MMS 2023 at MOA: Full Schedule

Stargazing sessions will be posted soon. Some escape rooms are still open and free to you.

10:00am CDT

AMSI & CLM: Acronyms That Stop PowerShell Attacks

Limited Capacity seats available

Description:
PowerShell is a popular target among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM). We'll lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains: • Understanding AMSI • Reverse engineering AMSI • AMSI bypass methods • Understanding CLM • Dive into PowerShell runspaces • CLM bypass methods

What you will learn:

Powershell Security
Deep Dive to AMSI & CLM
Bypass AMSI & CLM

Speakers

Rod Trent

Senior Program Manager, Microsoft

Rod Trent is a Senior Program Manager for Microsoft focused on security and AI. He is a husband, dad, and first-time grandfather. He spends his spare time (if such a thing does truly exist) simultaneously watching Six Million Dollar Man TV show episodes and writing KQL queries.

Sergey Chubarov

Ethical Hacker

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.His day-to-day job is to help companies securely embrace cloud technologies.He has certifications and recognitions such as Microsoft MVP: Microsoft Azure, Offensive Security... Read More →

AMSI CLM pdf

Wednesday May 3, 2023 10:00am - 11:45am CDT
Harriet

Security & Compliance, Hacking/Security

Skill Level Deep Dive

MMS 2023 at MOA

10:00am CDT

Rod Trent

Sergey Chubarov

Recently Active Attendees