Quick Note on PoshC2 In-Memory IOCs
Reading Time: 5 minutes I’ve been looking at the public version of PoshC2 and how easy it can be to detect, yet it is still exceptionally successful at bypassing a significant number of so-called EDRs and AVs – even more so if the execution method is fairly good – GadgettoJS is still undetected by a lot of AV solutions. I should probably highlight I am absolutely not a malware analyst, but if I can find these obvious IOCs in two or so hours, hopefully…