What the shell is going on? A Primer detecting malicious PowerShell activity

PowerShell is nearly 10 years old this year. Throughout it’s lifetime it has grown from a hobbyist plaything to a fully featured incredibly sharp swiss army knife. The default installation has lead to increased availability which has caused a surge of usage both good and bad.This talk reviews various PowerShell logging options, popular offensive PowerShell tooling and malware, how to interpret those logs into actionable detection, and a tinsy bit of PowerShell hardening.

Presented by