Overview
This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management, which only makes sense. Did you know that a large percentage of hacks over the last year included PowerShell based attacks? Well they did, which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux! The course is based on real world implementations of a windows infrastructure along with real world penetration testing techniques. You will leave with a real strong skill set to help test your windows environment like never before. An attendee will also walk away with a strong skill set on how to help prevent these attacks from happening in the first place!
Here are just a few things you will take away from this course:
- Detailed Lab Manual
- VMs for performing labs on your own
- New ideas on testing your own AD infrastructure
- Attacks you can use immediately
- How to secure against PowerShell attacks
Audience Profile
- Penetration Testers
- Microsoft Administrators
- Security Administrators
- Active Directory Administrators
- Anyone looking to learn more about security
Prerequisites
General Understanding of Pen Testing
General Understanding of Active Directory
General Understanding of scripting and programming
At Course Completion
Upon completion, the Certified PowerShell Hacker candidate will be able to competently take the CPSH exam
Course Outline
Module 1 – Introduction to PowerShell
Different Tool Options
Installing everything needed
Language Basics
Using the Windows API and WMI
Interacting with the Registry
Managing Objects and COM Objects
Module 2 – Introduction to Active Directory and Kerberos
Overview of Kerberos
The three-headed monster
Key Distribution Center
Kerberos in Detail
Why we care about Kerberos as a Hacker
Overview of Active Directory
Understanding AD concepts
AD Objects and Attributes
Module 3 – Pen Testing Methodology Revisited
Introduction to the methodology
The Plan!!
Vulnerability Identification
Client-side attacks with and without PowerShell
Module 4 – Information Gathering and Enumeration
What can a domain user see?
Domain Enumeration
Trust and Privileges Mapping
After the client exploit
Module 5 – Privilege Escalation
Local Privilege Escalation
Credential Replay Attacks
Domain Privilege Escalation
Dumping System and Domain Secrets
PowerShell with Human Interface Devices
Module 6 – Lateral Movements and Abusing Trust
Kerberos attacks (Golden, Silver Tickets and more)
Delegation Issues
Attacks across Domain Trusts
Abusing Forest Trusts
Abusing SQL Server Trusts
Pivoting to other machines
Module 7 – Persistence and Bypassing Defenses
Abusing Active Directory ACLs
Maintaining Persistence
Bypassing Defenses
Attacking Azure Active Directory
Module 8 – Defending Against PowerShell Attacks
Defending an Active Directory Infrastructure
Detecting Attacks
Logging
Transcripts
Using Certificates
Using Bastion Hosts
Using AppLocker