Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Let's Dive into Powershell Obfuscation - SANS@Mic

  • Wednesday, October 21, 2020 at 7:30 PM CST (2020-10-22 00:30:00 UTC)
  • Xavier Mertens

You can now attend the webcast using your mobile device!



PowerShell, thanks to its broad availability across Windows systems, remains a very nice infection vector for many attackers. Im collecting daily new samples of malicious Powershell code. Most of them are obfuscated using one or multiple techniques. Some of them being very simple but effective, while others are much more complicated to approach.

In this SANS@MIC session, Ill take you by the hand to dive into PowerShell obfuscation techniques and demonstrate some techniques with live examples.

Speaker Bio

Xavier Mertens

Xavier Mertens is a freelance cybersecurity consultant based in Belgium. His daily job focuses on protecting his customer's assets and data. Oriented mainly to defensive security, he offers services like incident handling, forensic investigations, log management, OSINT and hunting for bad guys in general. Besides his daily job, Xavier is also a security blogger (, a SANS Internet Storm Center handler (, and co-organizer of the BruCON ( security conference. Hes in the process of becoming a SANS instructor for the malware reverse engineering training (FOR610).

Xavier owns some GIAC certifications (GCIH, GCFA, GCFE, GNFA, GDAT, GCTI, GREM, GXPN) as well as CISSP and CISA.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.