
Review courses 6–8 to prepare for course 9 on PowerShell security. Build foundational skills in Windows Server 2019, PowerShell basics, scripting, pipelines, and remote management.
Engage in hands-on labs to master Windows PowerShell security best practices and defend against threats, exploring editions, cross-platform PowerShell Core, and security overview.
Explore the PowerShell architecture, including the runtime engine, the shell inside a hosting application, spaces, commands, modules, providers, and workflows, to improve secure script execution.
Explore PowerShell version history from 1 through 6 and beyond, and learn security enhancements, Windows PowerShell versus PowerShell Core, open source PowerShell code, and cross-platform implications.
Learn to run Windows PowerShell modules in PowerShell Core using CDXML, PSCoreWindowCompact, and PSModulePath, with the Windows compatibility pack and notes on Active Directory.
Explore PowerShell syntax and parameters for Windows PowerShell and PowerShell core, including command, script, encoded command, execution policy, and deployment considerations across Windows, Linux, and macOS.
Learn how to install PowerShell core on Red Hat based Linux distributions, download the package, install via sudo, and verify the PowerShell version and basic commands.
Install PowerShell core on macOS using Homebrew (the preferred package manager), direct download, or binary archives, then verify the version and restart the shell to complete the setup.
Learn to manage local and remote PowerShell script execution using execution policies, scopes, and code signing, while leveraging the anti-malware scan interface to strengthen Windows security.
Explore how code signing certificates from a certification authority create an electronic stamp and encrypted script to prevent tampering, enforce authentication, and ensure PowerShell execution policies protect networks.
Prepare and issue a code signing certificate for Victoria P.S.1 through the domain controller and Active Directory Certificate Services, configuring a template and enabling administrator use.
Learn how code signing with a certificate authority protects PowerShell scripts by enforcing an all signed execution policy, preventing tampering with script files.
Check and set PowerShell execution policy to all signed, create and sign a script with a certificate, verify the signature, and deploy trusted publishers to ensure secure script execution.
Configure a DSC pull server using PowerShell Desired State Configuration. Install the x DSC module, deploy the pull server configuration, and set up an IIS site on port 1880.
Install Linux in a virtual machine by downloading the mix image, configuring network adapters, creating a 20 gigabyte storage disk, and completing initial setup and updates.
Install and configure PowerShell on Linux by updating libraries, adding the Microsoft repository, and installing PowerShell, then update the help system and explore core commands for remote access.
Learn to use nmap and zenmap for information gathering, detecting operating systems and open ports. See how to block unnecessary ports with a firewall.
Build a PowerShell port scanner using arrays for tcp and udp ports, test local connections for open or closed ports, and prepare a remote report via domain controller access.
Develop a tcp port scanner in PowerShell to test common tcp and udp ports, handle connectivity with try/catch, and report open or closed status for targets like a domain controller.
Teach how to build a UDP port scanner in PowerShell, creating a UDP client, setting a one-second timeout, encoding ASCII data, and assessing server responses to determine port status.
Build a UDP port scanner listener in PowerShell by creating a UDP endpoint with IPAddress.Any and port 0, listen for responses, print IP and port, handle errors, and close sockets.
Learn to open or close ports using PowerShell and Windows firewall, covering graphical user interface, local group policy, and domain group policy, with inbound/outbound rules and port 1433.
Learn to build a PowerShell script that retrieves all security groups and their members from Active Directory, prints the results, and saves them to a file for security review.
Create and save a PowerShell script that exports GPO information, including display name, ID, status, creation and modification times, and generates per-GPO reports saved to a designated output directory.
Discover how to create, link, and modify GPOs with PowerShell, set registry values (screen saver timeout) for user and machine scopes, and generate deployment reports.
Build a PowerShell script to search a GPO registry key and value, deploy with gpupdate /force, and validate across multiple GPOs using a get registry value function.
Develop and test a PowerShell script that iterates through seven servers, calculates and displays percent complete, handles discovery of shares, and saves results to a file.
Write a script to retrieve directory information, including group membership and permissions, for a specific path and its subfolders, with input parameters and an optional graphical interface.
Import the module and run the scan-permission function to understand required variables, then test a temporary folder with subfolders recursively to reveal read and write access.
Develop a flexible PowerShell script to scan directories (path, system 32, current directory) with optional recursion and alerts, colorized output, and parameter-driven configuration.
Develop a flexible PowerShell script to audit shared folder permissions across domain devices, targeting by IP or file and using a domain query parameter to scan the entire domain.
Develop PowerShell security best practices by building modular functions with a built-in help system and parameter configuration. Learn to scan and enumerate shared folders across local, IP list, and domain targets using a dedicated explore shares security function for read and write permissions.
Learn to implement PowerShell security best practices by building a function to enumerate shared folders and permissions, handle errors with try/catch, and print access control lists.
Compile and deploy Windows PowerShell logging with desired state configuration (DSC) across three lab devices, test exploits, and strengthen security using just enough administration and group policy approaches.
Explore Mimikatz in memory and the use of PowerShell to download and deploy it on remote systems, while addressing Windows Defender antivirus warnings and logs.
Learn how Mimikatz analyzes compiled executables and dlls, evaluates memory protections such as aslr and dep, and explores privilege checks and Kerberos tickets for security learning.
Configure a jea role capability and session configuration to restrict admin tasks to restarting the print spooler service, create and test the capability file, and deploy the module path.
Demonstrates testing restricted remote access with PowerShell by configuring session permissions, enabling and disabling restricted configurations, and enforcing limited command scopes to improve server security.
Course Description
The primary objective of Windows PowerShell was to help IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.
To take advantage of the benefits that Windows PowerShell has to offer, while at the same time, minimise security-related risks, it is essential to understand the primary aspects of Windows PowerShell operational security. Another aspect that is critical to consider in the context of this course is the role of Windows PowerShell in security exploits.
You will then explore the most common Windows PowerShell-based techniques employed by hackers in order to leverage existing access to a Windows operating system to facilitate installation of malicious software, carry out reconnaissance tasks, establish its persistence on the target computer, and promote lateral movement. You will also review some of Windows PowerShell-based security tools that facilitate penetration testing, forensics, and reverse engineering of Windows PowerShell exploits. To conclude the course, you will provide a summary of technologies recommended by the Blue Team that are geared towards implementing comprehensive, defense-in-depth security against Windows PowerShell-based attacks.
Course Outline
Module 1, “PowerShell Fundamentals", In this module, you will learn about PowerShell fundamentals, including its architectural design, its editions and versions, and basics of interacting with PowerShell, you will learn in practical the difference between FullCLR and CoreCLR, how to install PowerShell core on Windows, Linux and MAC, and how to deal with PowerShell profiles.
Module 2, “PowerShell Operational Security", In this module, you will learn about enhancing operating system security by leveraging built-in Windows PowerShell features and technologies that are part of the Windows PowerShell operational environment.
In practical side of this module you will learn to deal with below:
1. Upgrade execution policy level to increase security level in your network.
2. Deal with code signing certificate.
3. Authenticate script file with authorized certificate.
Module 3, “Implementing PowerShell-based Security", The purpose of this module is to present the most common and effective methods of leveraging Windows PowerShell to enhance operating system security. These methods include:
Protecting from unintended configuration changes by relying on PowerShell Desired State Configuration (DSC)
Implementing the principle of least privilege in remote administration scenarios by using Just Enough Administration (JEA)
Tracking and auditing events that might indicate exploit attempts by using Windows PowerShell logging.
Module 4, “Windows PowerShell-based Exploits and their Mitigation ", In this module, we will first approach the Windows PowerShell-based security from the Red Team’s perspective. We will explore the most common Windows PowerShell-based techniques employed by hackers in order to leverage existing access to a Windows operating system to facilitate installation of malicious software, carry out reconnaissance tasks, establish its persistence on the target computer, and promote lateral movement. We will also review some of Windows PowerShell-based security tools that facilitate penetration testing, forensics, and reverse engineering of Windows PowerShell exploits. To conclude the module and the course, we will provide a summary of technologies recommended by the Blue Team that are geared towards implementing comprehensive, defense-in-depth security against Windows PowerShell-based attacks.
Module 5, “Network & Firewall", In this practical module, you will learn how to write ports scanner script, test network servers, and use 4 different methods to secure ports using firewall.
Module 6, “Domain inventory", In this practical module, you will learn how to detect suspected profile in any domain PCs, deploy your code for profile detection, write other inventory codes to create reports of AD groups, users, GPOs ..etc, write script to manage registry key and values .
Module 7, “Domain shares", In this module, you will learn how to deal with network shares, you will write a script to manage following scenarios:
Domain servers shares
Shared Directory security info
Network shares
By end of this course you have necessary skills to enroll into course 10: Hack windows Server 2019 using PowerShell & WMI, and you will be able to write the main tool script with 3500+ code lines in that course.