PowerShell Classification - Life, Learning, and Self-Discovery

Explore the world of PowerShell classification and its implications for cybersecurity in this BSidesLV conference talk. Delve into the importance of PowerShell, its flexibility, and its role in exploit frameworks. Learn about querying and analyzing PowerShell logs, evasion tactics, and the application of machine learning techniques for detection. Discover insights on high-level features, cosine similarity, and algorithm evaluation. Gain valuable lessons on overcoming challenges such as overfitting, data normalization, and performance measurement. Understand the significance of real-time pipelines and data merging in enhancing detection efficacy. Engage with a comprehensive overview of PowerShell classification that bridges technical knowledge with personal growth and self-discovery.

Introduction
Who am I
Audience
Agenda
What is PowerShell
Why is PowerShell important
Exploit frameworks
PowerShell is extremely flexible
PowerShell is important to miner
Querying PowerShell logs
PowerShell logs
References
Analyzing PowerShell Data
Evasion Tactics
Special Characters
Cosine Similarity
HighLevel Features
Machine Learning
Documentation
Raw Events
Transformation
Sample Event
Algorithm Evaluation
Results
Accuracy
Precision
Random Force
Lessons Learned
Overfitting
Normalized Data
Get More Data
Measure Your Performance
Code Names Stick Around
Detection Efficacy
RealTime Pipeline
Merging work
Data set
Questions