PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers

Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses
• Research and develop methods to bypass security features and use stealthy tradecraft
• Explore essential security features in PowerShell and protect your environment against exploits and bypasses

Book Description

Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.

What you will learn

• Leverage PowerShell, its mitigation techniques, and detect attacks
• Fortify your environment and systems against threats
• Get unique insights into event logs and IDs in relation to PowerShell and detect attacks
• Configure PSRemoting and learn about risks, bypasses, and best practices
• Use PowerShell for system access, exploitation, and hijacking
• Red and blue team introduction to Active Directory and Azure AD security
• Discover PowerShell security measures for attacks that go deeper than simple commands
• Explore JEA to restrict what commands can be executed

Who this book is for

This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.

探索PowerShell的攻擊和防禦能力，以加強組織的安全性。

購買印刷版或Kindle書籍，即可獲得免費的PDF電子書。

主要特點：

- 通過配置、審計、監控、利用和繞過防禦，掌握PowerShell的安全性。
- 研究和開發繞過安全功能並使用隱蔽技巧的方法。
- 探索PowerShell中的基本安全功能，並保護您的環境免受攻擊和繞過。

書籍描述：

通過這本全面指南，將您的網絡安全技能提升到新的水平！無論您是紅隊還是藍隊成員，您都將深入了解PowerShell的安全能力以及如何使用它們。在回顧PowerShell基礎知識和腳本基礎知識之後，您將深入研究PowerShell Remoting和遠程管理技術。您將學習如何配置和分析Windows事件日誌，並了解監控環境所需的最重要的事件日誌和ID。您將更深入地瞭解PowerShell與底層系統、Active Directory和Azure AD的交互能力。此外，您還將探索Windows內部組件，包括API和WMI，以及如何在沒有powershell.exe的情況下運行PowerShell。您將揭示身份驗證協議、枚舉、憑證竊取和利用等內容，以幫助減輕環境中的風險，並提供紅隊和藍隊的日常安全任務手冊。最後，您將深入研究包括Just Enough Administration、AMSI、應用程序控制和代碼簽名在內的緩解措施，並關注配置、風險、利用、繞過和最佳實踐。通過閱讀本書，您將深入瞭解如何從紅隊和藍隊的角度使用PowerShell。

您將學到什麼：

- 利用PowerShell及其緩解技術，並檢測攻擊。
- 加強您的環境和系統以抵禦威脅。
- 獲得有關事件日誌和ID與PowerShell相關的獨特見解，並檢測攻擊。
- 配置PSRemoting，並了解風險、繞過和最佳實踐。
- 使用PowerShell進行系統訪問、利用和劫持。
- 紅隊和藍隊介紹Active Directory和Azure AD安全性。
- 發現超越簡單命令的攻擊的PowerShell安全措施。
- 探索JEA以限制可以執行的命令。

本書適合對象：

本書適合安全專業人員、滲透測試人員、系統管理員和紅隊藍隊成員，他們希望學習如何利用PowerShell進行安全操作。基本的PowerShell、網絡安全基礎知識和腳本編寫能力是必需的。對於某些部分，基本的Active Directory、C++/C#和組合語言的理解可能會有所幫助。

1. Getting Started with PowerShell
2. PowerShell Scripting Fundamentals
3. Exploring PowerShell Remote Management Technologies and PowerShell Remoting
4. Detection – Auditing and Monitoring
5. PowerShell Is Powerful – System and API Access
6. Active Directory – Attacks and Mitigation
7. Hacking the Cloud – Exploiting Azure Active Directory/Entra ID
8. Red Team Tasks and Cookbook
9. Blue Team Tasks and Cookbook
10. Language Modes and Just Enough Administration (JEA)
11. AppLocker, Application Control, and Code Signing
12. Exploring the Antimalware Scan Interface (AMSI)
13. What Else? – Further Mitigations and Resources

- 開始使用 PowerShell
- PowerShell 腳本基礎
- 探索 PowerShell 遠端管理技術和 PowerShell 遠端操作
- 檢測 - 審計和監控
- PowerShell 強大之處 - 系統和 API 存取
- Active Directory - 攻擊和緩解
- 駭客雲端 - 利用 Azure Active Directory/Entra ID
- 紅隊任務和食譜
- 藍隊任務和食譜
- 語言模式和足夠的管理 (JEA)
- AppLocker、應用程式控制和程式碼簽署
- 探索惡意軟體掃描介面 (AMSI)
- 還有什麼? - 進一步的緩解和資源