Tag

Invoke-Expression

1 brief RSS

PowerShell Execution via Environment Variables

Adversaries use PowerShell to execute malicious code stored in environment variables, leveraging Invoke-Expression or its aliases to bypass static analysis and execute payloads dynamically, as seen in malware loaders and stagers like the VIP Keylogger.

Splunk Enterprise +2 powershell environment-variable invoke-expression execution

2r 1t Jan 3, 2024