Overview
Explore PowerShell's role in incident response through this BSides Cincinnati 2015 conference talk. Dive into the history of PowerShell, its latest version 5 features, and associated plugins. Examine potential dangers, policy bypasses, and attacks related to PowerShell. Learn about its applications in Linux systems, memory capture techniques, and the importance of PowerShell version management. Discover quick scripted search methods and live response capabilities for effective incident handling. Gain insights into whether these tools are appropriate for your security needs and understand the evolving landscape of PowerShell in cybersecurity.
Syllabus
Introduction
Agenda
What we wont cover
What we will cover
History of PowerShell
PowerShell V5
PowerShell Plugins
Dangers of PowerShell
Policy Bypass
Dis constrains
PowerShell attacks
Linux system
Memory was useless
Memory Capture
Should You Use These Tools
Powershell Version Table
Powershell Patches
Quick Scripted Search
Powershell Live Response