DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

APTs <3 PowerShell and Why You Should Too

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • APTs <3 PowerShell and Why You Should Too

    Quite often, you may have heard people mention, “Why should you bother learning PowerShell, isn’t it dead?” or “Why not just use C#?” Many individuals in the offensive security field have a common misconception that PowerShell is obsolete for red team operations. Meanwhile, it remains one of the primary attack vectors employed by Advanced Persistent Threats (APTs). APTs are known for implementing sophisticated hacking tactics, techniques, and procedures (TTPs) to gain access to a system for an extended period of time. Their actions typically focus on high-value targets, which leave potentially crippling consequences to both nation-states and corporations. It is crucial that Red Teams accurately emulate real-world threats and do not ignore viable attack options. For this talk, we will walk through how many threat actors adapt and employ PowerShell tools. Our discussion begins with examining how script block logging and AMSI are powerful anti-offensive PowerShell measures. However, the implementation of script block logging places a technical burden on organizations to conduct auditing on a substantial amount of data. While AMSI is trivial to bypass for any capable adversary. Finally, we will demonstrate APT-like PowerShell techniques that remain incredibly effective against the latest generation of network defenses.

    Speaker(s): Anthony Rose, Jake “Hubbl3” Krasnov

    Location: Red Team Vlg

    Discord: https://discord.com/channels/7082082...77357820411944

    Event starts: 2020-08-08 15:15 (03:15 PM) PDT (UTC -07:00)

    Event ends: 2020-08-08 16:15 (04:15 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).
    Starts
    August 8, 2020 15:15
    Ends
    August 8, 2020 16:15
    Location
    Red Team Vlg
Working...
X