PowerShell Automation and Scripting for Cybersecurity

Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you’re a red or blue teamer, you’ll gain a deep understanding of PowerShell’s security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you’ll dive into PowerShell Remoting and remote management technologies. You’ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You’ll dig deeper into PowerShell’s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you’ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you’ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you’ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.

Type
ebook
Category
Cloud & Networking
publication date
2023-08-16
what you will learn

Leverage PowerShell, its mitigation techniques, and detect attacks
Fortify your environment and systems against threats
Get unique insights into event logs and IDs in relation to PowerShell and detect attacks
Configure PSRemoting and learn about risks, bypasses, and best practices
Use PowerShell for system access, exploitation, and hijacking
Red and blue team introduction to Active Directory and Azure AD security
Discover PowerShell security measures for attacks that go deeper than simple commands
Explore JEA to restrict what commands can be executed

no of pages
572
duration
1144
key features
Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses * Research and develop methods to bypass security features and use stealthy tradecraft * Explore essential security features in PowerShell and protect your environment against exploits and bypasses
approach
Complete with step-by-step explanations of essential concepts, and practical examples, this book will help you refresh your PowerShell basics, get insights on what is going on in your environment from a PowerShell perspective, understand how PowerShell can be leveraged by attackers, and learn what mitigations can be used to secure your environment.
audience
This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.
meta description
Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security
Purchase of the print or Kindle book includes a free PDF eBook
short description
PowerShell is a powerful framework and tool that can help both red and blue teamers. It’s easy to learn and provides direct access to the Windows subsystem and APIs. This book will provide you with the skills and knowledge to make the most of PowerShell from both a red and blue team perspective. You’ll learn to attack, secure, and build a robust security framework within your organization.
subtitle
Hacking and defense for red and blue teamers
keywords
Powershell scripting, Powershell for sysadmins, Powershell cookbook, Powershell cheatsheet, Powershell book
Product ISBN
9781800566378