Hunting PowerShell Attacks on The Open Internet presented at BSidesAugusta 2019

by Paul Melson,

Summary : PowerShell has been steadily gaining in popularity with attackers of all capability levels and motivations because of it's power and flexibility when carrying out attacks on Windows environments. Since BSides Augusta last year, the @ScumBots project has been detecting, analyzing and reporting on PowerShell attack tools used by Red Teamers, nation states, and organized criminal actors as they stage their kit on Pastebin. In this talk, Paul will break down the detection and analysis techniques from the @ScumBots code base, share data on which detection logic is the most effective, and tell some stories about strange things @ScumBots has found over the past year. And as has become tradition at BSides Augusta, there will be new code released to the public.