Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018 

My personal experience with Base64 came in the form of a Rootkit - that slithered through on of those Window 10 open windows (port 445). Since Dec 2021 I have submerged in cybersecurity out of rage and unquenchable craze revenge. Even I am amazed how much I learned in 30 minutes!!! I would work with your team an entire year for FREE just to be room with super talent like this beautiful young lady! JOB WEL DONE - Much love from New Orleans

Excellent!!!!

Clever cookie! I was waiting to see Wonder Woman but she was probably base encoded in the invisible plane so I missed it! Are the tools limited to base 64 encoding?

Excellent

How do we add powershell log to the eventlog

the demonstration has been done on windows server 2008 r2. On windows server 2012 and above the event logs generated are readable in plain english. Also if the service doesn't starts how will it connect back to the meterpreter?

What to do about runtime detection. I have several backdoors wich can be scanned without going detected. As soon i execute them, i get an alert indicating a malicious file in my temp folder. ( I assume its detected from memory). Any tips to combat this?

I just need to know, do you like python?

Can we use cyberchef 🕵️

you are using windows and looking at a piece of code compressed with powershell so you go and try as hard as you can to decode it with.... python??

mistress at 2:20

Shes so hot.

Damn, you are gonna make me hate python if you say it one more time.

How old is this woman??42?Doesn't look it tho.