Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell module detectionuserundll32fyi
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta/
Invoke-Obfuscation Via Use MSHTA | Detection.FYI
Detects Obfuscated Powershell via use MSHTA in Scripts
invoke obfuscation viadetection fyiusemshta
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell detection fyiuserundll32