Mailsniper Invoke Functions

Mailsniper Invoke Functions


This search is to detect known mailsniper.ps1 functions executed in a machine. This technique was seen in some attacker to harvest some sensitive e-mail in a compromised exchange server.


Mailsniper Invoke Functions Help

To successfully implement this search, you need to be ingesting logs with the powershell logs from your endpoints. make sure you enable needed registry to monitor this event.


Open in Search