PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers
Author: Miriam C. Wiesner (Author), Tanya Janca (Foreword)
Publisher finelybook 出版社: Packt Publishing
Publication Date 出版日期: 2023-08-16
Language 语言: English
Print Length 页数: 572 pages
ISBN-10: 1800566379
ISBN-13: 9781800566378
Book Description
Explore PowerShell’s offensive and defensive capabilities to strengthen your organization’s security
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
- Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses
- Research and develop methods to bypass security features and use stealthy tradecraft
- Explore essential security features in PowerShell and protect your environment against exploits and bypasses
Book Description
Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you’re a red or blue teamer, you’ll gain a deep understanding of PowerShell’s security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you’ll dive into PowerShell Remoting and remote management technologies. You’ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You’ll dig deeper into PowerShell’s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you’ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you’ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you’ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.
What you will learn
- Leverage PowerShell, its mitigation techniques, and detect attacks
- Fortify your environment and systems against threats
- Get unique insights into event logs and IDs in relation to PowerShell and detect attacks
- Configure PSRemoting and learn about risks, bypasses, and best practices
- Use PowerShell for system access, exploitation, and hijacking
- Red and blue team introduction to Active Directory and Azure AD security
- Discover PowerShell security measures for attacks that go deeper than simple commands
- Explore JEA to restrict what commands can be executed
Who this book is for
This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.
Table of Contents
- Getting Started with PowerShell
- PowerShell Scripting Fundamentals
- Exploring PowerShell Remote Management Technologies and PowerShell Remoting
- Detection – Auditing and Monitoring
- PowerShell Is Powerful – System and API Access
- Active Directory – Attacks and Mitigation
- Hacking the Cloud – Exploiting Azure Active Directory/Entra ID
- Red Team Tasks and Cookbook
- Blue Team Tasks and Cookbook
- Language Modes and Just Enough Administration (JEA)
- AppLocker, Application Control, and Code Signing
- Exploring the Antimalware Scan Interface (AMSI)
- What Else? – Further Mitigations and Resources
Review
“This book is an extension of her efforts to share knowledge while hacking all the things. Every security-related feature of PowerShell, and how to use it to your distinct advantage, is in this book. Whether you’re calling Windows APIs or other subsystem functions, using it to manipulate Azure, or bypassing security controls, there’s something in this book for you. With Windows being the most popular operating system on the planet, this powerful scripting language can take you further than most others for penetration tests, red teaming, and security research.
This book can also serve as a playbook on where to start, where to go next, and so on when using PowerShell for an offensive security engagement, but also how to use it to ensure you defend and harden your systems from these attacks. You can even create scripts to alert you when people are attempting, but failing, to get into your systems!
Although previous scripting knowledge is necessary to follow this book, you will start off with the PowerShell fundamentals, such as hardening and detection, then move on to more advanced topics such as hacking Azure Active Directory, API and Windows system calls, language modes, and JEA.
If you want to be a penetration tester that works with Windows and/or Azure, or you’re interested in security automation, this book is for you. I hope you love it as much as I did!”
—
Tanya Janca, Author of Alice and Bob Learn Application Security, CEO and Founder of We Hack Purple
About the Author
Miriam C. Wiesner is a senior security researcher at Microsoft, with over 15 years of experience in IT and IT security. She has held various positions, including administrator/system engineer, software developer, premier field engineer, program manager, security consultant, and pentester.
She is also a renowned creator of open source tools based in PowerShell, including EventList and JEAnalyzer. She has been invited multiple times to present the research behind her tools at many international conferences, such as Black Hat (the US, Europe, and Asia), PSConfEU, and MITRE ATT&CK workshop. Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.
相关推荐
- Zabbix 7 IT Infrastructure Monitoring Cookbook: Explore the new features of Zabbix 7 for designing, building, and maintaining your Zabbix setup, 3rd Edition
- Real-World Edge Computing: Scale, secure, and succeed in the realm of edge computing with Open Horizon
- Mastering DevOps on Microsoft Power Platform: Build, deploy, and secure low-code solutions on Power Platform using Azure DevOps and GitHub
- Microsoft Unified XDR and SIEM Solution Handbook: Modernize and build a unified SOC platform for future-proof security
- Microsoft Dynamics 365 AI for Business Insights: Transform your business processes with the practical implementation of Dynamics 365 AI modules
- VMware Cloud on AWS Blueprint: Design, automate, and migrate VMware workloads on AWS global infrastructure