all InfoSec news
Possible LoLbin
Feb. 27, 2023, 1:44 p.m. | /u/The-Other-Rick
cybersecurity www.reddit.com
I keep getting alerts from my company's SIEM for executing a powershell script, namely UtilityFunctions.ps1 and ProgramCompatibilityWizard.ps1. Ofcourse these scripts are legitimate but the location of their execution seems suspicious to me,
C:\\\\Users\\\\name-of-user\\\\AppData\\\\Local\\\\Temp\\\\SDIAG\_12559c5e-61f7-4e7d-95c5-7f64d2d64403\\\\UtilityFunctions.ps1
Bit of googling and it is possible for these scripts to have been corrupted and used maliciously. Colleagues from the IT department do not have any knowledge about these scripts being used by any legitimate operation/app.
My question is what should I do next, how …
alerts app cybersecurity department hello knowledge local location lolbin name powershell powershell script question script scripts siem
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Incident Response Lead
@ Blue Yonder | Hyderabad
GRC Analyst
@ Chubb | Malaysia
Information Security Manager
@ Walbec Group | Waukesha, WI, United States
Senior Executive / Manager, Security Ops (TSSQ)
@ SMRT Corporation Ltd | Singapore, SG
Senior Engineer, Cybersecurity
@ Sonova Group | Valencia (CA), United States
Consultant (Multiple Positions Available)
@ Atos | Plano, TX, US, 75093