Matt Johnson (@mwjcomputing) is this week’s podcast guest. Matt discusses the #MiSec BSides Detroit dinner, the value of blue team defenses, and, of course, PowerShell. Matt is the founder of the Michigan PowerShell User Group and has submitted a talk to BSides Detroit 13 titled Incident Management with PowerShell.
Abstract. Have you seen the latest scare? The Java 0-day exploit that allows attackers to execute code on your computer? Now scares come and scares go. But let’s suppose for a moment your servers were infected using this exploit. How could your administrators detect the attack? How do you recover? Even better, what could have been done beforehand and how could you prevent this from happening again?
Incident Management , of course, is the security practice that seeks to answer these questions. In Windows server environments, PowerShell is the way Incident Management gets put into practice. This session will introduce InfoSec professionals and systems administrators to PowerShell’s security features. Using the Java 0-day exploit as a driver, we will walk through the lifecycle of an incident. The audience will leave with information on the policy and practice of Incident Management with PowerShell.
For more information about BSides Detroit 13, please see: