The Forensic Value of the (Other) WSH Registry Key
WSH (Windows Script Host) is an automation tool built into Windows, providing powerful scripting abilities. It was introduced in Windows 98, long predating .NET and PowerShell. Whilst being largely abandoned by system administrators, It is sometimes used by attackers to evade detection and obfuscate their infection chains. Typically, an attacker will drop a malicious script on disk - a .vbs, .js or a .wsf file, and then execute it using either the WScript or the CScript host....