We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Red Team Village - APTs ❤️PowerShell and Why You Should Too

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
21
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Rose, Anthony Krasnov, Jake

Formal Metadata

Title
Red Team Village - APTs ❤️PowerShell and Why You Should Too
Title of Series
Number of Parts
374
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Quite often, you may have heard people mention, “Why should you bother learning PowerShell, isn’t it dead?” or “Why not just use C#?” Many individuals in the offensive security field have a common misconception that PowerShell is obsolete for red team operations. Meanwhile, it remains one of the primary attack vectors employed by Advanced Persistent Threats (APTs). APTs are known for implementing sophisticated hacking tactics, techniques, and procedures (TTPs) to gain access to a system for an extended period of time. Their actions typically focus on high-value targets, which leave potentially crippling consequences to both nation-states and corporations. It is crucial that Red Teams accurately emulate real-world threats and do not ignore viable attack options. For this talk, we will walk through how many threat actors adapt and employ PowerShell tools. Our discussion begins with examining how script block logging and AMSI are powerful anti-offensive PowerShell measures. However, the implementation of script block logging places a technical burden on organizations to conduct auditing on a substantial amount of data. While AMSI is trivial to bypass for any capable adversary. Finally, we will demonstrate APT-like PowerShell techniques that remain incredibly effective against the latest generation of network defenses.
00:00
Asynchronous Transfer ModeInformation securityWireless LANPhysical systemSoftware developerPower (physics)Focus (optics)Expert systemHacker (term)Physical systemCybersexExecution unitInformation securityMultiplication signForcing (mathematics)Software testing
01:20
Block (periodic table)LoginScripting languageAsynchronous Transfer ModeData modelPrinciple of maximum entropyComputer wormBitSocial classQuicksortMessage passingExpressionGreatest elementLoop (music)Line (geometry)Scripting languageInformation securityDefault (computer science)Virtual machineComputer animation
02:45
Asynchronous Transfer ModeInformation securityComputer crimeLocal GroupReal numberWeightDirected setDefault (computer science)Virtual memoryRead-only memoryMultilaterationType theoryQuicksortWindowShape (magazine)TwitterSystem administratorLevel (video gaming)Form (programming)CASE <Informatik>MereologyComputer architectureProcess (computing)Group actionPhysical systemDefault (computer science)ChainSemiconductor memoryTerm (mathematics)Functional (mathematics)WeightComputer animation
04:28
Asynchronous Transfer ModeServer (computing)Windows ServerService PackSet (mathematics)Revision controlPrisoner's dilemmaComputer fontMultiplication signSoftwareWindowProcess (computing)Scripting languageInformation securityWaveSystem administratorPower (physics)Real numberServer (computing)Point (geometry)Service (economics)
06:31
Module (mathematics)Block (periodic table)Scripting languageAsynchronous Transfer ModeRevision controlScripting languagePoint (geometry)Block (periodic table)LoginWavePower (physics)Gastropod shell
07:47
Power (physics)Asynchronous Transfer ModeBlock (periodic table)MalwareQuicksortScripting languageGame theorySoftware bugRevision controlPower (physics)Computer animation
08:40
Local GroupAsynchronous Transfer ModeDatabaseCybersexShape (magazine)Gastropod shellPower (physics)Form (programming)Open sourceWeb pageChannel capacityMultilaterationComputer configurationSoftware frameworkQuicksortProcedural programmingInformationCybersex
10:32
Active DirectoryControl flowSpywareAsynchronous Transfer ModeDifferent (Kate Ryan album)Software frameworkGame controllerMultilateration1 (number)LoginSpywareInverter (logic gate)Traffic reportingNumberRange (statistics)Computer animation
12:01
Local GroupFood energyAsynchronous Transfer ModeFood energyState of matterOpen sourceComputer-assisted translationPower (physics)Group action
12:50
Asynchronous Transfer ModeComputer wormComputer fileWindowMereologyScripting languageTraffic reportingCASE <Informatik>
13:42
Local GroupIntegrated development environmentPoint cloudActive DirectoryServer (computing)Asynchronous Transfer ModeSpecial unitary groupInformationPublic domainSocial softwarePasswordPublic domainInformationPrice indexQuicksortKey (cryptography)MereologyAdditionObservational studyComputer architectureMoment (mathematics)Server (computing)TheoryVirtual machinePoint cloudDirectory servicePower (physics)Address spaceNumberCASE <Informatik>SurfaceMathematical analysisGastropod shellView (database)Hybrid computerHypermediaGroup actionPasswordRepresentation (politics)WeightComplex (psychology)Flow separation
16:49
Server (computing)PasswordRemote Access ServiceActive DirectoryAsynchronous Transfer ModeRemote procedure callDirectory serviceTelecommunicationServer (computing)Uniform resource locatorProduct (business)1 (number)Point cloudForcing (mathematics)PasswordCloud computingLocal area networkBackdoor (computing)Software maintenanceMedical imagingMultiplicationMilitary baseLocal ringCASE <Informatik>Observational study
18:12
Asynchronous Transfer ModeComputer networkComputer wormChainPower (physics)ChainModule (mathematics)Multiplication signTraffic reportingSoftwareSoftware testingCASE <Informatik>Computer-assisted translationComputer wormResultantWeb 2.0LoginObservational studyLatent heatComputer animation
20:20
LoginBlock (periodic table)Scripting languageModule (mathematics)Asynchronous Transfer ModeGraphical user interfaceBlock (periodic table)WeightImplementationDemosceneLimit (category theory)Electronic signatureReal numberScripting languageCASE <Informatik>FlagIntegrated development environmentObservational studyPoint (geometry)System administratorComputer animation
22:12
Service (economics)Product (business)DisintegrationVirtual machineAsynchronous Transfer ModeDataflowService (economics)Virtual machineWindowCartesian coordinate systemWorkloadProduct (business)Interface (computing)Standard deviationMalwareWaveSemiconductor memoryDiagramScripting languageInformationLevel (video gaming)
23:48
Scripting languageWeightFunction (mathematics)Structural loadAsynchronous Transfer ModeCommon Language InfrastructureProgramming languageString (computer science)Information securityAreaIdentifiabilityRun time (program lifecycle phase)Level (video gaming)Exclusive orCodeCodierung <Programmierung>WeightComputer animation
24:50
Asynchronous Transfer ModeMathematicsPower (physics)CodeStandard deviationElectronic signatureData structureScripting languageImplementationInformationYouTubeMultiplication signIndependence (probability theory)Position operatorUniform resource locatorGame theoryComputer-assisted translationSource code
26:57
Block (periodic table)Scripting languageEvent horizonLevel (video gaming)Asynchronous Transfer ModeBlock (periodic table)Scripting languageEvent horizonFunctional (mathematics)LoginEncryptionExclusive orMultilaterationExpressionRevision controlString (computer science)Right angleMedical imagingPower (physics)Line (geometry)File viewerMultiplicationVariable (mathematics)BitSharewareMultiplication signUnicodeLevel (video gaming)
29:22
Event horizonProxy serverTracing (software)Module (mathematics)LoginAsynchronous Transfer ModeModule (mathematics)Event horizonLoginScripting languageLine (geometry)Revision controlElectronic signatureKeyboard shortcutMereologyParameter (computer programming)Medical imagingObservational studyBlock (periodic table)SoftwareComputer-assisted translationRight angleClique-width
31:18
Asynchronous Transfer ModeInformation overloadScripting languageSystem administratorBlock (periodic table)Event horizonHydraulic jumpScripting languageInformation securityEvent horizonProxy serverLoginSemiconductor memoryVirtual machineBlock (periodic table)BitSystem administratorModule (mathematics)Process (computing)Operator (mathematics)Boundary value problemSelf-organizationInformationSpacetimeCodeStandard deviationSingle-precision floating-point formatSet (mathematics)System on a chipInformation overloadRow (database)Power (physics)Computer animation
34:01
LoginAsynchronous Transfer ModeOpen sourceIntegrated development environmentScripting languageBlock (periodic table)Maxima and minimaCodeModule (mathematics)Scripting languageBlock (periodic table)Revision controlOpen sourceEvent horizonModule (mathematics)
35:30
Proxy serverBlock (periodic table)LoginScripting languageEvent horizonAsynchronous Transfer ModeFluid staticsProxy serverScripting languageEvent horizonBitStandard deviationSharewareBlock (periodic table)CodeTwitterField (computer science)Physical systemTerm (mathematics)Content (media)System administrator
37:23
Structural loadProxy serverRead-only memoryAsynchronous Transfer ModeFunctional (mathematics)Scripting languageProxy serverImplementationCodeSemiconductor memoryPairwise comparisonResultantDefault (computer science)AreaBit rateDifferent (Kate Ryan album)Video gameNumber1 (number)Goodness of fitRow (database)Source code
39:02
SpacetimeRead-only memoryFunction (mathematics)Asynchronous Transfer ModeKolmogorov complexityComputer wormSpacetimeSemiconductor memoryProcess (computing)ResultantMereologyComputer wormCodeMultiplication signDirection (geometry)Limit (category theory)Different (Kate Ryan album)Mathematical analysisNoise (electronics)Software frameworkComplex (psychology)Heegaard splittingElectronic signatureVariable (mathematics)Source codeComputer animation
40:39
Asynchronous Transfer ModeLoginImplementationMereologyOrder (biology)FlagPoint (geometry)Different (Kate Ryan album)PseudozufallszahlenRandomizationMultiplication signComputer wormCodeNumberCombinational logicString (computer science)Right angleLatent heatLimit (category theory)BitComputer animation
42:40
Asynchronous Transfer ModeData structureObject (grammar)Physical systemProxy serverElectronic signatureCodeComputer wormGaussian eliminationComputer virusProjective planeEmailRevision controlBit
43:37
Read-only memoryTerm (mathematics)Asynchronous Transfer ModeSystem callScripting languageBitString (computer science)LoginSemiconductor memoryAliasingLevel (video gaming)Event horizonBlock (periodic table)Latent heatCausalityFlagTerm (mathematics)CodePower (physics)Field (computer science)Multiplication signArithmetic meanInstance (computer science)Gastropod shell
45:22
Asynchronous Transfer ModeString (computer science)Random numberTerm (mathematics)AliasingDatabaseScripting languageDatabaseFunctional (mathematics)AliasingMultiplication signComplex (psychology)String (computer science)CausalityMatching (graph theory)Computer fileComputer programNumberRandomizationSelf-organizationTerm (mathematics)
47:03
AliasingScripting languageBlock (periodic table)Function (mathematics)WebDAVLoginModule (mathematics)BlogAsynchronous Transfer ModeAliasingModule (mathematics)Semiconductor memoryLoginFunctional (mathematics)Different (Kate Ryan album)Clique-widthRight angleBlock (periodic table)Scripting languageTerm (mathematics)Type theoryOpen sourceLetterpress printing
48:46
AliasingEmbedded systemAsynchronous Transfer ModeRight angleAliasingLoginMultiplication signArithmetic meanExpressionBlock (periodic table)Scripting languageGreatest elementCASE <Informatik>Key (cryptography)Functional (mathematics)Descriptive statisticsFigurate numberPhysical systemSharewareComputer animation
50:30
SharewareAsynchronous Transfer ModeLoginSharewareFile viewerProxy serverScripting languageEvent horizonBitBlock (periodic table)Module (mathematics)Type theorySystem administratorSoftware testingOperator (mathematics)Open setRight angleWindowComputer animation
51:32
Asynchronous Transfer ModeOpen setLoginAsynchronous Transfer ModeNeuroinformatikEvent horizonModule (mathematics)Default (computer science)Block (periodic table)Scripting languageSource codeComputer animation
52:17
Asynchronous Transfer ModeSoftware testingWritingRight angleScripting languageBlock (periodic table)LoginString (computer science)Computer animation
53:02
Asynchronous Transfer ModeBlock (periodic table)Reflection (mathematics)Default (computer science)Group actionCausalitySet (mathematics)Cache (computing)Semiconductor memoryScripting languageImplementationProcess (computing)Proxy server
53:50
Asynchronous Transfer ModeDrop (liquid)Event horizonScripting languageCodeSinc functionBlock (periodic table)Default (computer science)1 (number)Module (mathematics)Function (mathematics)CausalityRight angleSoftware testingComputer animationSource code
54:38
Asynchronous Transfer ModeComputer-generated imageryBlock (periodic table)Scripting languageSoftware testingString (computer science)CausalityModule (mathematics)MereologyBit rateProcess (computing)LoginSource codeComputer animation
55:24
Asynchronous Transfer ModeProxy serverEvent horizonMultiplication signSlide ruleScripting languageTable (information)Link (knot theory)Block (periodic table)Stress (mechanics)LoginModule (mathematics)Level (video gaming)String (computer science)Default (computer science)Field (computer science)Software testingWritingComputer animation
56:46
Asynchronous Transfer ModeSoftware testingRight angleLoginEvent horizonLevel (video gaming)Real numberAliasingReal-time operating systemObject (grammar)Open setWeb 2.0Function (mathematics)Computer animationSource code
57:45
Asynchronous Transfer ModeBlock (periodic table)LoginLevel (video gaming)Module (mathematics)Mathematical analysisMultiplication signTelecommunicationKey (cryptography)Different (Kate Ryan album)BitSound effectScripting languagePhysical systemWeb browserAliasingMereologyDescriptive statisticsSource codeComputer animation
59:29
Multiplication signBitComputer animation
Transcript: English(auto-generated)