Session
AMSI & CLM: acronyms that stop Powershell attacks
PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM).
The session will lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains:
- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods
- Understanding CLM
- Dive into PowerShell runspaces
- CLM bypass methods
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top