https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

Advertisements