PowerShell has established itself as the language of choice for anyone that works with Windows and this isn’t limited to just Systems Administrators. Cutting edge Windows attacks and techniques are being developed in PowerShell and are being seen in the wild. As Penetration Testers, it is our job to stay relevant and represent a realistic threat to an environment and now that means knowing how to use PowerShell to attack a network.
This two day course is designed to take people with little to no scripting knowledge and help them learn how to effectively use PowerShell to test a network's security. You’ll learn not just how to use existing offensive tools, but how to create your own scripts and modules to handle various stages of an engagement. We’ll cover common Windows attacks in depth, including how token impersonation works and how relay attacks work. To wrap the course up, you’ll learn about how you can detect PowerShell attacks so that you can defend against them in your own network.
No scripting or programming experience is required. Students should have a basic understanding of Windows and be familiar with running Virtual Machines.
Intro to PowerShell
Integers, strings and other things
Built in variables
Writing basic scripts
Living off the land
Editing the Registry
Interacting with Active Directory
PowerShell Remote Access techniques
Modern PowerShell Attack techniques
High Value Users
Day 1 Recap
Using .NET from within PowerShell
Writing (moderately) complex scripts/modules
Working with Windows Firewall
What is Kerberos
Kerberos attacks (Golden/Silver tickets, etc)
Working with Volume Shadow Copies
Powershell and Metasploit
“To catch a PowerShell hacker”
What events are logged
Protecting your environment
Students will be required to bring their own laptops for the class. Laptops should have at least 8GB of RAM (16GB preferred) as students will be using a variety of Virtual Machines throughout the course. Laptops should have virtualization software capable of handling OVA files (such as Virtualbox or VMWare Player).
About the Instructor
Jared Haight (@jaredhaight) spent 10 years as a Systems Administrator where (once it came out) he used PowerShell to handle any task that he had to do more than once. Now as a Penetration Tester for Gotham Digital Science, he uses his knowledge of PowerShell on engagements to help companies improve their security posture. He has spent the last four years teaching people how to use PowerShell and created the PS>Attack platform to help Penetration Testers easily add PowerShell to their toolkit.