0
H
50
M
Time
intermediate
difficulty
1
ceu/cpe
Course Content
Course Description
How do you triage and analyze a suspicious PowerShell command?
In this challenge, you will operate in a defensive capacity to investigate this exact scenario: > - What is the encoding for the base64 character format? > - What are the three subdomains referenced? > - What is the first “attack string” file that would aid an attacker? > - What does the referenced “attack string” in c.ps1 do? > - What is the $t variable set to? > - What is the referenced attacker domain?