PowerShell has become a favored tool for both adversaries and defenders due to its native support in most Microsoft Windows environments. Join us for our inaugural webinar as we discuss how PowerShell can be effectively utilized to both attack and defend your network environment.
Title: Catch Me If You Can – Red vs. Blue
Authors: Will Schroeder and Jared Atkinson
Date and Time: Thursday, August 10th at 1:00PM ET (10:00AM PT)
Description: Attackers’ love for PowerShell is now no longer a secret, with 2016 producing an explosion in offensive PowerShell toolsets. PowerShell is gaining respect in offensive circles as “Microsoft’s Post-Exploitation Language” and being integrated into many offensive toolkits. Unfortunately, the offensive community often fails to research or share relevant mitigations with their defensive counterparts. This leaves many defenders without the information they need to protect themselves and their networks from these attacks. In a quest to combat the perceived threat, many defenders attempt to disable PowerShell rather than realizing its defensive potential.
In this webinar, Will Schroeder (@harmj0y) and Jared Atkinson (@jaredcatkinson) will cover offensive and defensive PowerShell tools and techniques, including PowerPick, subversive PowerShell profiles, PowerForensics, and Get-InjectedThread. They will also cover mitigations and detections for popular offensive tools and techniques, demonstrating how to best handle the new offensive reality of widespread offensive PowerShell usage.