Search This Blog

Thursday, June 16, 2016

The Windows PowerShell Cheat Sheet is now available!

We are proud to announce the release of the "Windows PowerShell Logging Cheat Sheet".  This latest cheat sheet is focused at what options to set, where to set them and what to monitor to detect PowerShell activity and more so, malicious PowerShell activity.

This cheat sheet covers PowerShell versions 2 through 4 and the new PowerShell version 5, or Windows Management Framework as it is now called.  There are links to other great PowerShell resources, settings to configure, either through Group Policy or manually in the registry.  What to gather and harvest as far as Event ID's and what to look for as far as malicious activity.

The first goal of yours, of course after downloading the cheat sheet will be to get some test systems configured and validate everything is collecting as you expect.  Then push out the settings to all your target systems you want to monitor, which should be all of them.

Also included is the use of Sysmon to catch PowerShell being called by another binary other than powershell.exe or powershell_ise.exe to catch misuse of the PowerShell Dll's.

Take a read, do some testing and of course, send us your thoughts.