Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals