Hacking and Securing Microsoft Environments Using PowerShell

Module 1: Windows PowerShell – Architecture & Considerations

• Understand & demonstarte the concepts behind Windows PowerShell
• Understand how Powershell works exactly behind the scenes
• The connection between CMD, Powershell cmdlets, WMI, COM and .NET.
• Review core alternatives to get things done in PowerShell, and their Pros and Cons
• PowerShell Security events

Module 2: Running Scripts – Black and White hat approach

• Understand Execution policies and enabling/disabling script execution
• PKI concepts relevant to Code signing with PowerShell
• Sign & seal Powershell scripts
• How to deploy signed scripts in the enterprise – full life cycle
• How to bypass script execution -> black hat
• Mitigating attempts to bypass execution policies

Module 3: Secure Remoting

• Remoting – all the considerations – Performance and Architecture factors
• Controlling who can do what – custom security with session configurations
• Just Enough Administration (JEA) vs. PSSession configurations
• Remoting Kerberos Double hop – the options and the solutions
• Auditing PowerShell sessions – full logging of PowerShell consoles locally and remote

Module 4: Working with Win APIs

• How to run win APIs and system functions directly from PowerShell
• The use of Win APIs and system components in exploits through PowerShell

Module 5: Working with Base64-encoded strings

• How to use encoded strings to execute code
• Leveraging exploits using base64 encoded strings

Module 6: Active Directory Security    

• Understand Active Directory security concepts & architecture
• Hacking your AD environment
• Securing your AD environment with PowerShell commands

Module 7: Secure strings

• Understand how secure strings work in Powershell
• Exploiting secure-string and hashes
• Using Secure-String for Passwords, Connection strings etc

Module 8: Full attack cycle – from Remote Shell into Your Apps & data

• Demonstrating the cycle of hacking into an organization using PowerShell
  • Scanning
  • Penetration
  • Elevated privilege attempts
  • Accessing remote Shell
  • File download and execution
• How to inject PowerShell code into applications
• How to mitigate the different steps of the attack
• Demonstrate tools: Empire, Powersploit, Powerpreter, bloodhound, p0wnedShell etc.

• Previous Windows Server and Windows Client management knowledge and hands on experience.
• Experience Installing and Configuring Windows Server into existing enterprise environments, or as standalone installations.
• Knowledge and experience of Windows PowerShell.