Navigation
« Deploying EMET 4.0 in Small to Medium Environments using WSUS | Main | Stealing User Certificates with Meterpreter Mimikatz Extension »
Thursday
Jul182013

PowerShell for Security Professionals Class at Derbycon

On September 25 and 26 I will be teaching at Derbycon my class on Introduction to PowerShell for Security Professionals https://www.derbycon.com/training-courses/#intropower . To give a bit of background on it I have since 2007 been using PowerShell since version 1 for automating, managing, securing and breaking Exchange, Windows, VMware, NetApp and even Cisco for several customers in the Caribbean, Central and South America. I have to admit of all the command shells I have used PowerShell has to be my favorite, it is truly a very powerful shell. I have coded several thousands of lines of PowerShell, in modules both in PowerShell and C#, I have also written several blog posts on it, all of this leading me to the creation of these class. Microsoft is evolving its technologies at a more rapid pace and PowerShell has become a critical pillar of its Management Framework for Windows and Server products. In the class targeted at security professionals, to me these are:

  • System Admins that care about security.
  • Auditors and Incident Response teams that need to work with live and offline Windows Systems.
  • Pentesters that want to expand their skills with new ways to discover, enumerate, attack and do post exploitation using PowerShell.

The first day it will be a fast paced introduction to PowerShell and its philosophy, Covering:

  • What is PowerShell.
  • Using the Help Subsystem.
  • Working with the Pipeline.
  • Extending PowerShell via Module and Snappings.
  • Formatting
  • Remoteting
  • PowerShell notion of security
  • WMI and CIM
  • Powershell Scripting Syntax

The second day will cover:

  • Network Discovery.
  • Incident Response and Auditing.
  • Post Explotation

I will not sugar coat or give any fan boy perspective on it, I will cover both where it shines and where cmdlets do not meet the needs of a security professional and how to work around those. I will cover projects like PowerSploit, Metasploit, Social Engineering Toolkit and my own Posh-Secmod . Those that have signed up for the class I thank you and those interested here is your chance. The class will be fast passed and I will make it as fun as I can. In addition you will get material from my Introduction to Metasploit Class for free and will also get any future updates to the class also for free as it evolves and I add new stuff. I have to be honest we will only have 2 day and I will give you over 400 slides of unprotected slides in PDF format (So you can copy paste code from them) plus a lab guide, enough material for 5 days of class and we will go thru most of it in 2 days, the rest is just more detailed information that can be used as reference { Those that took my class last year you will be getting a link to download the updated material after Derbycon 2013 :) }. I have to give thanks to the reviewers of my awful english and the material:

Also I cannot forget:

Hope to see you guys in class these September.

Reader Comments (4)

Your course is already sold out! What are the chances of additional seats becoming available? Will any amount of begging and/or bribery get my team a couple of seats?
August 8, 2013 | Unregistered CommenterPhil
just open 6 extra spots for the class
August 8, 2013 | Registered CommenterCarlos Perez
Hi Carlos where can I get your memdump.rb script? I don't find that in this site...
I working on my own memdump solution (with win32dd.exe & win64dd.exe)
but, when I switch to Nt_Authority_system to my user uid then my batch don't work correctly...
If the current user has an admin rights then the script is works, but I can't switch to system user because this user can't run my batch anyhow... In win7 the scripts doesn't work with actual user account. If you send me an email then I send my script for you and maybe can you help me. Thanks.
August 25, 2013 | Unregistered Commenterbukovinai
Yeah power-shell seems to be a very useful asset to provide various applications in a prolific manner.I think that this is very necessary to have a good choice of options that can enable to have a perfect outlook towards various concerns.I think that it is very vital to have a significant coordination to comply with the total utilities for such concern.This kind of latest versions can easily allow the users to make it prolific.
December 9, 2013 | Unregistered Commentergeoffparker

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.