Defending against PowerShell Attacks
Offered By: YouTube
Course Description
Overview
Explore defensive strategies against PowerShell attacks in this 40-minute conference talk from Derbycon 7. Delve into topics such as VBA, Win32 API, post-exploitation frameworks, and the MITRE Framework. Learn why PowerShell is commonly used and examine the challenges of blocking it. Discover PowerShell's role as a management engine and its security features, including Just Enough Administration, local sandboxing, and security transparency. Investigate advanced security measures like configuration module pipeline logging, system transcripting, and script lock logging. Analyze techniques such as Invoke-Obfuscation and Invoke-Expression, and explore antimalware solutions, protected event logging, and useful PowerShell events. Gain insights into PowerShell scripts, abstract syntax trees, and Device Guard application whitelisting to enhance your organization's security posture against PowerShell-based threats.
Syllabus
Introduction
VBA
Win32 API
PowerShell
Palo Alto Labs
Post exploitation frameworks
Why people use PowerShell
MITRE Framework
Lets Block PowerShell
PowerShell doesnt solve the underlying security problem
PowerShell is a management engine
You block PowerShell
Lua scripting language
Three stages in security
PowerShell security
Just enough administration
DNS administration
Administration
Gaea
Local Sandboxing
Security Exposure
PowerShell Security Transparency
Configuration
Module Pipeline Logging
System Transcripting
Script Lock Logging
Invoke Obfuscation
Invoke Expression
Antimalware
Protected Event Logging
Useful PowerShell Events
PowerShell Scripts
Abstract Syntax Trees
Device Guard Application Whitelisting
Raid Number
Fake Face
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube