PowerShell IV – Memory forensics

by Frank Ully

This is the fourth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article provides a general introduction to memory forensics, a relatively new method of investigation for incident responders and IT forensic experts against modern threats such as PowerShell attacks. [read the German article]

PowerShell III – Script collections for post-exploitation

by Frank Ully

This is the third article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces publicly available script collections with offensive PowerShell scripts for post-exploitation. [read the German article]

PowerShell II – Malicious use of PowerShell

by Frank Ully

This is the second article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article looks at the features that make PowerShell so popular as an attack tool. [read the German article]