Sponsor of the Day:
Jerkmate
https://blog.itefix.net/directory-cleanup-via-powertshell/
Directory cleanup via Powershell | Itefix Blog
via powershellitefix blogdirectorycleanup
https://octopus.com/docs/infrastructure/deployment-targets/tentacle/windows/azure-virtual-machines/via-powershell
Installing The Tentacle VM Extension Via PowerShell | Documentation and Support
How to install the Tentacle VM Extension using the PowerShell
tentacle vm extensionvia powershellinstallingdocumentationsupport
https://detection.fyi/mbabinski/sigma-rules/2024_cicada3301_ransomware/proc_creation_win_hyperv_stopvm/
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets | Detection.FYI
Detects powershell process used to find and shut down local Hyper-V VMs using the Stop-VM cmdlet, as documented in the 2024 Morphisec report on Cicada3301 …
hyper v virtualvia powershelldetection fyimachinediscovery
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_computer_discovery_get_adcomputer/
Computer Discovery And Export Via Get-ADComputer Cmdlet - PowerShell | Detection.FYI
Detects usage of the Get-ADComputer cmdlet to collect computer information and output it to a file
powershell detection fyicomputerdiscoveryexportvia
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell module detectionuserundll32fyi
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_via_use_rundll32/
Invoke-Obfuscation Via Use Rundll32 - PowerShell | Detection.FYI
Detects Obfuscated Powershell via use Rundll32 in Scripts
invoke obfuscation viapowershell detection fyiuserundll32