Memory Attack - Embedded Shellcode Within Powershell
Shell code is a set of assembly instructions that often is used within a malware to preform several tasks on the infected machine. While conducting an analysis of PowerShell operation event logs, I came across an event bearing the eventID “4104” (0x1008) in which an encoded PowerShell command of a dubious nature was executed.