Gaining 20/20 vision during an incident with PowerShell presented at BSidesAugusta 2019

by Fernando Tomlinson,

Summary : There will come a point where every organization will likely be compromised. To be able to identify it before or as it is happening, most acquire technology to help identify any malicious behavior but that technology comes with a price tag that not every organization can afford. With most organization's having Windows systems as the majority, there are other built-in options. This talk revolves around the use of PowerShell and supporting aspects as a suitable option for an incident response solution for endpoints in your environment, to include shortfalls of the language.