GitHub

powershell_fileless_process_injection_via_getprocaddress.yml

description: The following analytic detects the use of `GetProcAddress` in PowerShell script blocks, leveraging PowerShell Script Block Logging (EventCode=4104). This method captures the full command ...
GitHub

PowerShell_Binary_Injection.yar

description = "Behavior identified by Kaspersky CTI Team in their - Modern Asian APT Groups report" reference = "https://media.kasperskycontenthub.com/wp-content ...
TechRepublic

PowerShell Cheat Sheet: The Ultimate Guide for Beginners

This comprehensive guide covers essential PowerShell information, including features, system requirements, and how Microsoft’s framework extends to task automation and management. PowerShell was ...