Powershell Best Security Practices and how to bypass them presented at BSidesAthens 2019

by Isidoros Monogioudis,

Summary : As we know Powershell is widely used for offensive operations and is clearly defined as one of the most popular techniques according to MITRE ATTACK framework. Best security practises have been already addressed quite a few times and Microsoft as well as other most security vendors detect and prevent efficiently almost every powershell suspicious activity. However attackers have found other ways and techniques to bypass those security controls and evade traditional and modern detection measures. What are those techniques/tools being used in the wild? What else defenders need to do keep the protection level high? The presentation will cover all updated powershell security practices, tools and techniques to evade powershell based detection methods and the associated countermeasures for blue teams.