Hunting is the art of searching for badness and unauthorized activity on our own systems or network. By knowing what is normal in our networks and what is possible of adversaries, the hunter can identify malware, signs of unauthorized activity, and indicators of compromise lurking within. In this session, we will explore how to hunt for malware and compromises on windows endpoints using built-in Powershell commands and scripts. We will explore how to validate what’s running on our systems and identify some of the tell-tale signs that you’ve been pwned. The failure of automated prevention and detection coupled with a disappearing perimeter means hunting will become an increasingly important skill among defenders. The skills demonstrated will be useful on your own local system or remotely against hundreds or even thousands of systems.
