PowerShell exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation

BSides SATX 2018

Presented by: Michael Gough
Date: Saturday June 16, 2018
Time: 16:00 - 17:00
Location: Moody 101
Track: Track 4 - In The Weeds

PowerShell is all the rage for the Red Team and the criminals. There are many tools or frameworks now available to Pentesters and the criminal elements. Utilizing PowerShell in attacks and exploit systems without requiring the addition of malicious binaries, rather live of the land and use the built-in Windows PowerShell functionality to get the job done is the Red Teams goal, so what about the Blue Team?

Michael Gough

Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats