C)PSH: Certified PowerShell Hacker
About this Course
C)PSH-Certified PowerShell Hacker
Duration: 4 Days
CPEs: 32
$3,000
This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management, which only makes sense. Did you know that a large percentage of hacks over the last year included PowerShell based attacks? Well they did, which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux! The course is based on real world implementations of a windows infrastructure along with real world penetration testing techniques. You will leave with a real strong skill set to help test your windows environment like never before. An attendee will also walk away with a strong skill set on how to help prevent these attacks from happening in the first place!
Here are just a few things you will take away from this course:
- Detailed Lab Manual
- VMs for performing labs on your own
- New ideas on testing your own AD infrastructure
- Attacks you can use immediately
How to secure against PowerShell attacks
Audience Profile
WHO SHOULD ATTEND?
- Penetration Testers
- Microsoft Administrators
- Security Administrators
- Active Directory Administrators
Anyone looking to learn more about security
At Course Completion
Upon completion, the Certified PowerShell Hacker candidate will be able to competently take the CPSH exam.
The Certified PowerShell Hacker exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consists of 100 multiple choice questions. The cost is $400 USD and must be purchased from Mile2.com.
Outline
OUTLINE
Module 0 – Course Introduction
Module 1 – Introduction to PowerShell
Module 2 – Introduction to Active Directory and Kerberos
Module 3 – Pen Testing Methodology Revisited
Module 4 – Information Gathering and Enumeration
Module 5 – Privilege Escalation
Module 6 – Lateral Movements and Abusing Trust
Module 7 – Persistence and Bypassing Defenses
Module 8 – Defending Against PowerShell Attacks
Module 1 Introduction to PowerShell
Different Tool Options
Installing everything needed
Language Basics
Using the Windows API and WMI
Interacting with the Registry
Managing Objects and COM Objects
Module 2 – Introduction to Active Directory and Kerberos
Overview of Kerberos
The three-headed monster
Key Distribution Center
Kerberos in Detail
Why we care about Kerberos as a Hacker
Overview of Active Directory
Understanding AD concepts
AD Objects and Attributes
Module 3 – Pen Testing Methodology Revisited
Introduction to the methodology
The Plan!!
Vulnerability Identification
Client-side attacks with and without PowerShell
Module 4 – Information Gathering and Enumeration
What can a domain user see?
Domain Enumeration
Trust and Privileges Mapping
After the client exploit
Module 5 – Privilege Escalation
Local Privilege Escalation
Credential Replay Attacks
Domain Privilege Escalation
Dumping System and Domain Secrets
PowerShell with Human Interface Devices
Module 6 – Lateral Movements and Abusing Trust
Kerberos attacks (Golden, Silver Tickets and more)
Delegation Issues
Attacks across Domain Trusts
Abusing Forest Trusts
Abusing SQL Server Trusts
Pivoting to other machines
Module 7 – Persistence and Bypassing Defenses
Abusing Active Directory ACLs
Maintaining Persistence
Bypassing Defenses
Attacking Azure Active Directory
Module 8 – Defending Against PowerShell Attacks
Defending an Active Directory Infrastructure
Detecting Attacks
Logging
Transcripts
Using Certificates
Using Bastion Hosts
Using AppLocker
Prerequisites
Prerequisites:
General Understanding of Pen Testing
General Understanding of Active Directory
General Understanding of scripting and programming