Powershell-Fu - Hunting on the Endpoint
Offered By: BSidesLV via YouTube
Course Description
Overview
Explore advanced endpoint hunting techniques using PowerShell in this 28-minute conference talk from BSidesLV 2016. Delve into the world of threat hunting as Chris Gerritz breaks down the differences between hunting and DFIR, introduces essential tools for hunters, and presents two distinct hunting methodologies. Learn about PSHunt components and modules, including scanners, survey deployment, and execution methods. Discover techniques for testing access, analyzing persistence mechanisms, and detecting memory-resident malware. Gain insights into survey analysis modules, process memory injection, and the initialization of reputation data. Master the art of PowerShell-based threat hunting to enhance your cybersecurity skills and protect endpoints effectively.
Syllabus
Intro
Speaker Background
What is Hunt?
Hunt vs DFIR (tdr it's sort of the same, but not)
The Hunter's Tool Bag (Examples)
A Tale of Two Hunting Methodologies
PSHunt Components/Modules
Scanners
Survey Deployment
Execution Methods
Discovery / Testing Access
Persistence Mechanisms (Autostarts)
Memory-resident Malware Analysis
Survey Analysis Modules Initialize-ReputationData
Active Processes/Modules/Drivers
Digital Signatures?
Process Memory Injection
PSHunt-Powershell Threat Hunting
Taught by
BSidesLV
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy