MCPmag

Slice and Dice with Hash Tables in PowerShell

The Group-Object cmdlet can offer up lots of information if you extract that info through hash tables. Here's how. One of the greatest benefits of Windows PowerShell is how it lets us slice and dice ...
Virtualization Review

Hands-On Lab: Turning PowerShell Scripts into Tools Worth Sharing

Learn how to transform everyday PowerShell one-liners and batch scripts into advanced functions with validation, pipeline support and help. Understand how to organize reusable code into modules with ...
How-To Geek on MSN

You’re wasting your time on Windows—these 3 PowerShell scripts save me hours every week

Stop doing manually what your PC has been able to automate since forever.
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor that operates a malware-signing-as-a-service (MSaaS) used by other cybercriminals to more effectively distribute malicious code, including ...
GitHub

7zip_commandline_to_smb_share_path.yml

description: The following analytic detects the execution of 7z or 7za processes with command lines pointing to SMB network shares. It leverages data from Endpoint Detection and Response (EDR) agents, ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
Bitdefender

FamousSparrow APT Targets Azerbaijani Oil and Gas Industry

I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...
GitHub

proc_creation_win_powershell_non_interactive_execution.yml

description: Detects non-interactive PowerShell activity by looking at the "powershell" process with a non-user GUI process such as "explorer.exe" as a parent ...