Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex/ Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module | Detection.FYI Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the code block cited in the reference... powershell module detectioninvoke obfuscationobfuscatediexinvocation https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_syncappvpublishingserver_exe/ SyncAppvPublishingServer Bypass Powershell Restriction - PS Module | Detection.FYI Detects SyncAppvPublishingServer process execution which usually utilized by adversaries to bypass PowerShell execution restrictions. module detection fyibypasspowershellrestrictionps https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_use_rundll32/ Invoke-Obfuscation Via Use Rundll32 - PowerShell Module | Detection.FYI Detects Obfuscated Powershell via use Rundll32 in Scripts invoke obfuscation viapowershell module detectionuserundll32fyi https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_remotefxvgpudisablement_abuse/ Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module | Detection.FYI Detects PowerShell module creation where the module Contents are set to powershell module detectionpotentialexeabusefyi https://detection.fyi/mbabinski/sigma-rules/2023_redcanary_threatdetectionreport/technique_wmi_unusual_module_loads/ WMIC Unusual Module Loads (RedCanary Threat Detection Report) | Detection.FYI Detects the wmic process module loads potentially to perform application control bypasses. Part of the RedCanary 2023 Threat Detection Report. redcanary threat detectionwmicunusualmoduleloads https://detection.fyi/mbabinski/sigma-rules/2024_redcanary_threatdetectionreport/technique_wmi_unusual_module_loads/ Unusual Module Loads - WMI | Detection.FYI By monitoring and detecting on module loads, you can catch a variety of different malicious activities, including defense evasion and credential theft. In... detection fyiunusualmoduleloadswmi https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_powershell_module_creation/ PowerShell Module File Created | Detection.FYI Detects the creation of a new PowerShell module powershell modulefile createddetection fyi