PowerShell is a favorite tool of a range of threat actors. State actors, criminal gangs, and individual hackers have all incorporated PowerShell in highly effective “fileless” attacks, resulting in damaging compromises. While PowerShell usage can be detected in real time, distinguishing legitimate from malicious use can be challenging. In this presentation participants will learn:

  • How PowerShell is typically used in file less attacks
  • How malicious use can be distinguished from legitimate use
  • Useful techniques to investigate PowerShell in both real time (live streamed) and post-event (forensics) datasets

Speaker: Hoke Smith

Date: August 13, 2019

Time: 2:00pm EST

Duration: 45 mins + Q&A