As I’ve continued to analyze the round 2 results from the MITRE ATT&CK evaluation, I’ve had the opportunity to speak to more and more vendors that have indicated that one of the areas they struggled with was detecting the specific methods of PowerShell invocation used in the evaluation. Spoiler: It’s bad. Consider the evolution of […]
↧