An Intro to PowerShell through Attack and Defense
PowerShell has established itself as the language of choice for anyone that works with Windows and this isn’t limited to just Systems Administrators. Cutting edge Windows attacks and techniques are being developed in PowerShell and are being seen in the wild. As Penetration Testers, it is our job to stay relevant and represent a realistic threat to an environment and that means knowing how to use PowerShell to attack a network.
This two day course is designed to take people with little to no scripting knowledge and help them learn how to effectively use PowerShell to write custom scripts. Through hands on exercises, you’ll learn not just how to use existing offensive tools but how to create your own scripts and modules to handle various stages of an engagement. We'll cover common PowerShell based attacks as well as how to detect and defend against PowerShell "misuse" in your environment.
If you'd like to bring PowerShell training to your company or organization, let's talk!.
No scripting or programming experience is required. This course is designed to be a "newbie" focused class and significant time is spent on fundamental scripting/progamming conventions. While the course is designed around Information Security, very little knowledge is assumed and anyone looking to learn PowerShell will benefit from attneding this course.
Students should have a basic understanding of Windows and be comfortable using Remote Desktop software on their Operating System of choice.
- Intro to PowerShell
- Integers, strings and other things
- Built in variables
- Defining/using variables
- Logic (if/else/then/while)
- Getting Help
- Error handling
- Writing basic scripts
- Living off the land
- Editing the Registry
- Scheduled Tasks
- PowerShell Remote Access techniques
- Modern PowerShell Attack techniques
- Local Frameworks
- Day 1 Recap
- Using .NET from within PowerShell
- Writing (moderately) complex scripts/modules
- Privilege Escalation
- Creating Backdoors
- Working with Volume Shadow Copies
- Remote Frameworks
- Powershell and Metasploit
- Protecting your Environment
- Hardening against Latteral Movement
- Configuring Event Logging
- Constrained Language Mode
- Just Enough Administration (JEA)
Students will be required to bring their own laptops for the class. Laptops should have an updated installation of Microsoft's Remote Desktop Client software. MacOS users should install the client from the app store, Linux users should install Remmina or another RDP client that supports NLA.
About the Instructor
Jared Haight (@jaredhaight) spent 10 years as a Systems Administrator where he used PowerShell to handle any task that he had to do more than once. Now as a Penetration Tester he uses his knowledge of PowerShell on engagements to help companies improve their security posture. He has spent the last four years teaching people how to use PowerShell and created the PS>Attack platform to help Penetration Testers easily add PowerShell to their toolkit.