• No products in the cart.


Retrieve Password
Back to login/register

This course is designed to teach students the basic, but essential, concepts of Powershell to advanced Powershell for penetration testing from both a Windows machine and a Linux machine using frameworks such as PowerSploit, Nishang, and Powershell Empire.


This course is designed to teach you the basic, but essential, concepts of Powershell to advanced Powershell for penetration testing from both a Windows machine and a Linux machine using frameworks such as PowerSploit, Nishang, and Powershell Empire.

This course is self-paced.

What you will learn (learning outcome – knowledge/skill):

By the end of this course the student should be able to use existing Powershell penetration testing frameworks comfortably and/or create their own scripts for their penetration testing needs.

What you will need (course requirements):

Minimum: A Windows 7 machine (physical or virtual) and a Linux machine (physical or virtual). Ideally: Lab environment (Windows Server (Domain Controller), Windows server (member server), Linux machine, and/or at least 2 Windows 7 client machines).

What you should know before you join (student requirements):

The student should be familiar with some basic programming concepts such as variables and conditional statements, as well as comfortably use the command line.



Module 1 title: Introduction to Powershell

Module 1 description: In this module we’ll cover possible lab setup for this course. We’ll also get an introduction to Powershell, and cover the core components of Powershell.

Module 1 covered topics: Getting familiar with the Powershell cmdlets, using get-help, understanding the pipeline, how to format output, filtering, variables, arrays, hash tables, & operators.

Module 1 exercises: Enumerate the registry of your local client machine, or remote machine(s), and retrieve any passwords stored in the registry. Send results to a file.


Module 2 title: Advanced Powershell

Module 2 description: We’ll dive into some more advanced Powershell concepts, such as functions, .Net types, scripting, creating tools for others to use, creating a GUI for your scripts, port existing exploits to Powershell, understanding Powershell blue team concepts, and random tips & tricks.

Module 2 covered topics: Getting familiar with conditional statements, looping, regular expressions, working more with the registry, types, objects, WMI, COM, & CIM.

Module 2 exercises: Create a script implementing a static .Net method that was not covered in the videos. Check online for examples to help you out. Help is your friend.


Module 3 title: Powershell Pentesting on Windows

Module 3 description: In this module we will get familiar with existing offensive Powershell pentesting frameworks, such as PowerSploit and Nishang.

Module 3 covered topics: Cover usage of some of the scripts contained within each of these frameworks that were created for scanning, recon, bruteforce, Metasploit, pass-the-hash, etc. We’ll also cover some more Powershell concepts such as: basic Powershell scripting, creating functions, remoting, jobs, & error handling.

Module 3 exercises: Take an existing script within one of these frameworks and tweak it any way you see fit. Specify what tweaks you made and why you decided to make it. Also add comments within the script, if there isn’t any, to explain what the script is doing.


Module 4 title: Powershell Pentesting on Linux

Module 4 description: In this module we will get familiar with an existing offensive Powershell pentesting framework known as Powershell Empire and Metasploit.

Module 4 covered topics: Empire fundamentals, mimikatz, privsec, persistence, lateral movement, integrate with MSF, etc. Also use Metasploit to bring up a Powershell session. We’ll cover the last bits of Powershell: creating a GUI, demo of porting malware to Powershell, blue team Powershell log analysis, malicious cases with Powershell (scheduled tasks, jobs, HIDs).

Module 4 exercises: Execute an Empire agent through Metasploit by using the windows/exec payload that will be executed on the target machine and show in Empire as an active agent. Exe has to be unique, maybe name/handle of student. Proof of completion will be screenshot.

Your instructor: Sam Vega

sam vega profile picSam has been fiddling with computers for over 20 years but has been officially an IT professional since 2008. Currently a Senior Technical Systems Analyst for a nationally recognized hospital working in the capacity of a Senior Desktop Engineer. He holds current industry standard certifications such as ISACA, Microsoft, Apple, Oracle, CompTIA, Tenable, Offensive Security, and eLearnSecurity. He enjoys writing & reverse engineering code, analyzing malware, performing PoCs and figuring out complex problems. His mindset is defender by day and attacker by night. So that makes him part of the Purple Team by design and a lover of all things infosec by nature.


Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.