קורסים מקצועיים למתקדמים

סייבר ואבטחת מידע

Hacking and Securing Microsoft Environments Using PowerShell

מספר הקורס 4118

למה ללמוד בג'ון ברייס?
  • למידה חדשנית ודינמית עם כלים מתקדמים בשילוב סימולציות, תרגול וסביבות מעבדה
  • מגוון הכשרות טכנולוגיות עם תכנים המותאמים להתפתחות הטכנולוגית ולביקוש בתעשיית ההייטק
  • מובילים את תחום ההכשרות לעולם ההייטק והטכנולוגיה כבר 30 שנה, עם קהילה של עשרות אלפי בוגרים
  • אתם בוחרים איך ללמוד: פרונטאלית בכיתה, מרחוק ב- Live Class או בלמידה עצמית

המועדים הקרובים

קורס לקבוצות

הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים: Muzman@johnbryce.co.il

משך הקורס

שעות לימוד:

24

מספר מפגשים:

קורס בוקר:

3

מתכונת הקורס

הקורסים המוזמנים לארגונים מותאמים באופן אישי ומלא לצרכי הארגון, מערכי הלימוד גמישים וניתן לשלב בהם תכנים רלוונטיים וייעודיים.

Overview

In this 3 days training you will learn how Windows PowerShell can be used both to hack common Windows componenets (including passwords, Windows applications, Active Directory etc.), as well as to secure and protect your environment. You will take PowerShell to the next level, with tips, best practices & using some advanced & hardly documented techniques to get the most of your IT environment.

On Completion, Delegates will be able to

Understand advanced concepts behind Windows PowerShell & how it works

Understand and be able to Pen test your core windows enviroment

Use PowerShell & .NET in the best way to secure your organization

Leverage tips & best practices for deploying PowerShell properly and Securely across your organization

Who Should Attend

IT Professionals and Security professionals who are somewhat experienced with Windows PowerShell, or completed the PowerShell courses (10961 / 50414 etc.), or have equivalent scripting skills (Python, Bash etc.)

This course is not intended to be a scripting or programming course, and includes only a quick coverage of core PowerShell topics. It focuses on using PowerShell for hacking and securing. Students are expected to have some scripting or programming experience, and are expected to have some prior Windows PowerShell experience.

תכנית הלימודים

Full syllabus
PDF להורדה

Module 1: Windows PowerShell – Architecture & Considerations

  • Understand & demonstarte the concepts behind Windows PowerShell
  • Understand how Powershell works exactly behind the scenes
  • The connection between CMD, Powershell cmdlets, WMI, COM and .NET.
  • Review core alternatives to get things done in PowerShell, and their Pros and Cons
  • PowerShell Security events

Module 2: Running Scripts – Black and White hat approach

  • Understand Execution policies and enabling/disabling script execution
  • PKI concepts relevant to Code signing with PowerShell
  • Sign & seal Powershell scripts
  • How to deploy signed scripts in the enterprise – full life cycle
  • How to bypass script execution -> black hat
  • Mitigating attempts to bypass execution policies

Module 3: Secure Remoting

  • Remoting – all the considerations – Performance and Architecture factors
  • Controlling who can do what – custom security with session configurations
  • Just Enough Administration (JEA) vs. PSSession configurations
  • Remoting Kerberos Double hop – the options and the solutions
  • Auditing PowerShell sessions – full logging of PowerShell consoles locally and remote

Module 4: Working with Win APIs

  • How to run win APIs and system functions directly from PowerShell
  • The use of Win APIs and system components in exploits through PowerShell

Module 5: Working with Base64-encoded strings

  • How to use encoded strings to execute code
  • Leveraging exploits using base64 encoded strings

Module 6: Active Directory Security    

  • Understand Active Directory security concepts & architecture
  • Hacking your AD environment
  • Securing your AD environment with PowerShell commands

Module 7: Secure strings

  • Understand how secure strings work in Powershell
  • Exploiting secure-string and hashes
  • Using Secure-String for Passwords, Connection strings etc

Module 8: Full attack cycle – from Remote Shell into Your Apps & data

  • Demonstrating the cycle of hacking into an organization using PowerShell
    • Scanning
    • Penetration
    • Elevated privilege attempts
    • Accessing remote Shell
    • File download and execution
  • How to inject PowerShell code into applications
  • How to mitigate the different steps of the attack
  • Demonstrate tools: Empire, Powersploit, Powerpreter, bloodhound, p0wnedShell etc.
Prerequisites
  • Previous Windows Server and Windows Client management knowledge and hands on experience.
  • Experience Installing and Configuring Windows Server into existing enterprise environments, or as standalone installations.
  • Knowledge and experience of Windows PowerShell.