Command and Control Playbook Demo (PowerShell.exe) | AI-Powered SOAR
In this video, I demonstrate the Command and Control stage of my Final Year Project, where an attacker abuses PowerShell.exe to connect to a remote server and execute malicious commands.
The system detects this activity using LimaCharlie EDR, which monitors suspicious process execution and command-line activity involving trusted system tools. The event is then analysed using an AI-based model (GPT-powered decision engine) to determine whether the behaviour is malicious or benign.
Once confirmed as a threat, the playbook automatically executes a response by isolating the endpoint, cutting off attacker communication, and sends an alert via Slack to notify the SOC team.
⚡Key Highlights:
Detection of malicious PowerShell-based C2 activity
AI-based analysis and risk scoring
Automated endpoint isolation
Detection of LOLBin abuse for remote communication
Reduced MTTR with no manual intervention
🎯 This playbook is part of my project:
“Evaluating the Effectiveness of AI-Powered SOAR Workflows in Reducing Incident Response Time and Analyst Workload.”
💡 The goal is to detect trusted tool abuse, stop attacker communication quickly, and improve SOC efficiency through intelligent automation.
---
#CyberSecurity #SOAR #SOC #EDR #Automation #AI #CommandAndControl #PowerShell #ThreatDetection #BlueTeam #Limacharlie #tines #openai
@TinesHQ
@OpenAI
For more information contact: [email protected]