Powershell Is Dead - Epic Learnings

Powershell Is Dead - Epic Learnings

Security BSides London via YouTube Direct link

Attacker Thoughts

8 of 23

8 of 23

Attacker Thoughts

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Powershell Is Dead - Epic Learnings

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Team Spicy Weasel
  2. 2 What is PowerShell & is it DEAD?
  3. 3 Evolution of Poshc2 2016 - 2019
  4. 4 Generic PowerShell Implant
  5. 5 Carbon Black / Tanium/ EDR
  6. 6 Defensive / Legacy Approach Reactive
  7. 7 Example Vendors
  8. 8 Attacker Thoughts
  9. 9 Avoidance - Carbon Black
  10. 10 Trickery
  11. 11 Parent PID Spoofing / Carbon Black
  12. 12 Detecting Parent Spoofing
  13. 13 EDR Hooking
  14. 14 Bringing Back The Good Times
  15. 15 Demo - Before
  16. 16 Demo - After
  17. 17 Migrating with COM into IE
  18. 18 The key to this? Junction folders
  19. 19 How can we use that
  20. 20 Shell windows
  21. 21 Getting the reg keys
  22. 22 EDR Summary
  23. 23 Future Predictions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.