Defending against PowerShell Attacks
Offered By: YouTube
Course Description
Overview
Explore defensive strategies against PowerShell attacks in this 40-minute conference talk from Derbycon 7. Delve into topics such as VBA, Win32 API, post-exploitation frameworks, and the MITRE Framework. Learn why PowerShell is commonly used and examine the challenges of blocking it. Discover PowerShell's role as a management engine and its security features, including Just Enough Administration, local sandboxing, and security transparency. Investigate advanced security measures like configuration module pipeline logging, system transcripting, and script lock logging. Analyze techniques such as Invoke-Obfuscation and Invoke-Expression, and explore antimalware solutions, protected event logging, and useful PowerShell events. Gain insights into PowerShell scripts, abstract syntax trees, and Device Guard application whitelisting to enhance your organization's security posture against PowerShell-based threats.
Syllabus
Introduction
VBA
Win32 API
PowerShell
Palo Alto Labs
Post exploitation frameworks
Why people use PowerShell
MITRE Framework
Lets Block PowerShell
PowerShell doesnt solve the underlying security problem
PowerShell is a management engine
You block PowerShell
Lua scripting language
Three stages in security
PowerShell security
Just enough administration
DNS administration
Administration
Gaea
Local Sandboxing
Security Exposure
PowerShell Security Transparency
Configuration
Module Pipeline Logging
System Transcripting
Script Lock Logging
Invoke Obfuscation
Invoke Expression
Antimalware
Protected Event Logging
Useful PowerShell Events
PowerShell Scripts
Abstract Syntax Trees
Device Guard Application Whitelisting
Raid Number
Fake Face
Related Courses
Building Your Own Programming LanguageFrontend Masters Abstract Syntax Trees
egghead.io React Applications Structure Analysis Using AST - React.js Conf 2015
Meta via YouTube Compilers - Jared Shumway
White Hat Cal Poly via YouTube Pattern Matching at Scale Using Finite State Machine
Strange Loop Conference via YouTube