Certified PowerShell Hacker (Self-Paced or Instructor-Led Live) - C)PSH Course Outline

(4 Days)

Overview

* This class is also available as a self-study package with 12 months of class access and an exam

 

This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management, which only makes sense. Did you know that a large percentage of hacks over the last year included PowerShell based attacks? Well they did, which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux! The course is based on real world implementations of a windows infrastructure along with real world penetration testing techniques. You will leave with a real strong skill set to help test your windows environment like never before. An attendee will also walk away with a strong skill set on how to help prevent these attacks from happening in the first place!

 

Here are just a few things you will take away from this course:

 

 

    • Detailed Lab Manual

 

    • VMs for performing labs on your own

 

    • New ideas on testing your own AD infrastructure

 

    • Attacks you can use immediately

 

    • How to secure against PowerShell attacks

 

Audience Profile

 

    • Penetration Testers

 

    • Microsoft Administrators

 

    • Security Administrators

 

    • Active Directory Administrators

 

    • Anyone looking to learn more about security

 

Prerequisites

General Understanding of Pen Testing

 

General Understanding of Active Directory

 

General Understanding of scripting and programming

At Course Completion

Upon completion, the Certified PowerShell Hacker candidate will be able to competently take the CPSH exam

Course Outline

Module 1 – Introduction to PowerShell

 

Different Tool Options

 

Installing everything needed

 

Language Basics

 

Using the Windows API and WMI

 

Interacting with the Registry

 

Managing Objects and COM Objects

 

Module 2 – Introduction to Active Directory and Kerberos

 

Overview of Kerberos

 

The three-headed monster

 

Key Distribution Center

 

Kerberos in Detail

 

Why we care about Kerberos as a Hacker

 

Overview of Active Directory

 

Understanding AD concepts

 

AD Objects and Attributes

 

Module 3 – Pen Testing Methodology Revisited

 

Introduction to the methodology

 

The Plan!!

 

Vulnerability Identification

 

Client-side attacks with and without PowerShell

 

Module 4 – Information Gathering and Enumeration

 

What can a domain user see?

 

Domain Enumeration

 

Trust and Privileges Mapping

 

After the client exploit

 

Module 5 – Privilege Escalation

 

Local Privilege Escalation

 

Credential Replay Attacks

 

Domain Privilege Escalation

 

Dumping System and Domain Secrets

 

PowerShell with Human Interface Devices

 

Module 6 – Lateral Movements and Abusing Trust

 

Kerberos attacks (Golden, Silver Tickets and more)

 

Delegation Issues

 

Attacks across Domain Trusts

 

Abusing Forest Trusts

 

Abusing SQL Server Trusts

 

Pivoting to other machines

 

Module 7 – Persistence and Bypassing Defenses

 

Abusing Active Directory ACLs

 

Maintaining Persistence

 

Bypassing Defenses

 

Attacking Azure Active Directory

 

Module 8 – Defending Against PowerShell Attacks

 

Defending an Active Directory Infrastructure

 

Detecting Attacks

 

Logging

 

Transcripts

 

Using Certificates

 

Using Bastion Hosts

 

Using AppLocker