How you CAN detect PowerShell exploitation and malicous use. presented at BSidesOklahoma 2018

by Michael Gough,

Summary : This talk will show a few examples of PowerShell exploitation that can be caught, what and why it can be detected, what you need to configure, what kind of queries you will need to build to capture malicious activity, and of course some examples queries you can use to build your own reports and alerts to detect and hunt for malicious PowerShell.