PowerShell Abuse: Good Tool Gone Bad
Security professionals have seen a rapid increase in attacks leveraging native Windows utilities. According to a Carbon Black Report, instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) spiked by more than 90% in the second quarter of 2016. PowerShell provides actors with a full-featured scripting environment and interactive shell from which they can gain execution, persist, and often avoid detection.
When you watch this presentation, you'll learn:
- Why traditional security tools are severely outmatched against PowerShell-based threats
- Multiple threats that Red Canary has detected, and the commonalities observed
- Criteria to aid in your search for suspicious PowerShell activity