Name: CF-2003 Finding and Decoding Malicious PowerShell Scripts
Start: 2019-10-11T13:00:00-0500
End: 2019-10-11T15:00:00-0500

WELCOME TO THE TEXAS CYBER SUMMIT

Back To Schedule

CF-2003 Finding and Decoding Malicious PowerShell Scripts

Feedback form is now closed.

Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. Learn how to locate and identify activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contains several layers of obfuscation that need to be decoded. Learn how to manually decode them, as well as some light malware analysis on any embedded shellcode through a series of hands on labs.
Requirements:

Windows system or Windows VM.
User must be able to turn off their AV.
Helpful if Python 2.7 is installed and added to the Path environment variable.

Speakers

Mari Degrazia

Forensics Expert, Kroll Cyber Risk

Mari DeGrazia is a Senior Vice President at Kroll Cyber Risk, which provides cyber security services on a global scale. Throughout her career, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. She has written... Read More →

Friday October 11, 2019 1:00pm - 3:00pm CDT
TEXAS BALLROOM - F Track 2 600 E Market St, San Antonio, TX Floor 4

Intermediate, Forensics

Texas Cyber Summit II

Mari Degrazia

Attendees (91)

Texas Cyber Summit II

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mari Degrazia

Attendees (91)