Responding to PowerShell
- Posted: May 10, 2016 at 8:11PM
Right click “Save as…”
Red Team tools exist for PowerShell. Older ones, like PoshSec and PowerSploit, and newer ones like PowerShell Empire. Meantime, criminals weaponized PowerShell scripts with malware like PowerSniff and PowerWare. So in this talk, we discuss monitoring PowerShell and integrating it with incident response.