GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
GitHub

detect_empire_with_powershell_script_block_logging.yml

description: The following analytic detects suspicious PowerShell execution indicative of PowerShell-Empire activity. It leverages PowerShell Script Block Logging (EventCode=4104) to capture and ...
LinkedIn

How to deploy a Printer with Active Directory and Group Policy

I was handed a project that could easily of been fixed by a really long usb cable (50 - 100 ft) but for flexibility of the physical devices it was better to look at a network based solution for ...