Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018 HD

youtube 13.09.2018

Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. In this presentation, learn how to locate and identify activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contain several layers of obfuscation that need to be decoded. I will walk through how to decode them, as well as some light malware analysis on any embedded shellcode. I will also demonstrate how to use an open source python script to automate the process once you have discovered the MO of the attacker in your case. Mari DeGrazia (@maridegrazia), Director of Incident Response, Kroll

Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018 HD

Похожие видео

Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018

Deleted Evidence: Fill in the Map to Luke Skywalker - SANS DFIR Summit 2016

Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018

Easily Export Users from Active Directory with Powershell | Windows Server 2012 R2

*** WORKING GREAT! *** Notoriety GUI Console [ Xray, Recoil, Bullet, Noclip and Many More! ]

10 PowerShell commands every Windows admin should know

* WORKING GREAT! * Notoriety GUI Console [ Xray, Recoil, Bullet, Noclip and Many More! ]