Finding and Decoding Malicious PowerShell Scripts - Presentation at SANS DFIR Summit June 8, 2018 Austin

or to bookmark this page

Click here to bookmark this page

Click here to remove bookmark

Finding and Decoding Malicious PowerShell Scripts - Presentation at SANS DFIR Summit

Location Hilton Austin, Hilton Austin,

Austin TX

Calendar June 8, 2018

Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. In this presentation, learn how to locate and identify activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contain several layers of obfuscation that need to be decoded. I will walk through how to decode them, as well as some light malware analysis on any embedded shellcode. I will also demonstrate how to use an open source python script to automate the process once you have discovered the MO of the attacker in your case.

Register now

For additional Kroll presentations from the 2018 DFIR Summit & Training, please take a look here

The annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place.

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.

  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.

  • DFIR NetWars: The Coin Slayer! - Earn DFIR course coins by correctly answering all questions from all levels of the six DFIR domains. Leave Austin with a motherlode of coinage!

Join Mari DeGrazia for a session on "Finding and Decoding Malicious Powershell Scripts" on Friday, June 8, 2018 at 11:45 a.m. (EST)

2018-06-08T04:00:00.0000000 0001-01-01T00:00:00.0000000 /en/insights/events/2018/finding-and-decoding-malicious-powershell-scripts event {78D3F940-BF08-40FB-A7F6-B55FB2D9165B} {2DEEE4D2-8278-4C50-B3FF-1563BB257804}

Contact Us


The Monitor

Telerik Vulnerability (CVE-2019-18935) Creates Surge in Web Compromise and Cryptomining Attacks - The Monitor, Issue 14

The Monitor
Cyber Risk

Case Study – Protecting the 2008 U.S. Presidential Election from Cyber Attacks

Cyber Risk
Cyber Risk

Protecting Elections: Security Beyond the Machine

Cyber Risk
Cyber Risk

Be Better Prepared to Handle Imminent and Recurring Third-Party Cyber Risk

Cyber Risk