- This event has passed.
#misec Southfield meeting
January 11 @ 7:00 pm - 8:00 pm
Join the MiSec Community for a Talk on Malicious PowerShell
Talk Title: Classifying Malicious PowerShell
Speaker: dth0m (Derek Thomas)
About the Talk: PowerShell is often used by attackers for nefarious purposes, but it is also used by administrators for legitimate purposes. Attack techniques are well documented, but they are also evolving at a rapid pace and the line between what is malicious vs what is suspicious can be very blurry. One possible solution is to use a classification algorithm to train a model for detecting benign/suspicious with your organizations data. I will be walking through my journey developing a PowerShell classification algorithm from start to finish, discuss the problems that I encountered, the pros and cons of this approach, and where we are going from here. This presentation is an extension of the MiSec PowerShell presentation from early 2017.