PowerShell is fast becoming the defacto tool for adversaries in nearly every phase of an attack. The ability to live off the land as an attacker helps to reduce the chance of being detected. Because of the commonality and legitimate use of PowerShell, the proficiency to identify unwanted actions becomes increasingly challenging.
In this session you’ll learn:
- How to quickly formulate a hypothesis to hunt for misbehaving PowerShells
- Techniques to hunt for network indicators of misbehaving PowerShells
- Pivoting from the network indicators to identify offending processes on the host
When: Thursday, December 7th @ 2 PM ET | 11 AM PT
You can register here.