PowerShell Detection and Security - Understanding Adversarial Abuse and Defense Strategies
Red Canary via YouTube
Overview
Syllabus
Intro
The agenda
Harnessing Power(Shell)
Threats abusing PowerShell in 2022
Malicious PowerShell in the wild
Evolving tradecraft
Automatic scriptblock logging
Scriptblock logging tells a story
AMSI: Real-time Protection
AMSI Provider Authenticode
Unusual Formatting
Combinations of Terms & Behaviors
Detection challenges
Constrained Language mode
AMSI testing - AMSI Provider
Taught by
Red Canary