In this episode, we get to hear the perspective of someone who has been in the trenches of Incident Response. Fernando shared his experiences and methods for leveraging PowerShell during incidents. We talk about how the general perception of PowerShell Security has changed over the years and how PowerShell is now being publicly embraced by security organizations. Fernando told us about dealing with obfuscation and some of the most annoying techniques that he’s encountered.  All this and more is covered in this episode jam-packed with security goodness. 

Check out the video version here: https://www.youtube.com/watch?v=n8-AJGGIVaM

Guest Bio and links:

Fernando Tomlinson is a Principal Incident Response Consultant at Mandiant. He is active in the PowerShell community, speaking at conferences, and creating interactive PowerShell training platforms: Under the Wire and PoSh-Hunter. He is Retired U.S Army of 20 years and is a Purple Heart recipient. He teaches others as a Cybersecurity Adjunct Professor, Co-Authored the PowerShell Conference Book Volume 2, and blogs at cyberfibers.com. 

https://twitter.com/Wired_Pulse

https://github.com/wiredpulse 

https://underthewire.tech/ 

http://cyberfibers.com/wp-content/uploads/2017/09/PS-Cheat-Sheet.pdf 

Cyber Fibers - My Location of Thoughts During a Buffer Overflow 

Defensive and Offensive PowerShell security tactics (Fernando Tomlinson) 

New Shell in Town: Adventures in using PowerShell on Linux by Fernando Tomlinson 

Gaining 20/20 vision during an incident with PowerShell 

New Shell in Town: Adventures in using PowerShell on Linux by Fernando Tomlinson 

PoSh-Hunter