Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity

Windows PowerShell has quickly become ubiquitous in enterprise networks. Threat actors are increasingly utilizing attack frameworks such as PowerShell Empire because of its robust APT-like capabilities, stealth, and flexibility. This research identifies specific artifacts, behaviors, and indicators...
By
Michael C. Long II
February 23, 2018

All papers are copyrighted. No re-posting of papers is permitted

470x382_Generic_Whitepaper.jpg