The Detection Series: PowerShell

Featuring

  • Red Canary

About This Webinar

Installed on nearly every Windows operating system in the world, PowerShell is a versatile tool for automation and remote system management that’s beloved by administrators and adversaries alike. It allows adversaries to execute commands, obfuscate malicious activity, download arbitrary binaries, gather information, change system configurations, and much more—all while blending in with routine operating system activity.

Attendees will leave with a better understanding of what PowerShell is and how adversaries leverage it. More importantly, practitioners will know where to find malicious activity, how to develop detection analytics for it, and how to test their detection and visibility capabilities.

  1. David Davis

    Host David Davis Author, Speaker, and vExpert ActualTech Media

  2. Matt Graeber

    Featuring Matt Graeber Director, Threat Research Red Canary

  3. Sarah Lewis

    Featuring Sarah Lewis Senior Detection Engineer Red Canary

  4. Jamie Williams

    Featuring Jamie Williams Principal Adversary Emulation Engineer MITRE ATT&CK

  5. Casey Parman

    Featuring Casey Parman Manager & Lead, Threat Analysis Unit VMware

What You'll Learn

  1. Common ways that adversaries abuse PowerShell
  2. Tools and log sources that collect relevant telemetry
  3. How to detect, mitigate, and respond to malicious PowerShell activity
  4. Strategies for testing your security controls by executing suspicious PowerShell commands with Atomic Red Team