Master Class: Workshop Microsoft PowerShell Advanced Security

Master Class: Workshop Microsoft PowerShell Advanced SecurityMSPSASMTMaster ClassMT-MSPSAS1.0<p><span class="cms-link-marked"><a class="fl-href-prod" href="/swisscom/en/course/training-mspsfa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Workshop Microsoft PowerShell Fundamentals & Advanced Bundle <span class="fl-prod-pcode">(MSPSFA)</span></a></span> or equivalent knowledge</p><p><span class="cms-link-marked"><a class="fl-href-prod" href="/swisscom/en/course/training-mspsfa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Workshop Microsoft PowerShell Fundamentals & Advanced Bundle <span class="fl-prod-pcode">(MSPSFA)</span></a></span> or equivalent knowledge</p><p>Administrators, IT decision-makers</p><h5>IT security – comprehensive analysis of potential security risks</h5><ul> <li><q>IT security is not an end in itself</q></li><li>Classification of potential threats</li><li>Risk management, cost-benefit analyses, and ROI assessment of security measures</li><li>Implementation of the "defense in depth" concept</li><li>The Pareto principle in IT security</li><li>Security as a process</li><li>Attack Tactics and Privilege Escalation</li><li><q>Security by obscurity</q> vs. <q>KISS</q></li></ul><h5>The architecture of PowerShell and its potential vulnerability</h5><ul> <li>The role and development of command line tools in the Microsoft context</li><li>Comparison of the management approach in MS Windows and the MS Exchange Manage Shell</li><li>Modular approach of PowerShell and object orientation</li><li>Risk assessment compared to .cmd and .exe</li><li>authentication</li></ul><h5>Clean Code vs. Obfuscation</h5><ul> <li>Clean code principles</li><li>Code obfuscation techniques</li><li>Aliases – Obfuscation with on-board tools</li><li>Das Tool Invoke-Obfuscation</li><li>Detecting obfuscation using statistical methods</li><li>Code Encoding</li></ul><h5>Code-Injection und Execution in Memory</h5><ul> <li>Invoke-Expression</li><li>Executing code from the on-board help</li><li>Functions with untested parameters</li><li>In-Memory-Execution durch Remote-Code</li></ul><h5>Credentials</h5><ul> <li>Handling secure strings and PSCredential objects</li><li>Secure credentials with certificates <ul> <li>Fundamentals of Public Key Infrastructure</li><li>Store credentials in encrypted form (certificate)</li><li>Use encrypted credentials for remote sessions</li></ul></li><li>Credentials für Remote Scripts</li><li>Credentials für Scheduled Jobs</li></ul><h5>Elevation</h5><ul> <li>Running script code in the LocalSystem context</li><li>Self-Elevator</li></ul><h5>Is co-signed</h5><ul> <li>Management of the PowerShell code signature</li><li>PKI requirements</li><li>Code signing</li></ul><h5>AppLocker</h5><ul> <li>The design of Applocker implementation guidelines</li><li>Bypass Applocker script rules</li><li>Managing Applocker through Powershell</li></ul><h5>Powershell Logging</h5><ul> <li>Types and application scenarios of logging</li><li>Transcript</li><li><q>Over-the-shoulder-Transcription</q> via GPO</li><li>Powershell Output-Streams</li><li>Deep script block logging in the event log</li></ul><h5>Just-Enough-Administration</h5><ul> <li>The principle of least privilege</li><li>PowerShell Constrained Language Mode</li><li>What is JEA?</li><li>PS Session Config und Role Capabilities</li><li>Setting up and testing the JEA configuration</li></ul>Workshop Microsoft PowerShell Fundamentals & Advanced Bundle (MSPSFA) or equivalent knowledgeWorkshop Microsoft PowerShell Fundamentals & Advanced Bundle (MSPSFA) or equivalent knowledgeAdministrators, IT decision-makersIT security – comprehensive analysis of potential security risks - IT security is not an end in itself - Classification of potential threats - Risk management, cost-benefit analyses, and ROI assessment of security measures - Implementation of the "defense in depth" concept - The Pareto principle in IT security - Security as a process - Attack Tactics and Privilege Escalation - Security by obscurity vs. KISS The architecture of PowerShell and its potential vulnerability - The role and development of command line tools in the Microsoft context - Comparison of the management approach in MS Windows and the MS Exchange Manage Shell - Modular approach of PowerShell and object orientation - Risk assessment compared to .cmd and .exe - authentication Clean Code vs. Obfuscation - Clean code principles - Code obfuscation techniques - Aliases – Obfuscation with on-board tools - Das Tool Invoke-Obfuscation - Detecting obfuscation using statistical methods - Code Encoding Code-Injection und Execution in Memory - Invoke-Expression - Executing code from the on-board help - Functions with untested parameters - In-Memory-Execution durch Remote-Code Credentials - Handling secure strings and PSCredential objects - Secure credentials with certificates - Fundamentals of Public Key Infrastructure - Store credentials in encrypted form (certificate) - Use encrypted credentials for remote sessions - Credentials für Remote Scripts - Credentials für Scheduled Jobs Elevation - Running script code in the LocalSystem context - Self-Elevator Is co-signed - Management of the PowerShell code signature - PKI requirements - Code signing AppLocker - The design of Applocker implementation guidelines - Bypass Applocker script rules - Managing Applocker through Powershell Powershell Logging - Types and application scenarios of logging - Transcript - Over-the-shoulder-Transcription via GPO - Powershell Output-Streams - Deep script block logging in the event log Just-Enough-Administration - The principle of least privilege - PowerShell Constrained Language Mode - What is JEA? - PS Session Config und Role Capabilities - Setting up and testing the JEA configuration3 days4390.003650.004390.004390.004390.00