Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

PowerShell Detection and Security - Understanding Adversarial Abuse and Defense Strategies

Red Canary via YouTube

Overview

Join a comprehensive webinar exploring PowerShell, one of the most prevalent MITRE ATT&CK® techniques, to master the detection and prevention of malicious activities within Windows systems. Discover how adversaries exploit this widely-installed Windows configuration management framework while learning to observe and detect suspicious commands and behaviors. Gain expert insights from VMware Carbon Black, MITRE ATT&CK®, and Red Canary professionals on adversarial PowerShell abuse methods, essential telemetry collection tools, detection and mitigation strategies, and security control testing using Atomic Red Team. Explore critical topics including scriptblock logging, AMSI real-time protection, unusual formatting detection, and constrained language mode implementation. Learn to identify malicious PowerShell activities within routine system operations, develop effective detection analytics, and test visibility capabilities to enhance your organization's security posture against sophisticated cyber threats.

Syllabus

Intro
The agenda
Harnessing Power(Shell)
Threats abusing PowerShell in 2022
Malicious PowerShell in the wild
Evolving tradecraft
Automatic scriptblock logging
Scriptblock logging tells a story
AMSI: Real-time Protection
AMSI Provider Authenticode
Unusual Formatting
Combinations of Terms & Behaviors
Detection challenges
Constrained Language mode
AMSI testing - AMSI Provider

Taught by

Red Canary

Reviews

Start your review of PowerShell Detection and Security - Understanding Adversarial Abuse and Defense Strategies

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.