Sysmon, event forwarding, powershell and a dodgy .js file
This is a superb thread!;
"Holy crap, I just traced an infection with Sysmon and the killchain was it trying to launch a .js file with PowerShell, but we remapped .JS to notepad.exe"
This is a superb thread!;
"Holy crap, I just traced an infection with Sysmon and the killchain was it trying to launch a .js file with PowerShell, but we remapped .JS to notepad.exe"