PowerShell Exploitation - PowerSploit - Bloodhound - PowerShellMafia - Obfuscation

PowerShell Exploitation - PowerSploit - Bloodhound - PowerShellMafia - Obfuscation

via YouTube Direct link

PowerShell Logs show it too

12 of 32

12 of 32

PowerShell Logs show it too

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

PowerShell Exploitation - PowerSploit - Bloodhound - PowerShellMafia - Obfuscation

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 PowerShell Exploitation
  3. 3 What is set? What version?
  4. 4 Audit with LOG-MD
  5. 5 PS Event IDs - Windows PowerShell
  6. 6 PS Event IDs - PowerShell/Operational
  7. 7 What is Malware Using?
  8. 8 Exploit Kits
  9. 9 Typical Malware launching PowerShell
  10. 10 Did that look normal?
  11. 11 They do this to hide what you see
  12. 12 PowerShell Logs show it too
  13. 13 Base64 Encoded
  14. 14 Manual Translation
  15. 15 PS Base 64 blob
  16. 16 4104 Decodes Base64 blobs
  17. 17 Obfuscation - Odd stuff - 4688
  18. 18 Script Blocks are labeled
  19. 19 This is a normal Script Block
  20. 20 WARNING !!!!
  21. 21 4100 - Executing Pipeline
  22. 22 PS v2 - 500 Events
  23. 23 Filtering out the good, to find the bad
  24. 24 Code your PowerShell for exclusion
  25. 25 Create Email Alerts
  26. 26 PowerShell Log Goodness
  27. 27 Security Log
  28. 28 PowerShell v5
  29. 29 How do I hunt for PS?
  30. 30 Summary
  31. 31 Resources
  32. 32 Questions?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.