Threat Research

PowerShell MSI Install via WindowsInstaller COM From Remote Location refers to the use of PowerShell to install MSI files through the WindowsInstaller.Installer COM object, especially when the files are hosted remotely....

The report titled "Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE" discusses the security risks associated with downloading files from file-sharing domains using PowerShell. It highlights how attackers can exploit PowerShell to execute malicious scripts, often bypassing traditional security measures....

The document "Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities" addresses security measures for defending against Remote Code Execution (RCE) vulnerabilities in WhatsUp Gold, a network monitoring tool. It outlines the risks associated with these vulnerabilities, which could allow attackers to execute malicious code remotely and potentially compromise systems....

"Process Terminated Via Taskkill" refers to the action of ending a running process or application on a computer using the Taskkill command. This command, typically executed through the Command Prompt or a script, forcefully stops a specified process by its process ID (PID) or name....

"Suspicious AgentExecutor PowerShell Execution" involves the detection of potentially malicious or unauthorized PowerShell commands executed via the AgentExecutor tool. This activity may indicate an attempt to carry out unauthorized operations, such as data exfiltration or system compromise....

"AgentExecutor PowerShell Execution" refers to a technique or tool used to execute PowerShell scripts or commands within an environment. This method is often employed in security contexts for both legitimate administrative tasks and malicious activities....