PowerShell Security - Red vs. Blue Team
Tracks:After Event Workshops
Seminar Categories:After Event Cyber
After Event Workshops
BI & ML
With great Power(shell) comes great responsibility.
Did you know that as a Blue Teamer with GOOD understanding of PowerShell it can be a very bad tool of choice for an attacker,
yet without proper knowledge & experience you are easily bypassed, in memory without touching the disk, “living off the land”?
The bad guys are already using PowerShell extensively. are you prepared?
Coming from 10+ years with Powershell and consulting PS Security at 4 continents, you will get a world-class hands on experience on the subject.
What we will learn & focus on:
- Intro: Understanding the attacker mindset & attack anatomy
- Why Malware wins, along with TTPs – techniques, tools & practices.
- network scanning and reconnaissance, along with various Lateral movement options
- Active Directory & Kerberos Attacks
- Living off the land – concepts & tools
- PowerShell as post-exploitation tool – Red vs. Blue team
Who Should Attend
IT, DEvOps, Security
- Understanding & working with tcp/ip protocols (dns, http, arp, icmp, rpc, SMB etc)
- Experience Installing and Configuring Windows Clients & Windows Servers into existing enterprise environments, or as standalone installations.
- Previous knowledge of Programming and/or Scripting cmd line
- The h@כk3r mindset, Cyber Kill Chain – Red vs. Blue
- InfoSec Myths vs. Reality – passwords, processes, Command & Control
- PowerShell & the Windows API barrow – backward compatibility
- Living off the land concept continued: PowerShell code execution as an example, system.management.automation
- PowerShell logging & auditing techniques – best practices & BYPASS how to cover tracks – e.g. PowerShell with CMS
- DPAPI & secureStrings
- Obfuscations – string manipulations, Base64 and more.
- Winrm: CIM & PSRemotinhg – Architecture & how-to
- Role-Based Access Control with “Just Enough Administration” – Secure constrained delegated EndPoint with PSSessions
- Hacking AD “living off the land” with built-in APIs & protocols
- Reconnaissance, mapping assets, hunting admins
- Domain priv escalations: getting hashes, relay/redirect, offline cracking
- Exploring different frameworks & tools (e.g. SharpUp, PowerSpolit, PowerUp, PowerView etc)