Target. Hunt. Disrupt.

Threat Hunting for Misbehaving PowerShells


Join our upcoming webinar to learn how to hunt for Misbehaving PowerShells.

PowerShell is fast becoming the defacto tool for adversaries in nearly every phase of an attack. The ability to live off the land as an attacker helps to reduce the chance of being detected.  Because of the commonality and legitimate use of PowerShell, the proficiency to identify unwanted actions becomes increasingly challenging.


Meet Your Presenters 

Matt LP.jpgMatthew Hosburgh, Cyber Threat Hunter, Radian 

Matt currently works as a Cyber Threat Hunter for a Philadelphia based company. With over 14 years of experience working in various security disciplines, Matt began his InfoSec career while serving in the U.S. military. During these foundational years, he supported systems and networks for the Intelligence Community.

After the Marine Corps, he transitioned from his military role to work as a Senior Security Analyst for United States Citizenship and Immigration Services (USCIS). During his time at USCIS, he was an integral part of the Security and Network Operation Center (SNOC) and the Computer Security Incident Response Team (CSIRT). Following that responsibility, Matt was the Senior Security Engineer for a mid-stream oil and gas company where he supported the company in securing both IT and Operational Technology (OT) systems.


Paul Bartruff, Information Security Engineer, SqrrlPaul LP.png

Paul currently works at Sqrrl advising enterprises who are adopting advanced cyber security technologies. Previously, Paul has worked as an incident responder, forensic analyst and reverse engineer providing technical insight into targeted and non-targeted attacks at Lockheed Martin, SAIC, and FireEye.

In this session you’ll learn:

  • How to quickly formulate a hypothesis to hunt for misbehaving PowerShells
  • Techniques to hunt for network indicators of misbehaving PowerShells
  • Pivoting from the network indicators to identify offending processes on the host

You can download the slides for this training here.


Share a few contact details to watch the webcast now: