PowerShell is nearly 10 years old this year. Throughout it’s lifetime it has grown from a hobbyist plaything to a fully featured incredibly sharp swiss army knife. The default installation has lead to increased availability which has caused a surge of usage both good and bad.This talk reviews various PowerShell logging options, popular offensive PowerShell tooling and malware, how to interpret those logs into actionable detection, and a tinsy bit of PowerShell hardening.
Peter Ewane (@eaterofpumpkin) is a security researcher and a mostly blue teamer for the Alien Vault Labs Team. When not playing with computers, Peter enjoys trying and making interesting cocktails and collecting whisk(e)y.