PowerShell Automation and Scripting for Cybersecurity (eBook)
572 Seiten
Packt Publishing (Verlag)
978-1-80056-926-3 (ISBN)
Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them.
After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices.
By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.
Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security with this practical guidePurchase of the print or Kindle book includes a free PDF eBookKey FeaturesMaster PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defensesResearch and develop methods to bypass security features and use stealthy tradecraftExplore essential security features in PowerShell and protect your environment against exploits and bypassesBook DescriptionTake your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you re a red or blue teamer, you ll gain a deep understanding of PowerShell s security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you ll dive into PowerShell Remoting and remote management technologies. You ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You ll dig deeper into PowerShell s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.What you will learnLeverage PowerShell, its mitigation techniques, and detect attacksFortify your environment and systems against threatsGet unique insights into event logs and IDs in relation to PowerShell and detect attacksConfigure PSRemoting and learn about risks, bypasses, and best practicesUse PowerShell for system access, exploitation, and hijackingRed and blue team introduction to Active Directory and Azure AD securityDiscover PowerShell security measures for attacks that go deeper than simple commandsExplore JEA to restrict what commands can be executedWho this book is forThis book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.]]>
BIRMINGHAM—MUMBAI
PowerShell Automation and Scripting for Cybersecurity
Copyright © 2023 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Pavan Ramchandani
Publishing Product Manager: Prachi Sawant
Senior Editor: Romy Dias
Technical Editor: Irfa Ansari
Copy Editor: Safis Editing
Project Coordinator: Ashwin Kharwa
Proofreader: Safis Editing
Indexer: Hemangini Bari
Production Designer: Ponraj Dhandapani
Marketing Coordinator: Marylou Dmello
First published: July 2023
Production reference: 1030823
Published by Packt Publishing Ltd
Grosvenor House
11 St Paul’s Square
Birmingham
B3 1RB
ISBN 978-1-80056-637-8
To my loving husband, Felix, and my son, who both supported me tremendously during the writing of this book with their support, patience, and love.
To my former mentor, Chris Jackson, and his family; he was so excited when I started writing this book, but unfortunately, he tragically passed away before it was published.
To my family and friends, who were patient with me and supportive—I cannot mention all of you by name, but you know who you are.
Foreword
Miriam and I first met when I worked at Microsoft, where we connected over discussions of security automation, how to get accepted to speak at conferences, and her love of PowerShell. We kept in touch over the years, as it’s not often you meet someone who is “the same kind of nerd” that you are. When she told me she was writing a book about using PowerShell for hacking and defending, I was not surprised at all!
Before Miriam even started thinking about writing this book, she had already created and open sourced her PowerShell tool EventList to help people gather logging evidence when investigating security incidents. She has also presented at numerous conferences on the topics of digital forensics, incident response, logging, infrastructure security, Just Enough Administration, and so much more. She has constantly and consistently shared her research with the community, in an effort to help everyone lock down their secure systems.
This book is an extension of her efforts to share knowledge while hacking all the things. Every security-related feature of PowerShell, and how to use it to your distinct advantage, is in this book. Whether you’re calling Windows APIs or other subsystem functions, using it to manipulate Azure, or bypassing security controls, there’s something in this book for you. With Windows being the most popular operating system on the planet, this powerful scripting language can take you further than most others for penetration tests, red teaming, and security research.
This book can also serve as a playbook on where to start, where to go next, and so on when using PowerShell for an offensive security engagement, but also how to use it to ensure you defend and harden your systems from these attacks. You can even create scripts to alert you when people are attempting, but failing, to get into your systems!
Although previous scripting knowledge is necessary to follow this book, you will start off with the PowerShell fundamentals, such as hardening and detection, then move on to more advanced topics such as hacking Azure Active Directory, API and Windows system calls, language modes, and JEA.
If you want to be a penetration tester that works with Windows and/or Azure, or you’re interested in security automation, this book is for you. I hope you love it as much as I did!
Tanya Janca
Author of Alice and Bob Learn Application Security
CEO and Founder of We Hack Purple
Praise for PowerShell Automation and Scripting for Cybersecurity
"PowerShell Automation and Scripting for Cybersecurity is a rare treat of a book and one that I am honored to have been a technical reviewer for. In the security industry, accurate information about PowerShell Security is hard to find. Often, what you do find is shallow, incorrect, or just entirely theoretical.
Until now.
Miriam has been an influential member of the PowerShell Security community for many years. This book takes her mountains of real-world PowerShell Security experience and then distills it down to what matters. If it’s here, Miriam has either used it to help companies defend their networks or has had to defend against it in their networks.
We are fortunate to have this gem of a book that is certain to jumpstart your journey into PowerShell Security."
— Lee Holmes Partner Security Architect, Azure Security Original PowerShell developer and author of the PowerShell Cookbook
Recommended for anyone who wants to learn automation and scripting in a security context. Miriam is an expert in her field and imparts invaluable knowledge.
— Sarah Young Senior Security Program Manager and author
Set to become the definitive standard in PowerShell security, this book offers practical, real-world examples empowering both red and blue teams at any expertise level. Unleash the full power of PowerShell to master Windows, Active Directory, and Azure with confidence.
— Andy Robbins Co-Creator of BloodHound
Contributors
About the author
Miriam C. Wiesner is a senior security researcher at Microsoft, with over 15 years of experience in IT and IT security. She has held various positions, including administrator/system engineer, software developer, premier field engineer, program manager, security consultant, and pentester.
She is also a renowned creator of open source tools based in PowerShell, including EventList and JEAnalyzer. She has been invited multiple times to present the research behind her tools at many international conferences, such as Black Hat (the US, Europe, and Asia), PSConfEU, and MITRE ATT&CK workshop. Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.
Thanks to my publisher, my amazing technical reviewers, and all the great people that were involved in creating and publishing this book. All of your input and help was really invaluable during the writing of this book.
About the reviewers
Michael Melone is a cybersecurity professional with over 20 years of IT experience, including over 7 years of performing targeted attack incident response as part of Microsoft Incident Response (formerly DART). In his current role, he works as a Principal Security Researcher for Microsoft Defender Experts for XDR helping investigate and respond to threats experienced by its customers. Michael is a member of the Keiser University curriculum board and holds multiple industry certifications, a Master of Science in information assurance and security from Capella University, and an Executive Master of Business Administration from the University of South Florida. He is the author of the books Designing Secure Systems and Think Like a Hacker.
Carlos Perez has been active in the information security and information systems scene since the late 90s, covering all parts of the spectrum of positions and projects. He worked for Compaq, Microsoft, HP, and Tenable Network Security, working on attack emulation, data center design, incident response, and automation. His contribution to security in automation with PowerShell has earned him the Microsoft Most Valuable Professional (MVP) award for over ten years. He is currently working as a research lead developing both offensive and defensive tooling, in addition to being active in the...
Erscheint lt. Verlag | 16.8.2023 |
---|---|
Vorwort | Tanya Janca |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
ISBN-10 | 1-80056-926-2 / 1800569262 |
ISBN-13 | 978-1-80056-926-3 / 9781800569263 |
Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
Haben Sie eine Frage zum Produkt? |
Digital Rights Management: ohne DRM
Dieses eBook enthält kein DRM oder Kopierschutz. Eine Weitergabe an Dritte ist jedoch rechtlich nicht zulässig, weil Sie beim Kauf nur die Rechte an der persönlichen Nutzung erwerben.
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür die kostenlose Software Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür eine kostenlose App.
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich