BSidesAugusta 2017 - Track2: Don't Google 'PowerShell Hunting' by Josh Rykowski & Sean Eyre

BSides Augusta 2017 Josh Rykowski (@ryko212) and Sean Eyre (@oni_49) Don't Google 'PowerShell Hunting' The pervasiveness of PowerShell in today's networks speaks to its usefulness to admins and users alike. However, where one sees a useful tool for network administration the adversary sees a tool for general mayhem. We use this talk to discuss how to harden the enterprise against PowerShell based attacks and then hunt for these attacks while living off the land. During our discussion we will highlight current techniques and their weaknesses then discuss memory artifacts that may be discovered during and following PowerShell execution.