PowerShell VI – Defense

by Frank Ully

This is the sixth and final instalment in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT staff can prevent them in the first place. This article describes which measures IT security managers can implement to protect their organizations against PowerShell attacks. [read the German article]

PowerShell V – Forensic analysis of PowerShell attacks

by Frank Ully

This is the fifth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces methods that incident responders and IT forensic analysts can use to investigate PowerShell attacks, including memory analysis. [read the German article]