Suspicious PowerShell hunt (cross-platform ideas)
"Hypothesis-driven hunt plan for suspicious PowerShell, plus query snippets for common telemetry."
Install
npx skillscat add tsale/awesome-dfir-skills/suspicious-powershell-hunt-cross-platform-ideas Install via the SkillsCat registry.
Install
npx skillscat add tsale/awesome-dfir-skills/suspicious-powershell-hunt-cross-platform-ideas Install via the SkillsCat registry.