In this episode, we get to hear the perspective of someone who has been in the trenches of Incident Response. Fernando shared his experiences and methods for leveraging PowerShell during incidents. We talk about how the general perception of PowerShell Security has changed over the years and how PowerShell is now being publicly embraced by security organizations. Fernando told us about dealing with obfuscation and some of the most annoying techniques that he’s encountered. All this and more is covered in this episode jam-packed with security goodness.
Check out the video version here: https://www.youtube.com/watch?v=n8-AJGGIVaM
Guest Bio and links:
Fernando Tomlinson is a Principal Incident Response Consultant at Mandiant. He is active in the PowerShell community, speaking at conferences, and creating interactive PowerShell training platforms: Under the Wire and PoSh-Hunter. He is Retired U.S Army of 20 years and is a Purple Heart recipient. He teaches others as a Cybersecurity Adjunct Professor, Co-Authored the PowerShell Conference Book Volume 2, and blogs at cyberfibers.com.
https://twitter.com/Wired_Pulse
https://github.com/wiredpulse
https://underthewire.tech/
http://cyberfibers.com/wp-content/uploads/2017/09/PS-Cheat-Sheet.pdf
Cyber Fibers - My Location of Thoughts During a Buffer Overflow
Defensive and Offensive PowerShell security tactics (Fernando Tomlinson)
New Shell in Town: Adventures in using PowerShell on Linux by Fernando Tomlinson
Gaining 20/20 vision during an incident with PowerShell
New Shell in Town: Adventures in using PowerShell on Linux by Fernando Tomlinson
PoSh-Hunter
Information
- Show
- FrequencyUpdated Weekly
- PublishedJuly 18, 2022 at 1:59 PM UTC
- Length1h 23m
- Episode21
- RatingClean