PowerShell Abuse: Good Tool Gone Bad

Security professionals have seen a rapid increase in attacks leveraging native Windows utilities. According to a Carbon Black Report, instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) spiked by more than 90% in the second quarter of 2016. PowerShell provides actors with a full-featured scripting environment and interactive shell from which they can gain execution, persist, and often avoid detection.

When you watch this presentation, you'll learn:

  • Why traditional security tools are severely outmatched against PowerShell-based threats
  • Multiple threats that Red Canary has detected, and the commonalities observed
  • Criteria to aid in your search for suspicious PowerShell activity