Put Some Power in Your Shell: POSH for Incident Response at Scale - SANS Blue Team Summit

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=pNPjw_ykKC8


Duration: 41:16
374 views
6

If your blue team doesn't understand how to do on-system analysis, then it’s game over because the team won't be able to detect the hack or how to find signs of persistence or malicious behavior. Worse, the team won't know how to scale out. Automated tools help, but they depend on your blue team understanding what the data mean. This presentation will go over numerous tools and techniques with PowerShell to perform on-system analysis and script analysis for the enterprise. We’ll also look at how to use other WinRM features to do analysis at scale. The presentation will list out common analysis challenges; go over WinRM setup requirements; review the use of PS-based tools to collect a baseline; demo remote analysis methods (including writing fault-tolerant PS code that tests for connectivity and fails gracefully, and writing job-based PS code for the defender); and examine running remote collection scripts so that you don't have to do all of the heavy lifting.

Don Murdoch @BlueTeamHB, BTHb, and Author/Range Officer, Regent University



Other Videos By SANS Cyber Defense


2020-09-14PowerShell 2020: State of the Art / Hack / Infection
2020-07-30Social Engineering Your Way to Success | Justin Henderson & Ismael Valenzuela
2020-07-22Extending Your Home Lab to include Cloud
2020-07-17Danger Stewards – Measuring Risk and Predicting the Future for Fun and Profit
2020-07-17Network Compromise for the Technically Challenged (Dummies)
2020-07-17You Can Write an Infosec Book!
2020-07-17ICMP: A world beyond ping
2020-07-17CISSP Test-Taking Tactics: Successfully Navigating Adaptive Exams
2020-07-08Threat Intelligence: How to Focus Fire on the Bad Guys Coming for Your Network-SANS Blue Team Summit
2020-07-08DevBlue: Applying Software Engineering Practices to Blue Teaming for the Win! -SANS Blue Team Summit
2020-07-08Put Some Power in Your Shell: POSH for Incident Response at Scale - SANS Blue Team Summit
2020-07-08Creativity, Convergence, & Choices: Security Analyst Thinking Modes - SANS Blue Team Summit
2020-07-08Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020
2020-07-08Cobot Uprising: Smart Automation for Blue Teams with Mark Orlando - SANS Blue Team Summit 2020
2020-07-08Real-Time OSINT: Investigating Events as They Happen with Josh Huff | SANS OSINT Summit 2020
2020-07-08Weaponizing the Deep Web with Matt Edmondson - SANS OSINT Summit 2020
2020-06-28CISSP Cram Session | SANS Webcast Series
2020-06-18Putting Your SOC to the Test | John Hubbard
2020-06-13OSINT Reverse Image Searching with Search-By-Image - SANS OSINT Series
2020-06-13OSINT Video Verification with InVid, Google Maps & Street View - SANS OSINT Series
2020-06-13Why Video and Image Verification matters for OSINT? - SANS OSINT Series