Episode 53: How to Defend and Mitigate PowerShell Attacks

In this discussion, Joey Vandegrift, who leads the blue team at SecurIT360, shares his expertise in defending against PowerShell attacks. He explores the dual role of PowerShell as a tool for both automation and criminal activities. Joey emphasizes the importance of access controls and logging in mitigating risks. He also introduces strategies for privilege management, highlighting tools like MakeMeAdmin. The conversation wraps up with essential defensive practices, including the need for execution policies and regular system updates.