Maandag - Vrijdag

8:15 - 17:00

info@startel.nl

050-5028888

Lavendelheide 12, 9202 PD, Drachten

  • Homepage
  • >
  • Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)
Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)

Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)


Introduced in 2006, Windows PowerShell is a scripting language, a command-line shell, and a scripting platform built on Microsoft .NET Framework. Despite the scripting designation, Windows PowerShell features a range of characteristics common for programming languages, including its object-oriented nature, extensibility, C#-like syntax, and the ability to interact directly with .NET classes, their properties, and methods.


The primary objective of Windows PowerShell was to help IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.


To take advantage of the benefits that Windows PowerShell has to offer, while at the same time, minimize security-related risks, it is essential to understand the primary aspects of Windows PowerShell operational security. Another aspect that is critical to consider in the context of this course is the role of Windows PowerShell in security exploits.


This 1-day Instructor-led security workshop provides discussion and practical hands-on training for PowerShell. you will learn about PowerShell fundamentals, including its architectural design, its editions and versions, and basics of interacting with PowerShell.


You will then explore the most common Windows PowerShell-based techniques employed by hackers in order to leverage existing access to a Windows operating system to facilitate installation of malicious software, carry out reconnaissance tasks, establish its persistency on the target computer, and promote lateral movement. You will also review some of Windows PowerShell-based security tools that facilitate penetration testing, forensics, and reverse engineering of Windows PowerShell exploits. To conclude the course, you will provide a summary of technologies recommended by the Blue Team that are geared towards implementing comprehensive, defense-in-depth security against Windows PowerShell-based attacks.


This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with the first course in the series, Microsoft Security Workshop: Enterprise Security Fundamentals:


  • 40551A: Microsoft Security Workshop: Enterprise Security Fundamentals.
  • 40552A: Microsoft Security Workshop: Managing Identity.
  • 40553A: Microsoft Security Workshop: Planning for a Secure Enterprise – Improving Detection.
  • 40554A: Microsoft Security Workshop: Implementing Windows 10 Security Features.
  • 40555A: Microsoft Security Workshop: Implementing PowerShell Security Best Practices.


Wat leer je?


After completing this workshop, students will be able to:


  • Provide an overview of Windows PowerShell.
  • Describe PowerShell editions and versions.
  • Install and use Windows PowerShell and PowerShell Core.
  • Manage execution of local PowerShell scripts.
  • Manage remote execution of Windows PowerShell.
  • Manage remote execution of PowerShell Core.
  • Describe security implications of using Constrained Language Mode.
  • Describe the architecture and components of Windows PowerShell DSC.
  • Recommend Windows PowerShell auditing and logging configuration.
  • Provide examples of Windows PowerShell-based attacks.
  • Use Windows PowerShell-based security tools.
  • Provide an overview of Windows PowerShell-based security-related technologies.
  • Implement Windows PowerShell logging by using Desired State Configuration (DSC).
  • Identify and mitigate Windows PowerShell-based exploits.
  • Implement Just Enough Administration (JEA).



This course is intended for IT Professionals that require a deeper understanding of Windows PowerShell security related features and exploits and to increase their knowledge level through a predominately hands-on experience implementing Windows PowerShell security features.


Welke voorkennis heb je nodig?


In addition to their professional experience, students who take this training should already have the following technical knowledge:


  • A good foundation in accessing and using simple Windows PowerShell commands.
  • The current cybersecurity ecosystem.
  • Experience with Windows Client and Server administration, maintenance, and troubleshooting.
  • Basic experience and understanding of Windows networking technologies, to include Windows Firewall network setting, DNS, DHCP, WiFi, and cloud services concepts.
  • Basic experience and understanding of Active Directory, including functions of a domain controller, sign on services, and an understanding of group policy.
  • Knowledge of and relevant experience in systems administration, using Windows 10.


Learners who take this training can meet the prerequisites by obtaining equivalent knowledge and skills through practical experience as a Security Administrator, System Administrator, or a Network Administrator. Learners should have a good foundation in accessing and using simple Windows PowerShell commands. This knowledge can be obtained in INF210x, Windows PowerShell Basics.


Trainingsvorm

Offerte formulier

Wij proberen je aanvraag binnen 2 werkdagen te verwerken. Telefoonnummer is niet direct nodig, maar handig als we nog vragen hebben.

Heb je een vraag?

Neem dan contact op met onze klantenservice voor studieadvies of een training op maat.

Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)

Wij proberen je aanvraag zo snel mogelijk te beantwoorden. Meestal zou dat op de dag zelf gebeuren. Om je sneller van dienst te zijn vragen we je telefoonnummer.

Trainingsdata

Heeft je voorkeursdatum geen doorgangsgarantie, neem dan voor de zekerheid contact met ons op. Vaak hebben we een oplossing voor je waarmee je doel gehaald kan worden.

Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)

Wij proberen je aanvraag zo snel mogelijk te beantwoorden. Meestal zou dat op de dag zelf gebeuren. Om je sneller van dienst te zijn vragen we je telefoonnummer.

Startdatum

Trainingsvorm

Locatie

Duur

Prijs

datum:

In company

Offerte formulier

Wij proberen je aanvraag binnen 2 werkdagen te verwerken. Telefoonnummer is niet direct nodig, maar handig als we nog vragen hebben.

Waarom Startel?

Persoonlijke
aanpak
Ervaren
trainers
Aanbod
op maat
Klassikaal en e-learning
mogelijkheden

Het programma


Module 1: PowerShell Fundamentals

Introduced in 2006, Windows PowerShell is a scripting language, a command-line shell, and a scripting platform built on Microsoft .NET Framework. Despite the scripting designation, Windows PowerShell features a range of characteristics common for programming languages, including its object-oriented nature, extensibility, C#-like syntax, and the ability to interact directly with .NET classes, their properties, and methods. The primary objective of Windows PowerShell was to help IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows. With the introduction of .NET Core in 2016, Microsoft extended the scope of PowerShell to other operating system platforms, leading to an open-source, GitHub-hosted project, named PowerShell Core. You can use PowerShell Core on macOS 10.12, a variety of 64-bit Linux distributions, in addition to the 32-bit and 64-bit Windows operating system, including Windows 10 running on Advanced Reduced Instruction Set Computing Machine (ARM) devices. In this module, you will learn about PowerShell fundamentals, including its architectural design, its editions and versions, and basics of interacting with PowerShell.


Lesson


  • Overview of Windows PowerShell.
  • PowerShell editions and versions.
  • Running PowerShell.


After completing this module, you will be able to:


  • Provide an overview of Windows PowerShell.
  • Describe PowerShell editions and versions.
  • Install and use Windows PowerShell and PowerShell Core.


Module 2: PowerShell Operational Security

To take advantage of the benefits that Windows PowerShell has to offer, while at the same time, minimize security-related risks, it is essential to understand the primary aspects of Windows PowerShell operational security. In this module, you will learn about enhancing operating system security by leveraging built-in Windows PowerShell features and technologies that are part of the Windows PowerShell operational environment. Another aspect that is critical to consider in the context of this module is the role of Windows PowerShell in security exploits. According to empirical data, in majority of cases, Windows PowerShell is used as a post-exploitation tool. This implies that, at the point where a Windows PowerShell session is launched, an attacker already gained access to the security context in which the target system or the target user operates. This is the type of scenario that this module will focus on. In this case, Windows PowerShell serves as powerful and extremely flexible engine for executing arbitrary tasks on the local and remote computers, which, incidentally, is the same reason that made Windows PowerShell extremely popular among system administrators. There are obviously other types of attacks which rely on Windows PowerShell to gain unauthorized access to a target system. In this type of scenario, Windows PowerShell serves as an exploitation tool. We will explore these types of attacks in the last module of this course.


Lesson


  • Managing Local Script Execution.
  • Managing remote execution capabilities of Windows PowerShell.
  • Managing remote execution capabilities of PowerShell Core.
  • Language Mode.


After completing this module, you will be able to:


  • Manage execution of local PowerShell scripts.
  • Manage remote execution of Windows PowerShell.
  • Manage remote execution of PowerShell Core.
  • Describe security implications of using Constrained Language Mode.


Module 3: Implementing PowerShell-based Security

In the previous module, you learned about a number of security-related features built into Windows PowerShell and technologies that are part of the Windows PowerShell operational environment that help you with their enforcement. The purpose of this module is to present the most common and effective methods of leveraging Windows PowerShell to enhance operating system security. These methods include: > Protecting from unintended configuration changes by relying on PowerShell Desired State Configuration (DSC) > Implementing the principle of least privilege in remote administration scenarios by using Just Enough Administration (JEA) > Tracking and auditing events that might indicate exploit attempts by using Windows PowerShell logging.


Lesson


  • Windows PowerShell DSC.
  • Just Enough Administration (JEA).
  • Windows PowerShell Auditing and Logging.


After completing this module, you will be able to:


  • Describe the architecture and components of Windows PowerShell DSC.
  • Implement JEA.
  • Recommend Windows PowerShell auditing and logging configuration.


Module 4: Windows PowerShell-based Exploits and their Mitigation

Organizations cannot comprehensively identify gaps in security detection and response by solely focusing on breach prevention strategies. Understanding how to not only protect but also to detect and respond to breaches is just as important—if not more so—than taking action to prevent a breach from occurring in the first place. By planning for the worst-case scenarios through Red Teaming (real-world attack and penetration), organizations can develop the necessary capabilities to detect attempted exploits and significantly improve responses associated with security breaches. Red Teaming has become one of the most essential parts of developing and securing Microsoft’s platforms and services. The Red Team takes on the role of sophisticated adversaries and allows Microsoft to validate and improve security, strengthen defenses and drive greater effectiveness of the entire security program. Red Teams enable Microsoft to test breach detection and response as well as accurately measure readiness and impacts of real-world attacks. The purpose of the Blue Team is looking for creative and reliable defenses to detect and foil attacks orchestrated by the Red Team. The Blue Team is comprised of either a dedicated set of security responders or members from across the security incident response, Engineering and Operations organizations. Regardless of their make-up, they are independent and operate separately from the Red Team. The Blue Team follows established security processes and uses the latest tools and technologies to detect and respond to attacks and penetration. In this module, we will first approach the Windows PowerShell-based security from the Red Team’s perspective. We will explore the most common Windows PowerShell-based techniques employed by hackers in order to leverage existing access to a Windows operating system to facilitate installation of malicious software, carry out reconnaissance tasks, establish its persistency on the target computer, and promote lateral movement. We will also review some of Windows PowerShell-based security tools that facilitate penetration testing, forensics, and reverse engineering of Windows PowerShell exploits. To conclude the module and the course, we will provide a summary of technologies recommended by the Blue Team that are geared towards implementing comprehensive, defense-in-depth security against Windows PowerShell-based attacks. There are many documented exploits that utilize Windows PowerShell capabilities to carry out attacks that either target security flaws present in unpatched or out-of-date systems or to laterally expand the scope of such attacks once a single system is compromised. Note that the overview of such exploits presented in this module is not meant to be exhaustive. Our intention is to illustrate common patterns that such exploits follow and highlight the importance of a comprehensive defense in-depth strategy.


Lesson


  • Windows PowerShell-based attacks.
  • Windows PowerShell-based security tools.
  • Summary of Windows PowerShell security-related technologies.


Lab : Implementing Windows PowerShell Security


  • Implement Windows PowerShell Logging by using DSC.
  • Carry out a Windows PowerShell-based exploit.
  • Implement Just Enough Administration.


After completing this module, you will be able to:


  • Provide examples of Windows PowerShell-based attacks.
  • Use Windows PowerShell-based security tools.
  • Provide an overview of Windows PowerShell-based security-related technologies.
  • Implement Windows PowerShell logging by using Desired State Configuration (DSC).
  • Identify and mitigate Windows PowerShell-based exploits.
  • Implement Just Enough Administration (JEA).


Additional Reading

This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with the first course in the series, Microsoft Security Workshop: Enterprise Security Fundamentals:


  • 40551A: Microsoft Security Workshop: Enterprise Security Fundamentals.
  • 40552A: Microsoft Security Workshop: Managing Identity.
  • 40553A: Microsoft Security Workshop: Planning for a Secure Enterprise – Improving Detection.
  • 40554A: Microsoft Security Workshop: Implementing Windows 10 Security Features.
  • 40555A: Microsoft Security Workshop: Implementing PowerShell Security Best Practices.

Hoe maken we het persoonlijk?

Bij Startel is persoonlijk ook écht persoonlijk. Om de best passende trainingen te geven starten we met het belangrijkste ingrediënt: jou.

  1. We starten altijd met een intake om jou te leren kennen.
  2. We passen de Training aan de hand van jouw ambitie en doelen aan.
  3. We kijken ook naar jouw persoonlijke situatie om de lesstof zo praktisch mogelijk te maken.
Designing and Implementing Microsoft DevOps solutions(AZ-400T00)
Microsoft
Designing and Implementing Microsoft DevOps solutions(AZ-400T00)

DevOps is alweer een tijdje onder ons, en het is ‘here to stay’. Development en operations in elkaar geschoven. Zodat de ontwikkelde systemen naadloos naar produktie kunnen, kort door de bocht. Denk aan termen als continuous integration. Ofwel het zoveel mogelijk automatiseren van ontwikkeling naar produktie. En daar zijn natuurlijk ook weer de nodige tools voor ontstaan.

Lees verder »
Microsoft 365 Identity and Services (MS-100)
Microsoft
Microsoft 365 Identity and Services (MS-100)

Met deze training leer je hoe je effectief en efficiënt je Microsoft 365-tenant (zeg maar abonnement) kan beheren. Je leert alles over Microsoft 365, ook hoe je overgaat óp Microsoft 365, te veel om op te noemen. Vooruit: Power Apps, security, Power BI, etc.. Kortom: vijf dagen volledig bezig met MS 365.

Lees verder »
Microsoft Azure Data Fundamentals (DP-900)
Microsoft
Microsoft Azure Data Fundamentals (DP-900)

Deze eendaagse training behandelt de beginselen van databases in een cloudomgeving. Je krijgt een introductie in het relationele systeem, maakt kennis wat er op Azure allemaal mogelijk is op dit gebied, leert een en ander over Power BI. Kortom: je krijgt een gedegen mogelijkheid om te kunnen onderzoeken of dit een gebied is waar jij je thuis voelt.

Lees verder »

Contact formulier

Wil je informatie of wil je een maatwerk training. Neem dan Contact met  ons op.

Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)

Wij proberen je aanvraag zo snel mogelijk te beantwoorden. Meestal zou dat op de dag zelf gebeuren. Om je sneller van dienst te zijn vragen we je telefoonnummer.