Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

PSAmsi - An Offensive PowerShell Module for Interacting with the Anti Malware Scan Interface

via YouTube

Overview

Explore an offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows through this 42-minute Derbycon 7 conference talk. Delve into the continued relevance of offensive PowerShell, the workings of PSAmsi, and techniques for signature detection and obfuscation. Learn about automating the obfuscation process, client-server architecture for evasion, and evolving strategies. Gain insights into the PSAmsi scanner class, finding MSI signatures, and implementing obfuscation examples. Discover how to leverage Group Policy and understand the implications for offensive security operations.

Syllabus

Introduction
Who am I
My goals
Offensive PowerShell Dead Yet
Offensive PowerShell is not dead yet
Most organizations havent moved to Windows 10
PowerShell is open source
Macgraver
How it works
Why PSAmsi
Demo
PSAmsi scanner class
Find MSI signatures
Example script
Finding signatures
Obfuscation
Obfuscation example
Revo confiscation
How do we automate this process
Get minimally obfuscated
Clientserver architecture
Server side functionality
Invoke obfuscate
Limit alerts
Scan find signatures
Obfuscated signatures
Evolving
More languages
Group Policy
Closing remarks
PSAMC
Credits

Reviews

Start your review of PSAmsi - An Offensive PowerShell Module for Interacting with the Anti Malware Scan Interface

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.