This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse. https://www.secjuice.com/enterprise-powershell-protection-logging/
Continue readingMonth: February 2021
Was neues um an EDR vorbeizukommen – ScareCrow
ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). https://github.com/optiv/ScareCrow
Continue reading