Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex/
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module | Detection.FYI
Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the code block cited in the reference...
powershell module detectioninvoke obfuscationobfuscatediexinvocation
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell module detectionuserundll32fyi
https://detection.fyi/sigmahq/sigma/windows/builtin/system/service_control_manager/win_system_invoke_obfuscation_via_compress_services/
Invoke-Obfuscation COMPRESS OBFUSCATION - System | Detection.FYI
Detects Obfuscated Powershell via COMPRESS OBFUSCATION
invoke obfuscationdetection fyicompresssystem
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta/
Invoke-Obfuscation Via Use MSHTA | Detection.FYI
Detects Obfuscated Powershell via use MSHTA in Scripts
invoke obfuscation viadetection fyiusemshta
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell detection fyiuserundll32
https://detection.fyi/sigmahq/sigma/unsupported/windows/driver_load_invoke_obfuscation_obfuscated_iex_services/
Invoke-Obfuscation Obfuscated IEX Invocation | Detection.FYI
Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework (See reference section for code block)
invoke obfuscationdetection fyiobfuscatediexinvocation