Unmanaged PowerShell Binaries and Endpoint Protection
Optiv recently completed our 2017 endpoint security solution evaluation. The primary focus of the evaluation was to test the solutions’ efficacy across the cyber kill chain. Surprisingly, we discovered a high failure rate in detecting two custom binaries that were created for the evaluation as malicious and the commands executed through them. Both of these binaries incorporated the concept of unmanaged PowerShell.