PowerShell
Articles
Explore by topic:
How To Get Started with PowerShell and Active Directory Scripting
This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be...
PowerShell Obfuscation: Stealth Through Confusion, Part II
Let’s step back a little from the last post’s exercise in jumbling PowerShell commands. Obfuscating code as a technique to avoid detection by malware and virus scanners (or prevent reverse...
PowerShell Obfuscation: Stealth Through Confusion, Part I
To get into the spirit of this post, you should probably skim through the first few slides of this presentation by Daniel Bohannon and Le Holmes given at Black Hat...
Practical PowerShell for IT Security, Part V: Security Scripting Platform Gets a Makeover
A few months ago, I began a mission to prove that PowerShell can be used as a security monitoring tool. I left off with this post, which had PowerShell code...
Disabling PowerShell and Other Malware Nuisances, Part III
One of the advantages of AppLocker over Software Restriction Policies is that it can selectively enable PowerShell for Active Directory groups. I showed how this can be done in the...
Disabling PowerShell and Other Malware Nuisances, Part II
Whitelisting apps is nobody’s idea of fun. You need to start with a blank slate, and then carefully add back apps you know to be essential and non-threatening. That’s the...
Disabling PowerShell and Other Malware Nuisances, Part I
Back in more innocent times, circa 2015, we began to hear about hackers going malware-free and “living off the land.” They used whatever garden-variety IT tools were lying around on...
How to use PowerShell for WannaCry / WannaCrypt cleanup and prevention
Explosive ransomware infection rates of WannaCrypt/WannaCry have IT groups trying to mass diagnose, update and protect their machines. Thing is, that’s just not practical to do manually – for pretty...
Practical PowerShell for IT Security, Part IV: Security Scripting Platform (SSP)
In the previous post in this series, I suggested that it may be possible to unify my separate scripts — one for event handling, the other for classification — into...
Practical PowerShell for IT Security, Part III: Classification on a Budget
Last time, with a few lines of PowerShell code, I launched an entire new software category, File Access Analytics (FAA). My 15-minutes of fame is almost over, but I was...