scripts and configs from .conf2016 talk on [Hunting the Known Unknowns: The PowerShell Edition] (http://conf.splunk.com/files/2016/slides/hunting-the-known-unknowns-the-powershell-edition.pdf)
Russel VanTuyl - https://www.swordshield.com/wp-content/uploads/2016/05/PowerShell-for-Cyber-Warriors-Bsides-Knoxville-2016v2.pptx
Michael Gough - http://hackerhurricane.blogspot.com/
Ryan Chapman and Lisa Tawfall - http://conf.splunk.com/files/2016/slides/powershell-power-hell-hunting-for-malicious-use-of-powershell-with-splunk.pdf