NotebookLM can now write code, build spreadsheets, and find sources for you

Google has upgraded NotebookLM with Gemini 3.5, a cloud-based code execution environment, and expanded file output support.
GitHub

powershell_fileless_process_injection_via_getprocaddress.yml

description: The following analytic detects the use of `GetProcAddress` in PowerShell script blocks, leveraging PowerShell Script Block Logging (EventCode=4104). This method captures the full command ...
GitHub

malicious_powershell_process_with_obfuscation_techniques.yml

description: The following analytic detects PowerShell processes launched with command-line arguments indicative of obfuscation techniques. It leverages data from Endpoint Detection and Response (EDR) ...