filmov
tv
PowerShell's Return to Power
Показать описание
BSidesDFW 2021 Track 2 Session 2 - 06 Nov 2021
PowerShell's Return to Power
Over the past few years, we saw the rise of popularity of offensive C# over PowerShell. This sparked a plethora of new OffSec focused C# tools and executables bypassing the watchful eye of the security community. However, this shift of focus has allowed attackers to garner new techniques on how to bypass and defeat the organic controls that Microsoft has put into place to protect the scripting application. We believe that PowerShell exploits and attack methods are still alive and well. With PowerShell still being deployed on every machine by default, there is still a massive security hole for your organization that could allow an attacker to navigate your environment without ever needing to place an executable "on disk".
Dahvid Schloss
Dahvid is a Manager and Lead in the Offensive Security service offering within Echelon. With over 10 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big Four firm, served in the military, leading, conducting, and advising on special operations offensive cyber operations, and has developed an extensive framework in PowerShell. His background in cybersecurity includes logical, social, and physical exploitation as well as incident response and system/network device hardening.
PowerShell's Return to Power
Over the past few years, we saw the rise of popularity of offensive C# over PowerShell. This sparked a plethora of new OffSec focused C# tools and executables bypassing the watchful eye of the security community. However, this shift of focus has allowed attackers to garner new techniques on how to bypass and defeat the organic controls that Microsoft has put into place to protect the scripting application. We believe that PowerShell exploits and attack methods are still alive and well. With PowerShell still being deployed on every machine by default, there is still a massive security hole for your organization that could allow an attacker to navigate your environment without ever needing to place an executable "on disk".
Dahvid Schloss
Dahvid is a Manager and Lead in the Offensive Security service offering within Echelon. With over 10 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big Four firm, served in the military, leading, conducting, and advising on special operations offensive cyber operations, and has developed an extensive framework in PowerShell. His background in cybersecurity includes logical, social, and physical exploitation as well as incident response and system/network device hardening.
0:35:15
0:11:44
0:25:53
0:06:05
0:34:24
1:48:21
0:27:57
0:00:38
0:01:49
0:05:25
0:17:26
0:43:17
0:04:36
0:02:57
0:51:10
0:02:00
0:21:38
0:25:39
0:05:13
0:00:32
0:04:03
0:03:40
0:09:55
0:07:53