pwsh24hour2020
It’s My PowerShell, and I Need It Now! Don’t Shut Out the Shell!
Abstract
Tired of infosec complaining about commodity PowerShell-based malware? Are they trying to shut you down? Show them instead how to track every rogue script with PowerShell features like transcription, module logging, script block logging, and a few other tricks. Do this even in the latest PowerShell Core 7 on Windows, MacOS and Linux. Find out about a few gotchas before implementing enterprise-wide. Learn it directly from a former Microsoft insider. Take away free techniques you can use today.
Bio
Ashley McGlone is a former Microsoft Premier Field Engineer and now a Technical Account Manager at Tanium. He has a familiar face (or goatee) in the PowerShell community as a blogger, tweeter, and speaker. You can find his content on YouTube and TechNet. While at Microsoft Ashley created and delivered PowerShell training to customers around the world. Now at Tanium he is helping companies catch PowerShell malware at scale. Previous attendees of his sessions have said that he is both "informative and entertaining". Ashley's goal is to help people use PowerShell securely in the enterprise.
Resources
Slides with notes and links in the PDF in this repo. For any questions, comments, or feedback ping Ashley McGlone.