PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM).

The session will lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains:

- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods
- Understanding CLM
- Dive into PowerShell runspaces
- CLM bypass methods