Course Hive
Search

Welcome

Sign in or create your account

Continue with Google
or
Incident Response Training, Decoding Powershell- Day 18
Play lesson

BlackPerl DFIR || INCIDENT RESPONSE TRAINING || Full Course - Incident Response Training, Decoding Powershell- Day 18

5.0 (0)
14 learners

What you'll learn

This course includes

  • 13.5 hours of video
  • Certificate of completion
  • Access on mobile and TV

Summary

Keywords

Full Transcript

In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-18 and we are going to explore the easiest way to read, understand, analyze, decode malicious PowerShell scripts through practical demonstration. Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. In this episode, learn how to locate and identify activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contain several layers of obfuscation that need to be decoded. I will walk through how to decode them, as well as some light malware analysis on any embedded shellcode. I will also demonstrate how to use some freely available tools to easily automate the process once you have discovered the MO of the attacker in your case. First we will go through some theatrical part which any incident responder need to understand about PowerShell, why they are used and some of the basic conventions, afterwards we will show 3 samples of heavily obfuscated PowerShell and how can we decode them to identify the basics and thus take required actions. 🔗LINKs for your requirements- ------------------------------------------------------------------------------------------------------------------------- 1. Custom Decoding Tools - https://github.com/archanchoudhury/DFIR-Tools/blob/main/Malware%20Analysis/Decode-Tools.7z 2. scdbg tool- http://sandsprite.com/blogs/index.php?uid=7&pid=152 WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉https://youtube.com/playlist?list=PLjWEV7pmvSa4yvhzNsCjOJovOn1LLyBXB DFIR Free Tools and Techniques 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa6f-NTpXsaUYWZLjLAB_0TS Windows and Memory Forensics 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH Malware Analysis 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa6u32RongesgDtkfKBfrFWW SIEM Tutorial 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa7cXTkCppnYHERUdy8Dd71x Threat Hunt & Threat Intelligence 👉 https://youtube.com/playlist?list=PLjWEV7pmvSa5UTZlsWp5wRnURNbeMS-fu ⌚ Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 ⏩ Introduction 1:18 ⏩ Why Powershell 5:03 ⏩ PowerShell LoL example 8:00 ⏩ How to find it from Logs 18:14 ⏩ Sample1 Analysis 23:21 ⏩ Sample2 Analysis 33:28 ⏩ Sample3 Analysis 38:51 ⏩ Summarize 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: https://www.linkedin.com/company/blackperl ✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: https://github.com/archanchoudhury ✔ Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/ ✔ Can be reached via [email protected] SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ ➡️ SUBSCRIBE, Share, Like, Comment ☕ Buy me a Coffee 👉 https://www.buymeacoffee.com/BlackPerl 📧 Sponsorship Inquiries: [email protected] ------------------------------------------------------------------------------------------------------------------------- 🙏 Thanks for watching!! Be CyberAware!! 🤞

Course Hive

Continue this lesson in the app

Install CourseHive on Android or iOS to keep learning while you move.

Related Courses

FAQs

Course Hive
Download CourseHive
Keep learning anywhere