Master Class: Workshop Microsoft PowerShell Advanced Security (MSPSAS)

 

Who should attend

Administrators, IT decision-makers

Prerequisites

Workshop Microsoft PowerShell Fundamentals & Advanced Bundle (MSPSFA) or equivalent knowledge

Course Objectives

Workshop Microsoft PowerShell Fundamentals & Advanced Bundle (MSPSFA) or equivalent knowledge

Course Content

IT security – comprehensive analysis of potential security risks
  • IT security is not an end in itself
  • Classification of potential threats
  • Risk management, cost-benefit analyses, and ROI assessment of security measures
  • Implementation of the "defense in depth" concept
  • The Pareto principle in IT security
  • Security as a process
  • Attack Tactics and Privilege Escalation
  • Security by obscurity vs. KISS
The architecture of PowerShell and its potential vulnerability
  • The role and development of command line tools in the Microsoft context
  • Comparison of the management approach in MS Windows and the MS Exchange Manage Shell
  • Modular approach of PowerShell and object orientation
  • Risk assessment compared to .cmd and .exe
  • authentication
Clean Code vs. Obfuscation
  • Clean code principles
  • Code obfuscation techniques
  • Aliases – Obfuscation with on-board tools
  • Das Tool Invoke-Obfuscation
  • Detecting obfuscation using statistical methods
  • Code Encoding
Code-Injection und Execution in Memory
  • Invoke-Expression
  • Executing code from the on-board help
  • Functions with untested parameters
  • In-Memory-Execution durch Remote-Code
Credentials
  • Handling secure strings and PSCredential objects
  • Secure credentials with certificates
    • Fundamentals of Public Key Infrastructure
    • Store credentials in encrypted form (certificate)
    • Use encrypted credentials for remote sessions
  • Credentials für Remote Scripts
  • Credentials für Scheduled Jobs
Elevation
  • Running script code in the LocalSystem context
  • Self-Elevator
Is co-signed
  • Management of the PowerShell code signature
  • PKI requirements
  • Code signing
AppLocker
  • The design of Applocker implementation guidelines
  • Bypass Applocker script rules
  • Managing Applocker through Powershell
Powershell Logging
  • Types and application scenarios of logging
  • Transcript
  • Over-the-shoulder-Transcription via GPO
  • Powershell Output-Streams
  • Deep script block logging in the event log
Just-Enough-Administration
  • The principle of least privilege
  • PowerShell Constrained Language Mode
  • What is JEA?
  • PS Session Config und Role Capabilities
  • Setting up and testing the JEA configuration

Prix & Delivery methods

Formation en ligne

Durée
3 jours

Prix
  • sur demande
Dates et Inscription
Formation en salle équipée

Durée
3 jours

Prix
  • sur demande
Dates et Inscription

Actuellement aucune session planifiée

Date sur demande
Lieu sur demande