DEF CON Forum Site Header Art


No announcement yet.

APTs <3 PowerShell and Why You Should Too

  • Filter
  • Time
  • Show
Clear All
new posts

  • APTs <3 PowerShell and Why You Should Too

    Quite often, you may have heard people mention, “Why should you bother learning PowerShell, isn’t it dead?” or “Why not just use C#?” Many individuals in the offensive security field have a common misconception that PowerShell is obsolete for red team operations. Meanwhile, it remains one of the primary attack vectors employed by Advanced Persistent Threats (APTs). APTs are known for implementing sophisticated hacking tactics, techniques, and procedures (TTPs) to gain access to a system for an extended period of time. Their actions typically focus on high-value targets, which leave potentially crippling consequences to both nation-states and corporations. It is crucial that Red Teams accurately emulate real-world threats and do not ignore viable attack options. For this talk, we will walk through how many threat actors adapt and employ PowerShell tools. Our discussion begins with examining how script block logging and AMSI are powerful anti-offensive PowerShell measures. However, the implementation of script block logging places a technical burden on organizations to conduct auditing on a substantial amount of data. While AMSI is trivial to bypass for any capable adversary. Finally, we will demonstrate APT-like PowerShell techniques that remain incredibly effective against the latest generation of network defenses.

    Speaker(s): Anthony Rose, Jake “Hubbl3” Krasnov

    Location: Red Team Vlg


    Event starts: 2020-08-08 15:15 (03:15 PM) PDT (UTC -07:00)

    Event ends: 2020-08-08 16:15 (04:15 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).
    August 8, 2020 15:15
    August 8, 2020 16:15
    Red Team Vlg