Defending against PowerShell Attacks

Presented at DerbyCon 7.0 Legacy (2017), Sept. 22, 2017, 2 p.m. (50 minutes)

"The security industry is ablaze with news about how PowerShell is being used by both commodity malware and attackers alike. Surely there’s got to be a way to defend yourself against these attacks! In this presentation, we’ll dive deep into exactly how: from JEA-based operational controls, to the crazy advanced logging, auditing, and post-processing capabilities possible with PowerShell. Come learn why the smart red teams are beginning to abandon PowerShell as an attack platform." Lee Holmes is the lead security architect of Microsoft's Azure Management group, covering Azure Stack, System Center, and Operations Management Suite. He is author of the Windows PowerShell Cookbook, and an original member of the PowerShell development team. @Lee_Holmes

Presenters:

• Lee Holmes

Links:

• https://www.derbycon.com/friday-schedule/#event-35
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/Defending against PowerShell Attacks Lee Holmes.mp4

Similar Presentations:

• PancakesCon 1 (2020) Virtual / PowerShell and Pickling
• BSidesDC 2016 / PowerShell Security: Defending the Enterprise from the Latest Attack Platform
• DeepSec 2015 „DeepSec No. 9“ / PowerShell for Penetration Testers