PowerShell for Security Professionals Class at Derbycon
On September 25 and 26 I will be teaching at Derbycon my class on Introduction to PowerShell for Security Professionals https://www.derbycon.com/training-courses/#intropower . To give a bit of background on it I have since 2007 been using PowerShell since version 1 for automating, managing, securing and breaking Exchange, Windows, VMware, NetApp and even Cisco for several customers in the Caribbean, Central and South America. I have to admit of all the command shells I have used PowerShell has to be my favorite, it is truly a very powerful shell. I have coded several thousands of lines of PowerShell, in modules both in PowerShell and C#, I have also written several blog posts on it, all of this leading me to the creation of these class. Microsoft is evolving its technologies at a more rapid pace and PowerShell has become a critical pillar of its Management Framework for Windows and Server products. In the class targeted at security professionals, to me these are:
- System Admins that care about security.
- Auditors and Incident Response teams that need to work with live and offline Windows Systems.
- Pentesters that want to expand their skills with new ways to discover, enumerate, attack and do post exploitation using PowerShell.
The first day it will be a fast paced introduction to PowerShell and its philosophy, Covering:
- What is PowerShell.
- Using the Help Subsystem.
- Working with the Pipeline.
- Extending PowerShell via Module and Snappings.
- Formatting
- Remoteting
- PowerShell notion of security
- WMI and CIM
- Powershell Scripting Syntax
The second day will cover:
- Network Discovery.
- Incident Response and Auditing.
- Post Explotation
I will not sugar coat or give any fan boy perspective on it, I will cover both where it shines and where cmdlets do not meet the needs of a security professional and how to work around those. I will cover projects like PowerSploit, Metasploit, Social Engineering Toolkit and my own Posh-Secmod . Those that have signed up for the class I thank you and those interested here is your chance. The class will be fast passed and I will make it as fun as I can. In addition you will get material from my Introduction to Metasploit Class for free and will also get any future updates to the class also for free as it evolves and I add new stuff. I have to be honest we will only have 2 day and I will give you over 400 slides of unprotected slides in PDF format (So you can copy paste code from them) plus a lab guide, enough material for 5 days of class and we will go thru most of it in 2 days, the rest is just more detailed information that can be used as reference { Those that took my class last year you will be getting a link to download the updated material after Derbycon 2013 :) }. I have to give thanks to the reviewers of my awful english and the material:
- Matt Grabber (author of PowerSploit) @mattifestation https://twitter.com/mattifestation
- Chris Campbell (Contributor to PowerSploit) @obscuresec https://twitter.com/obscuresec
- Lee Holmes (from the PowerShell Team at Microsoft) @LeeHolmes https://twitter.com/LeeHolmes
Also I cannot forget:
- Jeffry Snover (for coming up with PowerShell) https://twitter.com/jsnover
- Bruce Payette (My first book on PowerShell) https://twitter.com/BrucePayette
- Don Jones (Great Books and CBTs on PowerShell) https://twitter.com/concentrateddon
Hope to see you guys in class these September.
Reader Comments (4)
I working on my own memdump solution (with win32dd.exe & win64dd.exe)
but, when I switch to Nt_Authority_system to my user uid then my batch don't work correctly...
If the current user has an admin rights then the script is works, but I can't switch to system user because this user can't run my batch anyhow... In win7 the scripts doesn't work with actual user account. If you send me an email then I send my script for you and maybe can you help me. Thanks.