Shell is only the Beginning

On September 25 and 26 I will be teaching at Derbycon my class on Introduction to PowerShell for Security Professionals https://www.derbycon.com/training-courses/#intropower . To give a bit of background on it I have since 2007 been using PowerShell since version 1 for automating, managing, securing and breaking Exchange, Windows, VMware, NetApp and even Cisco for several customers in the Caribbean, Central and South America. I have to admit of all the command shells I have used PowerShell has to be my favorite, it is truly a very powerful shell. I have coded several thousands of lines of PowerShell, in modules both in PowerShell and C#, I have also written several blog posts on it, all of this leading me to the creation of these class. Microsoft is evolving its technologies at a more rapid pace and PowerShell has become a critical pillar of its Management Framework for Windows and Server products. In the class targeted at security professionals, to me these are:

• System Admins that care about security.
• Auditors and Incident Response teams that need to work with live and offline Windows Systems.
• Pentesters that want to expand their skills with new ways to discover, enumerate, attack and do post exploitation using PowerShell.

The first day it will be a fast paced introduction to PowerShell and its philosophy, Covering:

• What is PowerShell.
• Using the Help Subsystem.
• Working with the Pipeline.
• Extending PowerShell via Module and Snappings.
• Formatting
• Remoteting
• PowerShell notion of security
• WMI and CIM
• Powershell Scripting Syntax

The second day will cover:

• Network Discovery.
• Incident Response and Auditing.
• Post Explotation

I will not sugar coat or give any fan boy perspective on it, I will cover both where it shines and where cmdlets do not meet the needs of a security professional and how to work around those. I will cover projects like PowerSploit, Metasploit, Social Engineering Toolkit and my own Posh-Secmod . Those that have signed up for the class I thank you and those interested here is your chance. The class will be fast passed and I will make it as fun as I can. In addition you will get material from my Introduction to Metasploit Class for free and will also get any future updates to the class also for free as it evolves and I add new stuff. I have to be honest we will only have 2 day and I will give you over 400 slides of unprotected slides in PDF format (So you can copy paste code from them) plus a lab guide, enough material for 5 days of class and we will go thru most of it in 2 days, the rest is just more detailed information that can be used as reference { Those that took my class last year you will be getting a link to download the updated material after Derbycon 2013 :) }. I have to give thanks to the reviewers of my awful english and the material:

• Matt Grabber (author of PowerSploit) @mattifestation https://twitter.com/mattifestation
• Chris Campbell (Contributor to PowerSploit) @obscuresec https://twitter.com/obscuresec
• Lee Holmes (from the PowerShell Team at Microsoft) @LeeHolmes https://twitter.com/LeeHolmes

Also I cannot forget:

• Jeffry Snover (for coming up with PowerShell) https://twitter.com/jsnover
• Bruce Payette (My first book on PowerShell) https://twitter.com/BrucePayette
• Don Jones (Great Books and CBTs on PowerShell) https://twitter.com/concentrateddon

Hope to see you guys in class these September.