Microsoft Security Workshop: Implementing PowerShell Security Best Practices
- Codice corso: 40555A
- Durata corso: 1gg
Introduzione
Introduced in 2006, Windows PowerShell is a scripting language, a command-line shell, and a scripting platform built on Microsoft .NET Framework. Despite the scripting designation, Windows PowerShell features a range of characteristics common for programming languages, including its object-oriented nature, extensibility, C#-like syntax, and the ability to interact directly with .NET classes, their properties, and methods.
The primary objective of Windows PowerShell was to help IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.
To take advantage of the benefits that Windows PowerShell has to offer, while at the same time, minimize security-related risks, it is essential to understand the primary aspects of Windows PowerShell operational security. Another aspect that is critical to consider in the context of this course is the role of Windows PowerShell in security exploits.
This 1-day Instructor-led security workshop provides discussion and practical hands-on training for PowerShell. you will learn about PowerShell fundamentals, including its architectural design, its editions and versions, and basics of interacting with PowerShell
You will then explore the most common Windows PowerShell-based techniques employed by hackers in order to leverage existing access to a Windows operating system to facilitate installation of malicious software, carry out reconnaissance tasks, establish its persistency on the target computer, and promote lateral movement. You will also review some of Windows PowerShell-based security tools that facilitate penetration testing, forensics, and reverse engineering of Windows PowerShell exploits. To conclude the course, you will provide a summary of technologies recommended by the Blue Team that are geared towards implementing comprehensive, defense-in-depth security against Windows PowerShell-based attacks.
This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with the first course in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.
40551A: Microsoft Security Workshop: Enterprise Security Fundamentals
40552A: Microsoft Security Workshop: Managing Identity
40553A: Microsoft Security Workshop: Planning for a Secure Enterprise - Improving Detection
40554A: Microsoft Security Workshop: Implementing Windows 10 Security Features
40555A: Microsoft Security Workshop: Implementing PowerShell Security Best Practices.
This course is intended for IT Professionals that require a deeper understanding of Windows PowerShell security related features and exploits and to increase their knowledge level through a predominately hands-on experience implementing Windows PowerShell security features.
Obiettivi del corso
After completing this workshop, students will be able to:
Provide an overview of Windows PowerShell
Describe PowerShell editions and versions
Install and use Windows PowerShell and PowerShell Core
Manage execution of local PowerShell scripts
Manage remote execution of Windows PowerShell
Manage remote execution of PowerShell Core
Describe security implications of using Constrained Language Mode
Describe the architecture and components of Windows PowerShell DSC
Recommend Windows PowerShell auditing and logging configuration
Provide examples of Windows PowerShell-based attacks
Use Windows PowerShell-based security tools
Provide an overview of Windows PowerShell-based security-related technologies
Implement Windows PowerShell logging by using Desired State Configuration (DSC)
Identify and mitigate Windows PowerShell-based exploits
Implement Just Enough Administration (JEA)
Prerequisiti
In addition to their professional experience, students who take this training should already have the following technical knowledge:
A good foundation in accessing and using simple Windows PowerShell commands
The current cybersecurity ecosystem
Experience with Windows Client and Server administration, maintenance, and troubleshooting.
Basic experience and understanding of Windows networking technologies, to include Windows Firewall network setting, DNS, DHCP, WiFi, and cloud services concepts.
Basic experience and understanding of Active Directory, including functions of a domain controller, sign on services, and an understanding of group policy.
Knowledge of and relevant experience in systems administration, using Windows 10.
Learners who take this training can meet the prerequisites by obtaining equivalent knowledge and skills through practical experience as a Security Administrator, System Administrator, or a Network Administrator. Learners should have a good foundation in accessing and using simple Windows PowerShell commands. This knowledge can be obtained in INF210x, Windows PowerShell Basics.
Struttura del Corso
MODULE 1: PowerShell Fundamentals
Lessons
After completing this module, you will be able to:
Provide an overview of Windows PowerShell
Describe PowerShell editions and versions
Install and use Windows PowerShell and PowerShell Core
MODULE 2: PowerShell Operational Security
Lessons
After completing this module, you will be able to:
Manage execution of local PowerShell scripts
Manage remote execution of Windows PowerShell
Manage remote execution of PowerShell Core
Describe security implications of using Constrained Language Mode
MODULE 3: Implementing PowerShell-based Security
Lessons
After completing this module, you will be able to:
Describe the architecture and components of Windows PowerShell DSC
Implement Just Enough Administration (JEA)
Recommend Windows PowerShell auditing and logging configuration
MODULE 4: Windows PowerShell-based Exploits and their Mitigation
Lessons
After completing this module, you will be able to:
Provide examples of Windows PowerShell-based attacks
Use Windows PowerShell-based security tools
Provide an overview of Windows PowerShell-based security-related technologies
Implement Windows PowerShell logging by using Desired State Configuration (DSC)
Identify and mitigate Windows PowerShell-based exploits
Implement Just Enough Administration (JEA)
Lab : Implementing Windows PowerShell Security
Additional Reading
This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with the first course in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.
40551A: Microsoft Security Workshop: Enterprise Security Fundamentals
40552A: Microsoft Security Workshop: Managing Identity
40553A: Microsoft Security Workshop: Planning for a Secure Enterprise - Improving Detection
40554A: Microsoft Security Workshop: Implementing Windows 10 Security Features
40555A: Microsoft Security Workshop: Implementing PowerShell Security Best Practices.