PowerShell is a favorite tool of a range of threat actors. State actors, criminal gangs, and individual hackers have all incorporated PowerShell in highly effective “fileless” attacks, resulting in damaging compromises. While PowerShell usage can be detected in real time, distinguishing legitimate from malicious use can be challenging. In this presentation participants will learn:

  • How PowerShell is typically used in file less attacks
  • How malicious use can be distinguished from legitimate use
  • Useful techniques to investigate PowerShell in both real time (live streamed) and post-event (forensics) datasets






Event paragraph
Webinar Date
Tue, August 13, 2019 | 10:00 AM EDT
Webinar Speaker
Hoke Smith