Using Alternate Data Streams to Bypass User Account Controls

There are some pretty cool PowerShell frameworks out there, which means it’s relatively common to see PowerShell doing nefarious things. So when the below alert fired, it was not immediately obvious that it was anything other than normal PowerShell encoding: Digging a little deeper, however, I found that the pattern of behavior was nearly identical […]