Two of the World leading authorities in PowerShell and Windows security, Will Schroeder and Jared Atkinson, will show how attacker and criminals can use PowerShell to attack and compromise your whole system or some vital part of it, and how you can use PowerShell to secure and protect your system. You should not miss this session if you want to secure and protect your Windows system from the new attack vectors with your best friend - Empire.
PowerShell has changed the way Windows systems/networks are attacked. PowerShell are setting a completely new ball game within Security thinking on Windows platform. PowerShell can interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain and can be attacked or secured by PowerShell.
The PowerShell Empire project, a pure PowerShell post-exploitation project that packages together a wealth of new and existing offensive PowerShell tech into a single weaponized framework, is one of the projects driving this newfound awareness. However, hope is not lost, as PowerShell, itself can help to detect these offensive abuses.
This session will demonstrate Empire 2.0, the new Empire architecture, and demonstrate its full capabilities using nothing but Microsoft's built-in scripting language. We will then switch gears and show how PowerShell itself can help detect various Empire actions. Uproot IDS is a WMI based Intrusion Detection System, which together with PowerForensics (a PowerShell based disk forensics platform) can catch or triage nearly every Empire action, including unmanaged process injection, lateral movement techniques, privilege escalation, and much more.
Will (@harmj0y) is a security researcher and red teamer for Veris Group's Adaptive Threat Division. He is a co-founder of Empire/Empyre, BloodHound, and the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a Microsoft PowerShell MVP.
Jared (@jaredcatkinson) is the Defensive Services Technical Lead with Veris Group's Adaptive Threat Division. Before working for Veris Group, Jared spent four years leading incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of the PowerForensics project (an open source forensics framework for PowerShell) and maintains a DFIR focused blog.
More information at: https://www.hackcon.org/aktiviteter/hackcon12.