Investigating Suspicious PowerShell Activity with Splunk (opens in new tab)

Simulating attacker techniques, analyzing endpoint telemetry, and building a detection rule in a SOC homelab.