At BruCon 2014, we presented “Investigating PowerShell Attacks” at what ended up being the precipice of widespread adoption and abuse of PowerShell in the wild. A year later, we examined how PowerShell Desired State Configuration (DSC) provided further avenues for covert persistence and C2. In this presentation, we’ll look at how these offensive techniques - and the corresponding approaches to detection and response - have evolved.
