This course is designed to teach students the basic, but essential, concepts of Powershell to advanced Powershell for penetration testing from both a Windows machine and a Linux machine using frameworks such as PowerSploit, Nishang, and Powershell Empire.
This course is available only for premium subscribers.
You will learn:
By the end of this course you should be able to use existing Powershell penetration testing frameworks comfortably and/or create your own scripts for your penetration testing needs.
You will need:
Minimum: A Windows 7 machine (physical or virtual) and a Linux machine (physical or virtual). Ideally: Lab environment (Windows Server (Domain Controller), Windows server (member server), Linux machine, and/or at least 2 Windows 7 client machines).
Before they join you should know:
The student should be familiar with some basic programming concepts such as variables and conditional statements, as well as comfortably use the command line.
Module 1: Introduction to Powershell
Module 1 description: In this module we’ll cover possible lab setup for this course. We’ll also get an introduction to Powershell, and cover the core components of Powershell.
Module 1 covered topics: Getting familiar with the Powershell cmdlets, using get-help, understanding the pipeline, how to format output, filtering, variables, arrays, hash tables, operators, conditional statements, looping, regular expressions, basic Powershell scripting, creating functions, remoting, working with the registry, types, objects, error handling, Powershell & .NET, and working with WMI, COM, & CIM.
Module 1 exercises: Write a script that will enumerate the registry of your local client machine, or remote machine(s), and retrieve any passwords stored in the registry. Results are sent to a file.
Module 2: Powershell Pentesting on Windows
Module 2 description: In this module we will get familiar with existing offensive Powershell pentesting frameworks, such as PowerSploit and Nishang.
Module 2 covered topics: Cover usage of some of the scripts contained within each of these frameworks that were created for scanning, recon, bruteforce, Metasploit, pass-the-hash, etc.
Module 2 exercises: Take an existing script within one of these frameworks and tweak it any way you see fit. Specify what tweaks you made and why you decided to make it.
Module 3: Powershell Pentesting on Linux
Module 3 description: In this module we will get familiar with an existing offensive Powershell pentesting framework known as Powershell Empire.
Module 3 covered topics: Empire fundamentals, mimikatz, privsec, persistence, lateral movement, integrate with MSF, etc.
Module 3 exercises: Execute an Empire agent through Metasploit by using the windows/exec payload that will be executed on the target machine and show in Empire as an active agent. Exe has to be unique, maybe name/handle of student. Proof of completion will be screenshot.
Module 4: Advanced Powershell
Module 4 description: We’ll dive into some more advanced Powershell concepts, such as creating tools for others to use, creating a GUI for your scripts, port existing exploits to Powershell, understanding Powershell blue team concepts, and random tips & tricks.
Module 4 covered topics: Creating menus for Powershell scripts, creating a GUI, demo of porting malware to Powershell, blue team Powershell log analysis, malicious cases with Powershell (scheduled tasks, jobs, HIDs)
Module 4 exercises: Port an existing exploit, or even malware, to Powershell.
Your instructor: Sam Vega
Sam has been fiddling with computers for over 20 years but has been officially an IT professional since 2008. Currently a Senior Technical Systems Analyst for a nationally recognized hospital working in the capacity of a Senior Desktop Engineer. He holds current industry standard certifications such as ISACA, Microsoft, Apple, Oracle, CompTIA, Tenable, Offensive Security, and eLearnSecurity. He enjoys writing & reverse engineering code, analyzing malware, performing PoCs and figuring out complex problems. His mindset is defender by day and attacker by night. So that makes him part of the Purple Team by design and a lover of all things infosec by nature.