PowerShell - Keeping the SOCs on their Toes - Taking the Best of PowerShell Blue & Red for Your Enterprise

Online Training date: October 25-26, 2021.

Abstract

PowerShell is a Windows administration tool and an open-source cross-platform scripting environment included out of the box in Windows operating system. Very powerful and easy to learn, it can interact with almost anything from a raspberry-pi to a data center, and its remoting capabilities make it ideal to manage windows environments at scale. With great powers come great dangers, and since its early day’s attackers have known how to use PowerShell to their advantage… But time has passed, and it is nowadays one of the most securable scripting languages there is. In this 2-day workshop, we will review the basics of PowerShell scripting and tool building, to then explore it’s various offensive and defensive capabilities with a hands-on approach to facilitate and strengthen the theoretical knowledge. Lab access will be provided for practice and exercises associated with each module.

Description

Day 1 Introduction PowerShell Basics

  • Get-Help
  • PowerShell Survival Kit
  • PowerShell Scripting 101

PowerShell for Active Directory

  • Active Directory Module
  • PowerShell & ADSI
  • PowerShell & LDAP

PowerShell Remoting

  • Invoke-Command & PSSessions
  • PowerShell & WMI

PowerShell Tool Making

  • Scripts vs Functions
  • Basic/Advanced/Compiled Cmdlets

PowerShell without PowerShell

  • the “System.Management.Automation” dll

Day 2 Offensive PowerShell

  • Download Craddles & obfuscation
  • Reflection
  • Win32Api calls
  • AMSI Bypass
  • Overview Red Team Tools

Defensive PowerShell

  • Built-in Security features
  • Working with Logs
  • JEA
  • Hunting Empire
  • Overview Blue Team Tools

Detection of PowerShell Activities

About the Speaker