How to Detect an Undetectable PowerShell Command Control Channel

Safe breach published blog post with details regarding what they call an undetectable PowerShell a backdoor. The payload itself is encrypted uses as for its encryption the keys should be retrievable from the packet data if I saw this correctly one thing that sort of helped them actually figure out how many people were infected by this was that the victim ID that you're being assigned appears to be sequential.