Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scripts. You will learn, which events to check, how to detect PowerShell and decode scripts. According to Mari, it’s only the first part, she will keep writing and teach us how to detect malicious PowerShell scripts in registry (part 2) and memory (part 3).
-
Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Micr… -
Breaking Full Disk Encryption
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential t… -
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm fea…
Load More Related Articles
-
How to Disassemble a Word Document with Embedded Macros
Here is a post by Paul Cimino, in which he goes through the steps to create a macro-embedd… -
Linux Binary Poisoning Detection
In this post guys from Sandfly Security describe the process of detection poisoned Linux b… -
Malicious PowerShell in the Registry: Persistence
Mari DeGrazia continues her series of blogs about detecting and analysis of malicious Powe…
Load More In How To
