Since the advancement of security features released in PowerShell version 5, Red Team folks are forced to not use PowerShell to have successful and undetectable engagements. Some of them even push the boundary and created their own Not-PowerShell tools and released it to the public. As a Blue Teamer, this means we need to reinforce our perimeter against these tools. This talk will uncovers some of the popular Not-PowerShell tools followed by how the blue teams can still spot these tools and build detection on it. This talk will look into several not-powershell tools and craft several detection tactics based on their mechanism. We will utilize common logging tools, Sysmon and Windows Logs (Integrated to SIEM). We will start with Introduction and will quickly go through the common mechanism used by the not-powershell tools Tools we are going to look at are: - InvisiShell - NoPowerShell - PowerShdll - PowerLessShell - And some other tools with similar mechanism After getting familiar with the mechanisms, we will put our blue hat back and see what artifacts left by these tools and build reliable detection for each mechanisms leaving small room for false positives. At the end of the day, the blue team will be awarded with some queries (also known as rules or use cases) that they can use and deploy at their own SIEM solution.