Script-based attacks are commonly used to gain entry into systems and to move laterally to inflict damage. On the Investigate page, you can find information on script-based attacks and you can identify malicious code in obfuscated PowerShell scripts.

To reveal hidden threats, tools in the Carbon Black Cloud console can decode the contents of the obfuscated PowerShell scripts. You can review the decoded scripts in the right-side panel for a particular event. Syntax highlighting makes it easier to scan for string content, PowerShell commands, and function calls when you search for malicious content.