Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 13:15 - 14:00
Powershell is DEAD – Epic Learnings!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Powershell is Dead……mibs! It probably is if you want to limit your attack tooling, but trush be told its very environment specific......from running no Powershell using the System.Management.Automation.dll, loading .NET v2 binaries to disabling defensive capabilities like AMSI, there are many ways to pilfer and remain undetected in an environment based on the maturity of the defensive capability. Is powershell Dead? Absolutely maybe.....

The talk is designed to share information about the latest techniques (both defensive and offensive) that we have to face to emulate threat actors with various motivates and tactics. We will talk in depth about the current attack surface, technologies in play on Windows endpoints and some of the pitfalls of EDR products and how the offensive teams role is getting much harder. This will go into the depths of the ‘System.Management.Automation.dll’ including commonly used techniques such as ‘Add-Type’ and ‘Assembly.Load’ in the .NET world. We will also cover some tips relating to process injection methods and tooling which can help detect such activities on an endpoint.

The talk will also dive into some of the specific tooling involved including various alterations to PoshC2 and its C# implant, common opsec pitfalls we have been learnt along the way and how easy it can be to detect malicious actors depending on their capability. We will also look at what the world of Red Teaming will look like over the next 12-18 months and discuss the future of memory resident malware and the challenges facing both Red and Blue.


Ben Turner

Managing Principal Consultant, Nettitude
Ben (@benpturner) & Doug (@b4ggio_su) are both Managing Principal and Principal Security Consultants at Nettitude and have worked solely on Red Teaming for over three years. Collectively they have led some of the largest and most sophisticated Red Teaming engagements for a multitude... Read More →

Wednesday June 5, 2019 13:15 - 14:00 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD