Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em'

Slides: https://www.slideshare.net/DanielBohannon2/invokeobfuscation-derbycon-2016

Conferences:

  1. DerbyCon 6 (2016-09-25 :: Louisville, Kentucky USA)
    https://www.youtube.com/watch?v=P1lkflnWb0I
  2. SANS DFIR Summit (2016-10-09 :: Prague, Czech Republic)
    No public recording
  3. CODE BLUE (2016-10-20 :: Tokyo, Japan)
    https://www.youtube.com/watch?v=Z_fdf_BpzLU
  4. Hacktivity (2016-10-22 :: Budapest, Hungary)
    https://www.youtube.com/watch?v=uE8IAxM_BhE
  5. BruCON (2016-10-28 :: Gent, Belgium)
    https://www.youtube.com/watch?v=DLtJTxMWZ2o
  6. Microsoft BlueHat (2016-11-04 :: Redmond, Washington USA)
    No public recording
  7. Microsoft BlueHat IL (2017-01-24 :: Tel Aviv, Israel)
    https://www.youtube.com/watch?v=6J8pw_bM-i4
  8. nullcon (2017-03-03 :: Goa, India)
    https://www.youtube.com/watch?v=PMh0_59jD2U

PS I Love You: Detection, Evasion & the State of PowerShell Security

Co-presented with Mandiant's Matthew Dunwoody (@matthewdunwoody).

Slides: N/A

Conference:

  1. FireEye Cyber Defense Summit (2016-11-30 :: Washington DC, USA)
    No public recording

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join '')


Co-presented with Microsoft's Lee Holmes (@Lee_Holmes).

Slides: https://www.slideshare.net/DanielBohannon2/revokeobfuscation

Conferences:

  1. Black Hat USA (2017-07-27 :: Las Vegas, Nevada USA)
    https://www.youtube.com/watch?v=x97ejtv56xw
  2. DEF CON 25 (2017-07-30 :: Las Vegas, USA)
    https://www.youtube.com/watch?v=k5ToL0J7uL0
  3. SEC-T 0x0A (2017-09-15 :: Stockholm, Sweden)
    https://www.youtube.com/watch?v=cPml1XQ4Bdk
  4. DerbyCon 7 (2017-09-23 :: Louisville, Kentucky USA)
    https://www.youtube.com/watch?v=7XnkDsOZM3Y
  5. BSides DC (2017-10-08 :: Washington DC, USA)
    https://www.youtube.com/watch?v=yusq49wEijI
  6. PSConfEU (2018-04-18 :: Hanover, Germany)
    Video Link TBD

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science


Slides: https://www.slideshare.net/DanielBohannon2/invokedosfuscation

Conferences:

  1. Black Hat Asia (2018-03-23 :: Singapore)
    [Received "Best of Briefings" award]
    https://www.youtube.com/watch?v=mej5L9PE1fs
  2. HITBSecConf (2018-04-12 :: Amsterdam, Netherlands) https://www.youtube.com/watch?v=Gu1AXglrW80
  3. NorthSec (2018-05-18 :: Montreal, Québec, Canada)
    Video Link TBD
  4. CONFidence (2018-06-04 :: Kraków, Poland)
    https://www.youtube.com/watch?v=_twSYQj9K0I
  5. Hack In Paris (2018-06-28 :: Paris, France)
    https://www.youtube.com/watch?v=3cwtCfa3Fuk

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)


DevSec Defense: How DevOps Practices Can Drive Detection Development For Defenders


Co-presented with Mandiant's Matthew Dunwoody (@matthewdunwoody).

Slides: TBD

Conferences:

  1. SANS DFIR Summit (2018-06-08 :: Austin, Texas USA)
    Video Link TBD

$SignaturesAreDead = "Long Live RESILIENT Signatures" wide ascii nocase