The PowerShell Podcast

Exploring Cybersecurity with PowerShell and John Hammond

Aug 5, 2024

58:57

Snipd AI

John Hammond, a renowned cybersecurity researcher and educator, shares his unique insights on PowerShell in the realm of cybersecurity. He discusses the duality of PowerShell as both a tool for attacks and defense, emphasizing critical security features like constrained language mode. Listeners gain practical tips for securing their environments and learn about transitioning into security-focused roles. John also touches on the importance of hands-on experimentation and community engagement in evolving cybersecurity skills.

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

PowerShell's dual nature as both a beneficial tool and a vector for attacks necessitates a deep understanding of its functionality to mitigate risks.

Implementing security features like Constrained Language Mode and effective logging practices can significantly enhance defenses against PowerShell-based threats.

Continuous learning, hands-on experience, and community engagement are essential for professionals aiming to transition into cybersecurity roles involving PowerShell.

Deep dives

The Use of PowerShell in Cybersecurity

PowerShell is increasingly recognized as a double-edged sword in cybersecurity, serving both beneficial and malicious purposes. Its capabilities allow for executing complex scripting commands, which can lead to illicit activities like data breaches if misused. Experts emphasize the necessity of understanding PowerShell's functionality to mitigate risks associated with its misuse. The discussion highlights the prevalence of 'living off the land' attacks, where attackers leverage built-in scripting languages like PowerShell to compromise systems without deploying traditional malware.

Intro

2min

The Dual Nature of PowerShell in Cybersecurity

17min

Hacking Chaos in Apex Legends

4min

Navigating Cybersecurity Complexity

13min

PowerShell Attacks and Cybersecurity Culture

10min

Harnessing PowerShell and Collaborative Security Practices

3min

Navigating Cybersecurity Specialization

7min

Unlocking Automation with Import Excel in PowerShell

2min

In this episode of the PowerShell Podcast, we sit down with renowned security researcher John Hammond. Recorded in person in Utah, we delve into John's unique insights on PowerShell and its role in cybersecurity. John shares his experiences with PowerShell attacks, discussing how it’s used in various malware and the importance of implementing security features like constrained language mode and script block logging. He highlights practical tips for making PowerShell environments more secure and emphasizes the need for continuous learning and experimenting within safe environments. We also explore how to transition into security-focused roles, with John providing valuable advice for those looking to combine their PowerShell skills with a career in cybersecurity.

Guest Bio and links:

John Hammond is a cybersecurity researcher, educator and content creator. As part of the Research & Development Threat Operations team at Huntress, John spends his days analyzing malware and making hackers earn their access. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content.

PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/

PowerShell Pro Tips - https://www.youtube.com/watch?v=K95ovoMh170

https://underthewire.tech/

https://www.huntress.com/

https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4

https://www.amazon.com/PowerShell-Automation-Scripting-Cybersecurity-Hacking/dp/1800566379

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-7.4

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.4

https://learn.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps