iPad Pro w/ Magic KB, Surface Go 2, or $350 Off with OnDemand Training - Register Now

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Purple PowerShell: Current attack strategies & defenses

  • Wednesday, April 10, 2019 at 10:30 AM EDT (2019-04-10 14:30:00 UTC)
  • Erik Van Buggenhout

You can now attend the webcast using your mobile device!

  

Overview

PowerShell has long been considered the main "Living off the Land tool in Microsoft Windows. PowerShell-based attack tools such as Empire have proven to be extremely effective for pentesters and real adversaries alike. However, over the past few years, Microsoft has stepped up its game and many security features have been implemented in PowerShell. Examples include Constrained Language Mode, Script Block Logging & AMSI. How effective are these defenses in 2019? In this interactive webcast (we will do several demo's). We will also look at attacking techniques and defenses.

Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.

Speaker Bio

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries and SEC699 - Purple Team Tactics. In addition to SEC599 and SEC699, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO. Together with his team of 70+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.