InfoSec Nashville 2019

Slides for InfoSec Nashville 2019.

Hands on lab for building and learning PowerShell logging and transcription

Reading list for PowerShell Security

For any questions ping me on Twitter Ashley McGlone.

Bio Lab: Dissecting a Live PowerShell Attack

PowerShell post-exploitation toolkits are prolific! How do you know if they are being used inside your enterprise? See a live demo of a PowerShell attack, and learn how to catch it using out-of-the-box Windows features like transcription, module logging, script block logging, and other fingerprints. Walk away with free techniques you can implement immediately. #infosec #powershell #defender #blueteam

Ashley McGlone is a former Microsoft Premier Field Engineer and now a Technical Account Manager at Tanium. He has a familiar face (or goatee) in the PowerShell community as a blogger, tweeter, and speaker. You can find his content on YouTube, TechNet, and Microsoft Virtual Academy. While at Microsoft Ashley created and delivered PowerShell training to customers around the world. Now at Tanium he is leveraging PowerShell on a realtime endpoint platform. Previous attendees of his sessions have said that he is both "informative and entertaining". Ashley's goal is to help people use PowerShell securely in the enterprise.

Shareable link to this page: http://bit.ly/TNISSA19