More often than not, T1059.001: PowerShell has been the number one ATT&CK technique in Red Canary’s annual Threat Detection Report. In the five years that we’ve been mapping threats to ATT&CK, there’s no technique we’ve detected more often.
Installed on nearly every Windows operating system in the world, PowerShell is a versatile tool for automation and remote system management that’s beloved by administrators and adversaries alike. It allows adversaries to execute commands, obfuscate malicious activity, download arbitrary binaries, gather information, change system configurations, and much more—all while blending in with routine operating system activity.
In this highly anticipated Detection Series webinar, experts from VMware Carbon Black, MITRE ATT&CK®, and Red Canary will provide insight into:
- Common ways that adversaries abuse PowerShell
- Tools and log sources that collect relevant telemetry
- How to detect, mitigate, and respond to malicious PowerShell activity
- Strategies for testing your security controls by executing suspicious PowerShell commands with Atomic Red Team
Attendees will leave with a better understanding of what PowerShell is and how adversaries leverage it. More importantly, practitioners will know where to find malicious activity, how to develop detection analytics for it, and how to test their detection and visibility capabilities.