Loading Events

« All Events

PowerShell for Hackers

June 23, 2019 @ 9:00 am 5:00 pm

Abstract

PowerShell has evolved greatly in the last decade to become the tool of choice for Windows Post-Exploitation by many (see IBM on PS Attacks peaking at 57%). Indeed, with great power(shell) comes great responsibility. PowerShell has come a long way, and is the main enabler of Microsoft’s management efforts & future, both on premise and in the cloud. Yet in the “living of the land” reality, where any admin tool can be used as an attack tool, PowerShell is “part of the OS” and helps us do anything we want without any pre-reqs – we’ll see how to run fileless in memory without touching disk/without launching explicit process/without powershell.exe/obfuscating command and much more. While MS has some cool detection & logging techniques, we will demonstrate how Powershell blue team techniques can be bypassed in creative ways (from standard stuff to advanced).

Intended Audience

IT Security/SEC Ops, Red Teamers, Pentesters, SOC Analysts, Forensics and anyone interested in leveraging security automation in Windows environments.

Pre-requisites

  • Basic scripting (Bash/Python/other)
  • Basic Windows architecture & concepts
  • Laptop running Windows 10
    • Preferred: Laptop capable of running 2 VMs (windows DC + windows client)

Training Outline/Syllabus

  • Dive under the hood – Powershell architecture and capabilities
  • Script/Code execution – Myth & reality
  • Secure Remoting – config, bypass, mitigate & audit sessions
  • Exploit scenarios / Bypass defense mechanisms
  • PowerShell Penetration Frameworks

Trainer Bio

Y1nTh35h3ll (Yossi Sassi), Security Researcher, White hat

White hat hacker & Security researcher. Since the early 1990s, Sassi has accumulated extensive experience in information security, adversary simulations/Red-Blue team consulting, conducting internal investigations and more, including for elite units in the IDF and large banks worldwide. Worked for Microsoft ~8 years as Technology Group Manager and coded support tools for Windows Server.

Sassi spoke at TED and TEDx events, and was awarded 4 Peace and friendship awards by cities and governments around the world. Sassi holds a M.A in law, CISSP certification and a variety of other professional certifications, spoke at International Security conferences (Europe, South America, Middle East etc.) and is a guest lecturer at several universities and colleges.

Twitter: @Yossi_Sassi

Details

Date:
June 23
Time:
9:00 am – 5:00 pm
Cost:
$850
Website:
https://tickets.bsidestlv.com/bsidestlv/bsidestlv/1/

Organizer

Yossi Sassi

Naftali Building – Faculty of Social Sciences

Tel Aviv University
Tel Aviv, Israel
+ Google Map

Training Terms & Conditions

  • Training requires a minimum of 10 participants and no more than 25 per classroom.
  • Training session confirmation will be sent June 1st 2019.
  • Cancellation and refunds will not be available once session has been confirmed.
  • Questions? [email protected]
  • Full terms can be found at https://bsidestlv.com/trainingterms/