PowerShell for InfoSec: What You Need to Know with Carrie Roberts

PowerShell is an excellent cross-platform shell for executing commands and scripts on both local and remote machines. It is installed on Windows by default and is widely used by both network defenders and attackers. This course will cover key PowerShell concepts that both blue and red teamers should understand including logging, credential management, remote administration, security bypass techniques and popular PowerShell attack tools.

• PowerShell Usage Fundamentals
  • Profiles
  • Environment Variables
  • Aliases
  • PowerShell Gallery
  • History Files
  • Encoded commands
  • Help System
  • Objects and Piping
• Modules and Module Load Hijacking
• Logging: Script Block, Module and Transcription
• PS Remoting
• Secure Administration Options:
  • Just Enough Admin (JEA)
  • Desired State Configuration (DSC)
  • Constrained Language Mode
• Antimalware Scan Interface (AMSI) Bypass
• Execution Policy Bypass
• Credential Management
• PowerShell without PowerShell
• Download Cradles
• PowerShell Core
• Popular PS Attack Tools
• Obfuscation

Who Should Take This Course

• Anyone interested in learning more about PowerShell and its use as both an offensive and defensive tool

Audience Skill Level

• All

• A computer with VMware Player/Workstation/Fusion installed
  • Note: Administrative Access required for install
  • You can use other virtualization platforms if you prefer but specific instructions won’t be provided
• At least 8GB RAM and 50 GB free disk space
• Lab VMs Installed as described here
• Solid internet access