Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Investigating PowerShell Attacks

Black Hat via YouTube

Overview

Explore the increasing use of PowerShell by targeted attackers for command-and-control in compromised Windows environments in this 25-minute Black Hat conference talk. Delve into common attack patterns performed through PowerShell, including lateral movement, remote command execution, reconnaissance, file transfer, and establishing persistence. Learn how to collect and interpret forensic artifacts left behind by these attacks, both on individual hosts and across the enterprise. Gain insights from real-world incident examples and discover recommendations for limiting exposure to PowerShell-based attacks. Understand the implications of PowerShell 2.0 being installed on Windows 7 and Server 2008 R2, as well as the default enabling of remoting on Server 2012.

Syllabus

Investigating PowerShell Attacks

Taught by

Black Hat

Reviews

Start your review of Investigating PowerShell Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.