open-menu
closeme
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - PoshModule
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Evil-WinRm Execution - PowerShell Module
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsModule
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Decompress Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get Clipboard
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Module)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Machine Password by PowerShell
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Information for SMB Share - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Local Groups Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADDBAccount Usage
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Get-NetTCPConnection - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell Module
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
to-top