization
Given a relatively new car with an infotainment system completely decoupled from the car&#…
Load More Related Articles
-
Linux Binary Poisoning Detection
In this post guys from Sandfly Security describe the process of detection poisoned Linux b… -
Malicious PowerShell in the Registry: Persistence
Mari DeGrazia continues her series of blogs about detecting and analysis of malicious Powe… -
Parsing APFS with Magnet AXIOM
Despite the fact APFS isn’t currently supported by AXIOM, the author of “The S…
Load More In How To
