Overview
Explore PowerShell obfuscation detection and evasion techniques in this 48-minute conference talk from Derbycon 7 (2017). Delve into topics such as PowerShell logs, authentication options, and assumptions about obfuscation. Learn about new object creation, invoke expressions, and the Invoke-Crate Crafter tool. Discover the process of building a corpus and the findings from this research. Gain insights into PowerShell security through a live demonstration, enhancing your understanding of both offensive and defensive cybersecurity strategies.
Syllabus
Introduction
Daniel Bohannon
PowerShell logs
Authentication options
Assumptions
New Object
Invoke Expression
InvokeCrate Crafter
Lip Service
Build A Corpus
What We Found
PowerShell
Demo