PowerShell

PowerShell Obfuscation: Stealth Through Confusion, Part II

Michael Buckbee

Mar 29, 2020

Let’s step back a little from the last post’s exercise in jumbling PowerShell commands. Obfuscating code as a technique to avoid detection by malware and virus scanners (or prevent reverse...

How To Use PowerShell for Privilege Escalation with Local Computer Accounts

Michael Buckbee

Mar 29, 2020

Privilege escalation is when an attacker is able to exploit the current rights of an account to gain additional, unexpected access. While this can be caused by zero-day vulnerabilities, state-level...

What is Endpoint Security? A Complete Guide

Michael Buckbee

Oct 17, 2019

Endpoint security is a growing concern for enterprises in every industry, given the value of digital assets and data, and must be a cybersecurity priority.

Practical PowerShell for IT Security, Part V: Security Scripting Platform Gets a Makeover

Michael Buckbee

Aug 22, 2017

A few months ago, I began a mission to prove that PowerShell can be used as a security monitoring tool. I left off with this post, which had PowerShell code...

Disabling PowerShell and Other Malware Nuisances, Part III

Michael Buckbee

Jun 08, 2017

One of the advantages of AppLocker over Software Restriction Policies is that it can selectively enable PowerShell for Active Directory groups. I showed how this can be done in the...

Disabling PowerShell and Other Malware Nuisances, Part II

Michael Buckbee

Jun 02, 2017

Whitelisting apps is nobody’s idea of fun. You need to start with a blank slate, and then carefully add back apps you know to be essential and non-threatening. That’s the...

How to use PowerShell for WannaCry / WannaCrypt cleanup and prevention

Michael Buckbee

May 16, 2017

Use PowerShell to help test and resolve issues from WannaCry / WannaCrypt variants and other ransomware attacks.

Practical PowerShell for IT Security, Part IV:  Security Scripting Platform (SSP)

Michael Buckbee

May 10, 2017

In the previous post in this series, I suggested that it may be possible to unify my separate scripts — one for event handling, the other for classification — into...

Practical PowerShell for IT Security, Part II: File Access Analytics (FAA)

Michael Buckbee

Mar 22, 2017

In working on this series, I almost feel that with PowerShell we have technology that somehow time-traveled back from the future. Remember on Star Trek – the original of course...

The Difference Between Bash and Powershell

Michael Buckbee

Sep 13, 2016

You don’t normally talk philosophy and IT when considering Bash and Powershell, but if it’s one thing I’ve learned over the past 20 years of sysadmin work it’s that whether...

The Complete PowerShell Tool Roundup

Michael Buckbee

Sep 06, 2016

A hand-curated list of 70 tools to power up your workflow.

Using PowerShell to Combat CryptoLocker

Michael Buckbee

Oct 17, 2014

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we...