CanSecWest: Security Masters Dojo Vancouver
Register for March 11-12 Course
Register for March 13-14 Course
Offensive PowerShell for Red and Blue Teams
Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice.
PowerShell has changed the way Windows networks are attacked. It is Microsoft's shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell.
This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase. Some of the techniques (see the course content for details), implemented using PowerShell, used in the course:
- In-memory shellcode execution using client side attacks.
- Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.)
- Using Metasploit payloads with no detection
- Active Directory trust mapping, abuse and Kerberos attacks.
- Dump Windows passwords, Web passwords, Wireless keys, LSA Secrets and other system secrets in plain text
- Using DNS, HTTPS, Gmail etc. as communication channels for shell access and exfiltration.
- Network relays, port forwarding and pivots to other machines.
- Reboot and Event persistence
- Bypass security controls like Firewalls, HIPS and Anti-Virus.
The course is a mixture of demonstrations, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools. Attendees will get free one month access to a complete Active Directory environment after the training.
Attendees would be able to write own scripts and customize existing ones for security testing after this training. This training aims to change how you test a Windows based environment.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
- Using ISE
- Help system
- Syntax of cmdlets and other commands
- Variables, Operators, Types, Output Formatting
- Conditional and Loop Statements
- PowerShell Remoting and Jobs
- Writing simple PowerShell scripts
- Extending PowerShell with .Net
- WMI with PowerShell
- Playing with the Windows Registry
- COM Objects with PowerShell
- Recon, Information Gathering and the likes Vulnerability Scanning and Analysis Exploitation - Getting a foothold
- Exploiting MSSQL Servers
- Client Side Attacks with PowerShell
- PowerShell with Human Interface Devices
- Using Metasploit and PowerShell together
Post Exploitation and Lateral Movement
- Post-Exploitation What PowerShell is actually made for
- Enumeration and Information Gathering
- Privilege Escalation
- Dumping System and Domain Secrets
- Kerberos attacks (Golden, Silver Tickets and more)
- Backdoors and Command and Control
- Pivoting to other machines
- Poshing the hashesTM
- Replaying credentials
- Network Relays and Port Forwarding
- Achieving Persistence
- Detecting and stopping PowerShell attacks
- Quick System Audits with PowerShell
- Security controls available with PowerShell What would the attendees gain?
What would the attendees gain?
- PowerShell Hacker's Cheat Sheet, one month access to the online Lab, solutions to exercises, sample source code, Lab manual, Lab machines (VM), updated tools and extra slides explaining things which could not be covered.
- The attendees would learn a powerful attack method which could be applied from day one after the training.
- The attendees would understand that it is not always required to use third party executables, non-native code or memory corruption exploits on the targets.
- The attendees would learn how PowerShell reduces dependence on existing frameworks yet seamlessly integrates with them.
- Basic understanding of how penetration tests are done.
- Basic understanding of a programming or scripting language could be helpful but is not mandatory.
- An open mind.
- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.