BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:9c7d4345-15f6-4d9b-b5da-57eda64c9eb1 DTSTAMP:20260526T061735Z SUMMARY:(Intermediate) Detecting The Not-PowerShell Gang DESCRIPTION:Title: (Intermediate) Detecting The Not-PowerShell Gang\n\nDesc ription:\nSince the advancement of security features released in PowerShel l version 5\, Red Team folks are forced to not use PowerShell to have succ essful and undetectable engagements. Some of them even push the boundary a nd created their own Not-PowerShell tools and released it to the public. A s a Blue Teamer\, this means we need to reinforce our perimeter against th ese tools. This talk will uncovers some of the popular Not-PowerShell tool s followed by how the blue teams can still spot these tools and build dete ction on it.\n\nThis talk will look into several not-powershell tools and craft several detection tactics based on their mechanism. We will utilize common logging tools\, Sysmon and Windows Logs (Integrated to SIEM).\n\nWe will start with Introduction and will quickly go through the common mecha nism used by the not-powershell tools\n\nTools we are going to look at are :\n- InvisiShell\n- NoPowerShell\n- PowerShdll\n- PowerLessShell\n- And so me other tools with similar mechanism\n\nAfter getting familiar with the m echanisms\, we will put our blue hat back and see what artifacts left by t hese tools and build reliable detection for each mechanisms leaving small room for false positives. At the end of the day\, the blue team will be aw arded with some queries (also known as rules or use cases) that they can u se and deploy at their own SIEM solution.\n\nSpeaker(s): Mangatas Tondang\ n\nLocation: Blue Team Vlg / Blue Team Vlg - Talks Track 1\n\nDiscord: htt ps://discord.com/channels/708208267699945503/732454317658734613\n\nEvent s tarts: 2020-08-07 16:00 (04:00 PM) PDT (UTC -07:00)\n\nEvent ends: 2020-08 -07 16:30 (04:30 PM) PDT (UTC -07:00)\n\nFor the most up-to-date informati on\, please either visit https://info.defcon.org\, or use HackerTracker\, which is available for iOS and Android. This is an automated message\, and this data was last modified 2020-08-02T22:52 (UTC). URL:https://forum.defcon.org/node/234095 DTSTART:20200808T000000Z DTEND:20200808T003001Z LOCATION:Blue Team Vlg / Blue Team Vlg - Talks Track 1 END:VEVENT END:VCALENDAR