Sysmon, event forwarding, powershell and a dodgy .js file

Gary / January 17, 2018

This is a superb thread!;

"Holy crap, I just traced an infection with Sysmon and the killchain was it trying to launch a .js file with PowerShell, but we remapped .JS to notepad.exe"

Holy crap, I just traced an infection with Sysmon and the killchain was it trying to launch a .js file with PowerShell, but we remapped .JS to notepad.exe
— SwiftOnSecurity (@SwiftOnSecurity) January 17, 2018

About Gary

UK Website Twitter