Overview
This course aims to teach learners how to effectively hunt for threats on endpoints using PowerShell. The course covers topics such as the concept of hunting, different methodologies, tools in a hunter's toolkit, deployment and execution methods, analyzing memory-resident malware, and utilizing PowerShell for threat hunting. The course is designed for individuals interested in cybersecurity, threat hunting, and endpoint security.
Syllabus
Intro
Speaker Background
What is Hunt?
Hunt vs DFIR (tdr it's sort of the same, but not)
The Hunter's Tool Bag (Examples)
A Tale of Two Hunting Methodologies
PSHunt Components/Modules
Scanners
Survey Deployment
Execution Methods
Discovery / Testing Access
Persistence Mechanisms (Autostarts)
Memory-resident Malware Analysis
Survey Analysis Modules Initialize-ReputationData
Active Processes/Modules/Drivers
Digital Signatures?
Process Memory Injection
PSHunt-Powershell Threat Hunting
Taught by
BSidesLV