WALTHAM, Mass., Oct. 20, 2015 (GLOBE NEWSWIRE) -- Bit9® + Carbon Black®, the market leader in Next-Generation Endpoint Security (NGES), is sponsoring the free webinar "PowerShell Attack Scenarios: How Attackers Do It and How to Detect" on Tuesday, October 27, 2015, at 12:00 p.m. EDT.
To evade detection, advanced attackers are switching to a "living off the land" strategy. When you are an attacker living off the land you don't bring in custom EXEs like remote administration tools, which can be detected in short order if organizations know what to look for and are vigilant across all endpoints. In fact, advanced attackers living off the land can almost completely avoid writing to disk and registry at all.
To live off the land attackers leverage standard tools included and enabled by default in Windows.
One of the most powerful tools at their disposal is PowerShell. In this webinar Jason Garman, from Bit9 + Carbon Black, will join Randy Franklin Smith, an expert on Windows security, to help explain three ways attackers exploit PowerShell in order to perform actions on objectives, dump credentials, and move laterally through target networks.
Ranging from easy to sophisticated:
- PowerShell set script policy to "unrestricted"
- Lateral movement via WinRM & PowerShell
- Reflective DLL injection via PowerShell (for example, mimikatz)
The experts will explain how each of these techniques works and demonstrate aspects of them. They also will discuss how organizations can mitigate the risk of PowerShell-leveraged attacks through prevention and detection. As you will see your prevention options are fairly "ham-fisted," meaning you have to choose between disabling major pieces of functionality or remaining exposed.
On the other hand, detection is possible if you know what to look for. Jason will show you techniques and technologies Bit9 + Carbon Black have developed to detect and immediately respond to PowerShell-based attacks and more. For instance, Garman will explain how to detect PowerShell being started by a remote WMI session by correlating child and parent process IDs and executable names.
What: Free Webinar "PowerShell Attack Scenarios: How Attackers Do It and How to Detect"
When: Tuesday, October 27, 2015, at 12:00 p.m. EDT
Where: Click here to register
About Bit9 + Carbon Black
Bit9 + Carbon Black is the market leader in Next-Generation Endpoint Security. We have sold more licenses, have more experience, and more customers than any other NGES company because our solution is the most effective way to prevent, detect and respond to advanced threats that target users, servers, and fixed-function devices. That's why more than 60 MSSP and IR leaders, including Dell SecureWorks, EY, Optiv and Solutionary, have chosen our technology as a key component of their security offerings, and 25 of the Fortune 100 rely on us as a critical element of their advanced threat defense and compliance strategies. By the end of 2015, we expect to achieve 7 million+ software licenses sold, and almost 2,000 customers worldwide. We were voted Best Endpoint Protection by security professionals in the SANS Institute's Best of 2014 Awards, and a 2015 SANS survey found that 68 percent of IR professionals are using or evaluating Carbon Black.
Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.
Bit9 + Carbon Black Free Webinar--"PowerShell Attack Scenarios: How Attackers Do It and How to Detect"
| Source: Carbon Black