PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit the damage Microsoft introduced a security feature Antimalware Scan Interface (AMSI).

The session will lift the veil on AMSI, as well as demonstrate methods can be used to bypass protection. The session contains:

- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods in Windows Server 2019
- AMSI bypass methods in Windows 11