Details zum E-Book

PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers

PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers

Miriam C. Wiesner, Tanya Janca

E-book
Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you’re a red or blue teamer, you’ll gain a deep understanding of PowerShell’s security capabilities and how to use them.
After revisiting PowerShell basics and scripting fundamentals, you’ll dive into PowerShell Remoting and remote management technologies. You’ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You’ll dig deeper into PowerShell’s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you’ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you’ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices.
By the end of this book, you’ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.
  • 1. Getting Started with PowerShell
  • 2. PowerShell Scripting Fundamentals
  • 3. Exploring PowerShell Remote Management Technologies and PowerShell Remoting
  • 4. Detection – Auditing and Monitoring
  • 5. PowerShell Is Powerful – System and API Access
  • 6. Active Directory – Attacks and Mitigation
  • 7. Hacking the Cloud – Exploiting Azure Active Directory/Entra ID
  • 8. Red Team Tasks and Cookbook
  • 9. Blue Team Tasks and Cookbook
  • 10. Language Modes and Just Enough Administration (JEA)
  • 11. AppLocker, Application Control, and Code Signing
  • 12. Exploring the Antimalware Scan Interface (AMSI)
  • 13. What Else? – Further Mitigations and Resources
  • Titel: PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers
  • Autor: Miriam C. Wiesner, Tanya Janca
  • Originaler Titel: PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers
  • ISBN: 9781800569263, 9781800569263
  • Veröffentlichungsdatum: 2023-08-16
  • Format: E-book
  • Artikelkennung: e_3ki8
  • Verleger: Packt Publishing