Malware Analysis Exercise – Living Off the Land with Powershell

It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This lab is intended to show how you can often times perform quick analysis to extract important IOCs. While there may be several ways to answer these questions the focus on this exercise is on static techniques for analysis.

You can find the exercise, artifacts and full walk-through on my Github at

Looking for more of a challenge? Try this on CyberDefenders as part of their CTF!