Certified PowerShell Hacker (Self-Paced or Instructor-Led Live) - C)PSH Course Outline

(4 Days)


* This class is also available as a self-study package with 12 months of class access and an exam


This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management, which only makes sense. Did you know that a large percentage of hacks over the last year included PowerShell based attacks? Well they did, which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux! The course is based on real world implementations of a windows infrastructure along with real world penetration testing techniques. You will leave with a real strong skill set to help test your windows environment like never before. An attendee will also walk away with a strong skill set on how to help prevent these attacks from happening in the first place!


Here are just a few things you will take away from this course:



    • Detailed Lab Manual


    • VMs for performing labs on your own


    • New ideas on testing your own AD infrastructure


    • Attacks you can use immediately


    • How to secure against PowerShell attacks


Audience Profile


    • Penetration Testers


    • Microsoft Administrators


    • Security Administrators


    • Active Directory Administrators


    • Anyone looking to learn more about security



General Understanding of Pen Testing


General Understanding of Active Directory


General Understanding of scripting and programming

At Course Completion

Upon completion, the Certified PowerShell Hacker candidate will be able to competently take the CPSH exam

Course Outline

Module 1 – Introduction to PowerShell


Different Tool Options


Installing everything needed


Language Basics


Using the Windows API and WMI


Interacting with the Registry


Managing Objects and COM Objects


Module 2 – Introduction to Active Directory and Kerberos


Overview of Kerberos


The three-headed monster


Key Distribution Center


Kerberos in Detail


Why we care about Kerberos as a Hacker


Overview of Active Directory


Understanding AD concepts


AD Objects and Attributes


Module 3 – Pen Testing Methodology Revisited


Introduction to the methodology


The Plan!!


Vulnerability Identification


Client-side attacks with and without PowerShell


Module 4 – Information Gathering and Enumeration


What can a domain user see?


Domain Enumeration


Trust and Privileges Mapping


After the client exploit


Module 5 – Privilege Escalation


Local Privilege Escalation


Credential Replay Attacks


Domain Privilege Escalation


Dumping System and Domain Secrets


PowerShell with Human Interface Devices


Module 6 – Lateral Movements and Abusing Trust


Kerberos attacks (Golden, Silver Tickets and more)


Delegation Issues


Attacks across Domain Trusts


Abusing Forest Trusts


Abusing SQL Server Trusts


Pivoting to other machines


Module 7 – Persistence and Bypassing Defenses


Abusing Active Directory ACLs


Maintaining Persistence


Bypassing Defenses


Attacking Azure Active Directory


Module 8 – Defending Against PowerShell Attacks


Defending an Active Directory Infrastructure


Detecting Attacks






Using Certificates


Using Bastion Hosts


Using AppLocker