Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: PowerShell Fundamentals

2. Chapter 1: Getting Started with PowerShell FREE CHAPTER

• Technical requirements
• What is PowerShell?
• Getting started with PowerShell
• Summary
• Further reading

3. Chapter 2: PowerShell Scripting Fundamentals

• Technical requirements
• Variables
• Operators
• Control structures
• Naming conventions
• PowerShell profiles
• Understanding PSDrives in PowerShell
• Making your code reusable
• Summary
• Further reading

4. Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting

• Technical requirements
• Working remotely with PowerShell
• Enabling PowerShell remoting
• PowerShell endpoints (session configurations)
• PowerShell remoting authentication and security considerations
• Executing commands using PowerShell remoting
• Best practices
• Summary
• Further reading

5. Chapter 4: Detection – Auditing and Monitoring

• Technical requirements
• Configuring PowerShell Event Logging
• Analyzing event logs
• Getting started with logging
• Summary
• Further reading

6. Part 2: Digging Deeper – Identities, System Access, and Day-to-Day Security Tasks

7. Chapter 5: PowerShell Is Powerful – System and API Access

• Technical requirements
• Getting familiar with the Windows Registry
• User rights
• Basics of the Windows API
• Exploring .NET Framework
• Understanding the Component Object Model (COM) and COM hijacking
• Common Information Model (CIM)/WMI
• Running PowerShell without powershell.exe
• Summary
• Further reading

8. Chapter 6: Active Directory – Attacks and Mitigation

• Technical requirements
• Introduction to Active Directory from a security point of view
• How attacks work in a corporate environment
• ADSI, ADSI accelerators, LDAP, and the System.DirectoryServices namespace
• Enumeration
• Enumerating GPOs
• Enumerating groups
• Privileged accounts and groups
• Password spraying
• Access rights
• Credential theft
• Mitigation
• Microsoft baselines and the security compliance toolkit
• Summary
• Further reading

9. Chapter 7: Hacking the Cloud – Exploiting Azure Active Directory/Entra ID

• Technical requirements
• Differentiating between AD and AAD
• Authentication in AAD
• Privileged accounts and roles
• Accessing AAD using PowerShell
• Attacking AAD
• Credential theft
• Mitigations
• Summary
• Further reading

10. Chapter 8: Red Team Tasks and Cookbook

• Technical requirements
• Phases of an attack
• Common PowerShell red team tools
• Red team cookbook
• Summary
• Further reading

11. Chapter 9: Blue Team Tasks and Cookbook

• Technical requirements
• Protect, detect, and respond
• Common PowerShell blue team tools
• Blue team cookbook
• Summary
• Further reading

12. Part 3: Securing PowerShell – Effective Mitigations In Detail

13. Chapter 10: Language Modes and Just Enough Administration (JEA)

• Technical requirements
• What are language modes within PowerShell?
• Understanding JEA
• Simplifying your deployment using JEAnalyzer
• Logging within JEA sessions
• Best practices – avoiding risks and possible bypasses
• Summary
• Further reading

14. Chapter 11: AppLocker, Application Control, and Code Signing

• Technical requirements
• Preventing unauthorized script execution with code signing
• Controlling applications and scripts
• Getting familiar with Microsoft AppLocker
• Exploring Windows Defender Application Control
• How does PowerShell change when application control is enforced?
• Further reading

15. Chapter 12: Exploring the Antimalware Scan Interface (AMSI)

• Technical requirements
• What is AMSI and how does it work?
• Why AMSI? A practical example
• Bypassing AMSI
• Summary
• Further reading

16. Chapter 13: What Else? – Further Mitigations and Resources

• Technical requirements
• Secure scripting
• Exploring Desired State Configuration
• Hardening systems and environments
• Attack detection – Endpoint Detection and Response
• Summary
• Further reading

17. Index

• Why subscribe?

18. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book