PowerShell Automation and Scripting for Cybersecurity - Miriam C. Wiesner

PowerShell Automation and Scripting for Cybersecurity

Hacking and defense for red and blue teamers
Buch | Softcover
572 Seiten
2023
Packt Publishing Limited (Verlag)
978-1-80056-637-8 (ISBN)
44,85 inkl. MwSt
Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security with this practical guide
Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses
Research and develop methods to bypass security features and use stealthy tradecraft
Explore essential security features in PowerShell and protect your environment against exploits and bypasses

Book DescriptionTake your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you’re a red or blue teamer, you’ll gain a deep understanding of PowerShell’s security capabilities and how to use them.
After revisiting PowerShell basics and scripting fundamentals, you’ll dive into PowerShell Remoting and remote management technologies. You’ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You’ll dig deeper into PowerShell’s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you’ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you’ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices.
By the end of this book, you’ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.What you will learn

Leverage PowerShell, its mitigation techniques, and detect attacks
Fortify your environment and systems against threats
Get unique insights into event logs and IDs in relation to PowerShell and detect attacks
Configure PSRemoting and learn about risks, bypasses, and best practices
Use PowerShell for system access, exploitation, and hijacking
Red and blue team introduction to Active Directory and Azure AD security
Discover PowerShell security measures for attacks that go deeper than simple commands
Explore JEA to restrict what commands can be executed

Who this book is forThis book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.

Miriam C. Wiesner is a senior security researcher at Microsoft, with over 15 years of experience in IT and IT security. She has held various positions, including administrator/system engineer, software developer, premier field engineer, program manager, security consultant, and pentester. She is also a renowned creator of open source tools based in PowerShell, including EventList and JEAnalyzer. She has been invited multiple times to present the research behind her tools at many international conferences, such as Black Hat (the US, Europe, and Asia), PSConfEU, and MITRE ATT&CK workshop. Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.

Table of Contents

Getting Started with PowerShell
PowerShell Scripting Fundamentals
Exploring PowerShell Remote Management Technologies and PowerShell Remoting
Detection – Auditing and Monitoring
PowerShell Is Powerful – System and API Access
Active Directory – Attacks and Mitigation
Hacking the Cloud – Exploiting Azure Active Directory/Entra ID
Red Team Tasks and Cookbook
Blue Team Tasks and Cookbook
Language Modes and Just Enough Administration (JEA)
AppLocker, Application Control, and Code Signing
Exploring the Antimalware Scan Interface (AMSI)
What Else? – Further Mitigations and Resources

Erscheinungsdatum
Vorwort Tanya Janca
Verlagsort Birmingham
Sprache englisch
Maße 191 x 235 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-80056-637-9 / 1800566379
ISBN-13 978-1-80056-637-8 / 9781800566378
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00