johnbryce logo johnbryce logo johnbryce logo

PowerShell Security – Red vs. Blue Team

PowerShell Security - Red vs. Blue Team

Main Speaker:


Yossi Sassi

Guest Speaker:

Tracks:

IT&Security

Seminar Categories:

IT&Security

Course ID:

50150

Date:

28.04.2021

Time:

Daily seminar
9:00-16:30

Overview

With great Power(shell) comes great responsibility. PowerShell is by far the no.1 Living off the land vehicle in Windows environments, both for good intent (Blue Team/SOC/SECOPS etc) and of course not-so-good (Adversaries/Red Teams). We’ll dive deep into PowerShell as a hack/protect platform – in this endless cat & mouse chase.

Who Should Attend

IT, DevOps, Security

Prerequisites

  • Understanding & working with tcp/ip protocols (dns, http, arp, icmp, rpc, SMB etc)
  • Experience Installing and Configuring Windows Clients & Windows Servers into existing enterprise environments, or as standalone installations.
  • Previous knowledge of Programming and/or Scripting cmd line

Course Contents

  • The h@כk3r mindset, Cyber Kill Chain – Red vs. Blue
  • InfoSec Myths vs. Reality – passwords, processes, Command & Control
  • PowerShell & the Windows API barrow – backward compatibility
  • Living off the land concept continued: PowerShell code execution as an example, system. management.automation
  • PowerShell logging & auditing techniques – best practices & BYPASS how to cover tracks – e.g. PowerShell with CMS
  • DPAPI & secureStrings
  • Obfuscations – string manipulations, Base64 and more.
  • Winrm: CIM & PSRemotinhg – Architecture & how-to
  • Role-Based Access Control with “Just Enough Administration” – Secure constrained delegated EndPoint with PSSessions
  • Hacking AD “living off the land” with built-in APIs & protocols
  • Reconnaissance, mapping assets, hunting admins
  • Domain priv escalations: getting hashes, relay/redirect, offline cracking
  • Exploring different frameworks & tools (e.g. SharpUp, PowerSpolit, PowerUp, PowerView etc)


למידע נוסף, מלאו את הפרטים ונחזור אליכם בהקדם





By entering your email address, you agree that John Bryce training will use it for marketing purposes, emails and newsletter, as well as promotional offers and announcements, according to John Bryce training & Matrix group privacy policy. Your data will be saved in our computerized database, number 700019285. You can unsubscribe at any time by mailing infomail@johnbryce.co.il or by calling 03-7100777.

Contact
close slider

Microsoft TechDays כנס







By entering your email address, you agree that John Bryce training will use it for marketing purposes, emails and newsletter, as well as promotional offers and announcements, according to John Bryce training & Matrix group privacy policy. Your data will be saved in our computerized database, number 700019285. You can unsubscribe at any time by mailing
infomail@johnbryce.co.il or by calling 03-7100777.
Skip to content
Girl in a jacket