This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Friday, October 11 • 1:00pm - 3:00pm
CF-2003 Finding and Decoding Malicious PowerShell Scripts

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. Learn how to locate and identify activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contains several layers of obfuscation that need to be decoded. Learn how to manually decode them, as well as some light malware analysis on any embedded shellcode through a series of hands on labs.
  • Windows system or Windows VM.
  • User must be able to turn off their AV.
  • Helpful if Python 2.7 is installed and added to the Path environment variable.

avatar for Mari Degrazia

Mari Degrazia

Forensics Expert, Kroll Cyber Risk
Mari DeGrazia is a Senior Vice President at Kroll Cyber Risk, which provides cyber security services on a global scale. Throughout her career, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. She has written... Read More →

Friday October 11, 2019 1:00pm - 3:00pm CDT
TEXAS BALLROOM - F Track 2 600 E Market St, San Antonio, TX Floor 4