Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Powershell Is Dead - Epic Learnings

Security BSides London via YouTube

Overview

Explore the evolving landscape of PowerShell and its role in cybersecurity through this in-depth conference talk from Security BSides London. Delve into the complexities of modern attack surfaces, Windows endpoint technologies, and the challenges faced by both offensive and defensive teams. Gain insights into advanced techniques involving System.Management.Automation.dll, .NET manipulations, and process injection methods. Examine the evolution of tools like PoshC2 and its C# implant, while learning about common operational security pitfalls and detection strategies. Discover the future of memory-resident malware and the changing dynamics of red teaming over the next 12-18 months. Through demonstrations and expert analysis, uncover the nuances of PowerShell's alleged demise and its continued relevance in specific environments.

Syllabus

Team Spicy Weasel
What is PowerShell & is it DEAD?
Evolution of Poshc2 2016 - 2019
Generic PowerShell Implant
Carbon Black / Tanium/ EDR
Defensive / Legacy Approach Reactive
Example Vendors
Attacker Thoughts
Avoidance - Carbon Black
Trickery
Parent PID Spoofing / Carbon Black
Detecting Parent Spoofing
EDR Hooking
Bringing Back The Good Times
Demo - Before
Demo - After
Migrating with COM into IE
The key to this? Junction folders
How can we use that
Shell windows
Getting the reg keys
EDR Summary
Future Predictions

Taught by

Security BSides London

Reviews

Start your review of Powershell Is Dead - Epic Learnings

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.