{"id":30019,"date":"2023-05-22T07:19:06","date_gmt":"2023-05-22T05:19:06","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=30019"},"modified":"2023-05-22T07:19:06","modified_gmt":"2023-05-22T05:19:06","slug":"threat-hunting-with-powershell-security-even-with-a-small-budget","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/05\/22\/threat-hunting-with-powershell-security-even-with-a-small-budget\/","title":{"rendered":"Threat Hunting with PowerShell &#8211; Security even with a small budget"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/05\/22\/threat-hunting-mit-powershell-sicherheit-auch-mit-kleinem-budget\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]IT security should not be a question of money &#8211; these are often pretextual excuses. MVP Tom Wechsler has put some thought into the topic and shows how you can even use PowerShell and a few lines of code to research IT security problems. In a post on Microsoft's Techcommunity, he gives an overview of how to analyze IT threats using PowerShell.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg09.met.vgwort.de\/na\/4228b585c83541c48204b3e5f7cb300a\" alt=\"\" width=\"1\" height=\"1\" \/>I just stumbled across the related post by MVP Tom Wechsler on <a href=\"https:\/\/twitter.com\/tomvideo2brain\/status\/1659926673393852420\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>. He writes that lack of IT security is often excused by the fact that there is little or no money available. He thinks that's a cheap excuse.<\/p>\n<p><a href=\"https:\/\/twitter.com\/tomvideo2brain\/status\/1659926673393852420\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Threat Hunting with PowerShell\" src=\"https:\/\/i.postimg.cc\/TYGzzC2T\/image.png\" alt=\"Threat Hunting with PowerShell\" \/><\/a><\/p>\n<p>Therefore, he tries, by means of the PowerShell in Windows various scripts to investigate various issues. This is to find or detect threats. He sees PowerShell as a useful tool for finding threats in Windows environments. It is a powerful scripting language and platform for automating tools and accessing data in any Windows environment, he said.<\/p>\n<p>Using PowerShell, administrators can quickly gather information from various sources such as event logs, registries, files and processes. In addition, PowerShell integrates easily with other tools and technologies, making it a flexible and efficient tool for threat hunting.<\/p>\n<p>Use cases for PowerShell scripts in threat hunting include automated log data collection, identifying unusual behavioral anomalies in the system, detecting malware or malicious activity based on known signatures or patterns or behaviors. These are just a few examples of how PowerShell can be used in threat hunting.<\/p>\n<p>Wechsler describes the details in the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-powershell\/threat-hunting-with-powershell-security-even-with-a-small-budget\/m-p\/3826224\" target=\"_blank\" rel=\"noopener\">Threat Hunting with PowerShell &#8211; Security even with a small budget &#8211; there is no excuse!<\/a> The scripts are harmless, but if you use them, you should already understand what they do. Because the search patterns in the scripts have to be adapted. Wechsler also recommends obtaining written permission to perform the relevant investigations. Perhaps the article and the scripts will be of interest to some of the readers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]IT security should not be a question of money &#8211; these are often pretextual excuses. MVP Tom Wechsler has put some thought into the topic and shows how you can even use PowerShell and a few lines of code to &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/05\/22\/threat-hunting-with-powershell-security-even-with-a-small-budget\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,194],"class_list":["post-30019","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=30019"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30019\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=30019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=30019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=30019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}