Kirtar Oz is involved in the analysis of PowerShell attacks among customers. He came up with several indicators that will help detect potential PowerShell attacks in the environment. These indicators are based on analysis and research.
This article discusses the topic of how PowerShell is used in attacks that are observed in the wild, and then Kirtar looks at the discovery mechanism. There are many ways in which PowerShell scripts can be confusing.