Ep. 21, Using PowerShell for incident response with Fernando Tomlinson
Aired July 18, 2022 | 84 min
In this episode, we gain insights from someone well-versed in incident response. Fernando shares his experiences and strategies for using PowerShell during security incidents. We discuss the evolution of the perception of PowerShell security and how security organizations now openly embrace it. Fernando also delves into managing obfuscation and some of the most vexing techniques he's encountered.
Meet our guest
Fernando Tomlinson
Fernando Tomlinson, a principal incident response consultant at Mandiant, actively participates in the PowerShell community by speaking at conferences and developing interactive PowerShell training platforms, including Under the Wire and PoSh-Hunter. With a 20-year career in the U.S. Army, he's also a Purple Heart recipient. Fernando imparts his knowledge as a cybersecurity adjunct professor and as an author.
Meet the hosts
Andrew Pla
Andrew Pla, a seasoned IT professional with over 10 years of experience, has spent the last 5 years mastering PowerShell. An ardent member of the PowerShell community and a Microsoft MVP, he loves sharing his knowledge and leveraging automation to solve complex problems. You can always find him connecting with others on the PDQ Discord and troubleshooting, with the firm belief that a problem shared is a problem halved.
Jordan Hammond
Jordan Hammond spent years as an exchange server administrator. One day, it dawned on him that he could automate many of those mundane tasks using PowerShell. And just like that, his journey into PowerShell began. Jordan has spent the past several years working at PDQ perfecting his automation and PowerShell skills.
