Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em'

Slides: https://www.slideshare.net/DanielBohannon2/invokeobfuscation-derbycon-2016

Conferences:

  1. DerbyCon 6 (2016-09-25 :: Louisville, Kentucky USA)
    https://www.youtube.com/watch?v=P1lkflnWb0I

  2. SANS DFIR Summit (2016-10-09 :: Prague, Czech Republic)
    No public recording

  3. CODE BLUE (2016-10-20 :: Tokyo, Japan)
    https://www.youtube.com/watch?v=Z_fdf_BpzLU

  4. Hacktivity (2016-10-22 :: Budapest, Hungary)
    https://www.youtube.com/watch?v=uE8IAxM_BhE

  5. BruCON (2016-10-28 :: Gent, Belgium)
    https://www.youtube.com/watch?v=DLtJTxMWZ2o

  6. Microsoft BlueHat (2016-11-04 :: Redmond, Washington USA)
    No public recording

  7. Microsoft BlueHat IL (2017-01-24 :: Tel Aviv, Israel)
    https://www.youtube.com/watch?v=6J8pw_bM-i4

  8. nullcon (2017-03-03 :: Goa, India)
    https://www.youtube.com/watch?v=PMh0_59jD2U

PS I Love You: Detection, Evasion & the State of PowerShell Security

Co-presented with Mandiant's Matthew Dunwoody (@matthewdunwoody).

Slides: N/A

Conference:

  1. FireEye Cyber Defense Summit (2016-11-30 :: Washington DC, USA)
    No public recording

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join '')

Co-presented with Microsoft's Lee Holmes (@Lee_Holmes).

Slides: https://www.slideshare.net/DanielBohannon2/revokeobfuscation

Conferences:

  1. Black Hat USA (2017-07-27 :: Las Vegas, Nevada USA)
    https://www.youtube.com/watch?v=x97ejtv56xw

  2. DEF CON 25 (2017-07-30 :: Las Vegas, USA)
    https://www.youtube.com/watch?v=k5ToL0J7uL0

  3. SEC-T 0x0A (2017-09-15 :: Stockholm, Sweden)
    https://www.youtube.com/watch?v=cPml1XQ4Bdk

  4. DerbyCon 7 (2017-09-23 :: Louisville, Kentucky USA)
    https://www.youtube.com/watch?v=7XnkDsOZM3Y

  5. BSides DC (2017-10-08 :: Washington DC, USA)
    https://www.youtube.com/watch?v=yusq49wEijI

  6. PSConfEU (2018-04-18 :: Hanover, Germany)
    Video Link TBD

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

Slides: https://www.slideshare.net/DanielBohannon2/invokedosfuscation

Conferences:

  1. Black Hat Asia (2018-03-23 :: Singapore)
    [Received "Best of Briefings" award]
    https://www.youtube.com/watch?v=mej5L9PE1fs

  2. HITBSecConf (2018-04-12 :: Amsterdam, Netherlands) https://www.youtube.com/watch?v=Gu1AXglrW80

  3. NorthSec (2018-05-18 :: Montreal, Québec, Canada)
    https://www.youtube.com/watch?v=StmzEvO3H-Q

  4. CONFidence (2018-06-04 :: Kraków, Poland)
    https://www.youtube.com/watch?v=_twSYQj9K0I

  5. Hack In Paris (2018-06-28 :: Paris, France)
    https://www.youtube.com/watch?v=3cwtCfa3Fuk

  6. DerbyCon 8 (2018-10-07 :: Louisville, Kentucky USA)
    https://www.youtube.com/watch?v=Moo2Skig8iU

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)

DevSec Defense: How DevOps Practices Can Drive Detection Development For Defenders

$SignaturesAreDead = "Long Live RESILIENT Signatures" wide ascii nocase

Slides: N/A

Venues:

  1. UGAHacks Hackathon [University of Georgia] (2019-02-09 :: Athens, Georgia USA)

  2. GreyHat Cyber Security Club [Georgia Institute of Technology] (2019-03-14 :: Atlanta, Georgia USA)

  3. CU Cyber Security Club [Clemson University] (2019-10-10 :: Clemson, South Carolina USA)

  4. University of Tirana (Faculty of Economics) (2020-01-20 :: Tirana, Albania)

  5. Cyber Academy (2020-01-23 :: Prishtina, Kosovo)

  6. University of Prishtina (2020-01-24 :: Prishtina, Kosovo)

  7. Prishtina Hackerspace (2020-01-25 :: Prishtina, Kosovo)

Obfuscation, Evasion & Detection

Slides: N/A

Venues:

  1. Open Labs Hackerspace (2019-03-02 :: Tirana, Albania)

  2. Prishtina Hackerspace (2019-03-06 :: Prishtina, Kosovo)

Getting Into InfoSec via Open Source

Slides: N/A

Venues (University Guest Lectures):

  1. Albanian University (2019-04-23 :: Tirana, Albania)

  2. University of Tirana (Faculty of Economics) (2019-04-23 :: Tirana, Albania)

  3. University for Business & Technology - UBT [Ferizaj campus] (2019-04-25 :: Ferizaj, Kosovo)

  4. University for Business & Technology - UBT [Prishtina campus] (2019-04-25 :: Prishtina, Kosovo)

  5. Universiteti Metropolitan Tirana - UMT (2020-01-20 :: Tirana, Albania)

  6. Polis University (2020-01-20 :: Tirana, Albania)

  7. Albanian University (2020-01-21 :: Tirana, Albania)

  8. University of Tirana (Faculty of Natural Sciences) (2020-01-21 :: Tirana, Albania)

  9. Canadian Institute of Technology (2020-01-21 :: Tirana, Albania)

  10. University for Business & Technology - UBT [Ferizaj campus] (2020-01-22 :: Ferizaj, Kosovo)

  11. University for Business & Technology - UBT [Prizren campus] (2020-01-23 :: Prizren, Kosovo)

  12. AAB University (2020-01-24 :: Prishtina, Kosovo)

Getting Into InfoSec - Real World Overview + Q&A

Malicious Payloads vs Deep Visibility: A PowerShell Story

PesterSec: Using Pester & ScriptAnalyzer for Detecting Obfuscated PowerShell

Slides: N/A

Venues:

  1. University of Prizren (2022-04-22 :: Prizren, Kosovo)

  2. University of Prishtina (2022-04-25 :: Prishtina, Kosovo)

  3. Cyber Academy (2022-04-25 :: Prishtina, Kosovo)

Real-World Cyber Security - Offense & Defense