Catching the Guerrilla: Powershell Counterinsurgency

For too long attackers have leveraged the built-in APIs and tooling on Windows systems against us. It’s time the tables are turned! Those APIs were made for Sys Admins and defenders… and we’re taking them back! We’re building a framework of response tools for defenders to wrestle control from threat actors without the risk of production outages. This talk will focus on techniques to turn the limited and traditional black-and-white incident response options into a full-color spectrum of alternatives for defending your turf. Attendees will walk away with ideas on how to leverage existing third-party Powershell scripts to stop intruders in their tracks and are encouraged to offer use cases that will produce more tools in the future.