Kirtar Oz is involved in the analysis of PowerShell attacks among customers. He came up with several indicators that will help detect potential PowerShell attacks in the environment. These indicators are based on analysis and research.
This article discusses the topic of how PowerShell is used in attacks that are observed in the wild, and then Kirtar looks at the discovery mechanism. There are many ways in which PowerShell scripts can be confusing.
DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.
