PowerShell Security - Red vs. Blue Team
With great Power(shell) comes great responsibility. PowerShell is by far the no.1 Living off the land vehicle in Windows environments, both for good intent (Blue Team/SOC/SECOPS etc) and of course not-so-good (Adversaries/Red Teams). We’ll dive deep into PowerShell as a hack/protect platform – in this endless cat & mouse chase.
Who Should Attend
IT, DevOps, Security
- Understanding & working with tcp/ip protocols (dns, http, arp, icmp, rpc, SMB etc)
- Experience Installing and Configuring Windows Clients & Windows Servers into existing enterprise environments, or as standalone installations.
- Previous knowledge of Programming and/or Scripting cmd line
- The h@כk3r mindset, Cyber Kill Chain – Red vs. Blue
- InfoSec Myths vs. Reality – passwords, processes, Command & Control
- PowerShell & the Windows API barrow – backward compatibility
- Living off the land concept continued: PowerShell code execution as an example, system. management.automation
- PowerShell logging & auditing techniques – best practices & BYPASS how to cover tracks – e.g. PowerShell with CMS
- DPAPI & secureStrings
- Obfuscations – string manipulations, Base64 and more.
- Winrm: CIM & PSRemotinhg – Architecture & how-to
- Role-Based Access Control with “Just Enough Administration” – Secure constrained delegated EndPoint with PSSessions
- Hacking AD “living off the land” with built-in APIs & protocols
- Reconnaissance, mapping assets, hunting admins
- Domain priv escalations: getting hashes, relay/redirect, offline cracking
- Exploring different frameworks & tools (e.g. SharpUp, PowerSpolit, PowerUp, PowerView etc)