Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex/
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module | Detection.FYI
Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the code block cited in the reference...
powershell module detectioninvoke obfuscationobfuscatediexinvocation
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell module detectionuserundll32fyi
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_remotefxvgpudisablement_abuse/
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module | Detection.FYI
Detects PowerShell module creation where the module Contents are set to
powershell module detectionpotentialexeabusefyi
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_syncappvpublishingserver_exe/
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module | Detection.FYI
Detects SyncAppvPublishingServer process execution which usually utilized by adversaries to bypass PowerShell execution restrictions.
module detection fyibypasspowershellrestrictionps
https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_powershell_module_creation/
PowerShell Module File Created | Detection.FYI
Detects the creation of a new PowerShell module
powershell modulefile createddetection fyi