Kindred Security does a great job of pulling apart the Legion PowerShell credential stealer on YouTube, but I thought I would do a little more work to break down the PowerShell commands used in all their gory detail.
If you haven’t watched Kindred Security’s video, go do it now. It should be linked above. I’ll wait.
Continue reading “Picking Apart the Legion PowerShell”