YoVDO

Powershell Is Dead - Epic Learnings

Offered By: Security BSides London via YouTube

Tags

Security BSides Courses Cybersecurity Courses PowerShell Courses Process Injection Courses

Course Description

Overview

Explore the evolving landscape of PowerShell and its role in cybersecurity through this in-depth conference talk from Security BSides London. Delve into the complexities of modern attack surfaces, Windows endpoint technologies, and the challenges faced by both offensive and defensive teams. Gain insights into advanced techniques involving System.Management.Automation.dll, .NET manipulations, and process injection methods. Examine the evolution of tools like PoshC2 and its C# implant, while learning about common operational security pitfalls and detection strategies. Discover the future of memory-resident malware and the changing dynamics of red teaming over the next 12-18 months. Through demonstrations and expert analysis, uncover the nuances of PowerShell's alleged demise and its continued relevance in specific environments.

Syllabus

Team Spicy Weasel
What is PowerShell & is it DEAD?
Evolution of Poshc2 2016 - 2019
Generic PowerShell Implant
Carbon Black / Tanium/ EDR
Defensive / Legacy Approach Reactive
Example Vendors
Attacker Thoughts
Avoidance - Carbon Black
Trickery
Parent PID Spoofing / Carbon Black
Detecting Parent Spoofing
EDR Hooking
Bringing Back The Good Times
Demo - Before
Demo - After
Migrating with COM into IE
The key to this? Junction folders
How can we use that
Shell windows
Getting the reg keys
EDR Summary
Future Predictions


Taught by

Security BSides London

Related Courses

Early Detection through Deception
YouTube
Hack for Show, Report for Dough - Brian King
YouTube
Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube
Windows Event Logs - Zero to Hero
YouTube
Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube