CYBER 101

  • Alerts
  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Join our newsletter

FOLLOW US

  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Events
  • Jobs
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Events
  • Jobs
Get Help
CyberMaterial

Hunting For PowerShell Abuse

BY Teymur Kheirkhabarov

1 min read
in Document, Paper

PowerShell is the favorite tool of IT guys, who are responsible for administration of Windows infrastructures. It allows them to manage different services of the operating system and automate almost anything. But along with administrators, PowerShell also is liked by attackers and malware authors. The reason PowerShell is so attractive for adversaries is quite obvious: it has been included in essentially every Windows operating system by default for a decade, provides access to Windows API, and is rarely constrained, thus allowing adversaries to perform different tasks without risking being blocked. Attackers can use PowerShell to direct the execution of a local script, retrieve and execute remote resources using various network protocols, encode payloads passed via the command line, or load PowerShell into other processes.

Because of so prevalence of PowerShell among adversaries for Threat Hunters it is very important to be able to detect malicious uses of PowerShell and defend against it. In the presentation author is going to demonstrate an approaches for detection of PowerShell abuses based on different event sources like native Windows logging capabilities as well as usage of additional tools, like Sysmon or EDR solutions. How to collect traces of using PowerShell, how to filter out false positives, and how to find evidence of malicious uses among the remaining after filtering volume of events — all these questions will be answered in the talk for present and future threat hunters.

DOWNLOAD DOCUMENT

Related

Tags: CybersecurityLinuxmalware-documents
1
VIEWS
ADVERTISEMENT

Related Posts

Cybersecurity: Incident Response Short Student Guide

Cybersecurity: Incident Response Short Student Guide

August 11, 2022
Cyber Security Incident Response Plan

Cyber Security Incident Response Plan

August 11, 2022
Sample Incident Handling Checklist

Sample Incident Handling Checklist

August 11, 2022
Incident Response Cheat Sheet

Incident Response Cheat Sheet

August 11, 2022

More Articles

Mutual Authentication

April 1, 2021

Enterprise OAuth 2.0 and OpenID Connect for Developers

April 14, 2021

The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks

March 26, 2021
Cyber101

Key Risk Indicators (KRIs)

June 21, 2022
Cyber101

Dynamic Application Security Testing (DAST)

March 29, 2022
Tool

CCPA Platform

March 21, 2022
Document

Cyber Security: Cyber Crime, Attacks and Terrorism

May 10, 2022

The Legal Babe® Podcast

April 6, 2022
Load More

Security through data

Cybersecurity Domains

  • Application Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • Governance
  • IAM
  • Physical Security
  • More...

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • AR/VR
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • IoT
  • Quantum Computing
  • More...

Frameworks

  • CIS Controls
  • CISA TSS
  • FISMA
  • GDPR
  • ISO 2701/02
  • MITRE ATT&CK
  • NIST
  • NYS-DFS
  • More...

Industries

  • Automation
  • E-Commerce
  • Education
  • Fake News
  • Financial
  • Government
  • Health Care
  • Military
  • More...

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering
  • Vulnerabilities
  • More...

© 2022 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
Search

More...

Generic filters
Filter by Categories
Alerts
Blog
Book
Incidents
Quotes
Tutorials
Certification
Cheat Sheet
Course
Game
Meme
Movie
Paper
Podcast
Report
Software
TV Show

Try these: DDoSGDPRMalware

  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Join our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.