C)PSH: PowerShell Hacker

The Certified Powershell Hacker, C)PSH, course is an intense few days covering the keys to being a Powershell hacker. Most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management.

A Powershell Hacker can be a security risk, or an asset to prevent breaches. Which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux! The course is based on real world implementations of a windows infrastructure along with real world penetration testing techniques. You will leave with a real strong skill set to help test your windows environment like never before. An attendee will also walk away with a strong skill set on how to help prevent these attacks from happening in the first place!

Prerequisites

  • Mile2 C)PEH and C)PTE or equivalent knowledge
  • Understanding of pen testing
  • General Understanding of active directory
  • General understanding of scripting and programing

Target audience

  • Microsoft Administrators
  • Cybersecurity Managers/Administrators
  • Penetration Testers
  • Active Directory Administrators


Modules:

  • Module 1 - Introduction to PowerShell
  • Module 2 - lndroduction to Active Directory and Kerberos
  • Module 3 - Pen Testing Revisited for the Powershell Hacker
  • Module 4 - Information Gathering and Enumeration
  • Module 5 - Privilege Escalation
  • Module 6 - Lateral Movements and Abusing Trust
  • Module 7 - Persistence and Bypassing Defenses
  • Module 8 - Defending Against PowerShell Attacks

Case study labs:

Lab 1 – PowerShell Basics
Lab 2 – Active directory Navigation
Lab 3 – Metasploit Attack
Lab 4 – PowerShell Enumeration
Lab 5 – Guessing Passwords
Lab 6 – AD Golden Ticket
Lab 7 – Using PowerShell Empire for Everything

Detailed outline:

Module 1 Introduction to PowerShell 

  • Different Tool Options
  • Installing everything needed
  • Language Basics
  • Using the Windows API and WMI
  • Interacting with the Registry
  • Managing Objects and COM Objects

Module 2 – Introduction to Active Directory and Kerberos 

  • Overview of Kerberos
  • The three-headed monster
  • Key Distribution Center
  • Kerberos in Detail
  • Why we care about Kerberos as a Hacker
  • Overview of Active Directory
  • Understanding AD concepts
  • AD Objects and Attributes

Module 3 – Pen Testing Methodology Revisited 

  • Introduction to the methodology 
  • The Plan!! 
  • Vulnerability Identification 
  • Client-side attacks with and without PowerShell

Module 4 – Information Gathering and Enumeration 

  • What can a domain user see?
  • Domain Enumeration
  • Trust and Privileges Mapping
  • After the client exploit

Module 5 – Privilege Escalation 

  • Local Privilege Escalation 
  • Credential Replay Attacks
  • Domain Privilege Escalation
  • Dumping System and Domain Secrets
  • PowerShell with Human Interface Devices

Module 6 – Lateral Movements and Abusing Trust 

  • Kerberos attacks (Golden, Silver Tickets and more) 
  • Delegation Issues 
  • Attacks across Domain Trusts
  • Abusing Forest Trusts 
  • Abusing SQL Server Trusts
  • Pivoting to other machines

Module 7 – Persistence and Bypassing Defenses 

  • Abusing Active Directory ACLs
  • Maintaining Persistence
  • Bypassing Defenses
  • Attacking Azure Active Directory

Module 8 – Defending Against PowerShell Attacks 

  • Defending an Active Directory Infrastructure
  • Detecting Attacks
  • Logging
  • Transcripts
  • Using Certificates
  • Using Bastion Hosts
  • Using AppLocker

 

Upon completion:

Upon completion, the Certified PowerShell Hacker, C)PSH candidate will be able to competently take the C)PSH exam and protect a powershell system from attack.

Exam information:

The Certified Powershell Hacker exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account.  The exam will take approximately 2 hours and consist of 100 multiple choice questions.  

A minimum grade of 70% is required for certification.

Exam is included in the course fee!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

  1. Pass the most current version of the exam for your respective existing certification
  2. Earn and submit 20 CEUs per year in your Mile2 account.   

FAQ

1. Hva koster kurset?
Prisen er 30 000 NOK for hele kurset. (Eksamen er inkludert.)

2. Hvor lenge varer kurset?
Kurset går over 4 dager.

3. Hvordan foregår kurset?

  • Format: Tilbys både fysisk i klasserom og som live virtuelt kurs.

  • Opplegg: Kombinasjon av teori, demoer og omfattende hands-on labs i et kontrollert labmiljø.

4. Hvem passer dette kurset for?
Dette kurset passer for:

  • Microsoft-administratorer

  • Penetration testers / ethical hackers

  • Active Directory-administratorer

  • Cybersecurity engineers og incident responders

5. Hvilke forkunnskaper bør jeg ha?
Anbefalte forkunnskaper/erfaring:

  • Mile2 C)PEH eller C)PTE eller tilsvarende erfaring (eller erfaring med penetration testing)

  • God forståelse av TCP/IP og nettverkskonsepter

  • Erfaring med ett programmerings-/scriptspråk og grunnleggende Linux/Windows-kunnskap

6. Hva lærer jeg i kurset?
Etter kurset vil du kunne blant annet:

  • Bruke PowerShell effektivt for både administrasjon og offensive tester

  • Forstå og utnytte Active Directory og Kerberos-mekanismer (Golden/Silver tickets osv.)

  • Utføre informasjonsinnhenting, domenenumerasjon og priviligerings-eskalering

  • Lage exploit-workflows (fuzzing, buffer overflows i målrettede situasjoner)

  • Gjennomføre lateral movement, persistens og teknikker for å omgå forsvar

  • Implementere og anbefale mottiltak for å beskytte Windows/AD-miljøer mot PowerShell-angrep

7. Er dette kurset praktisk? (labs & øvelser)
Ja — tungt laboratorie-fokus. Eksempler på labs og praktiske øvelser:

  • PowerShell-grunnleggende og lab-oppsett

  • Active Directory-navigasjon og Kerberos-angrep (Golden Ticket)

  • Metasploit-angrep og PowerShell-enumeration

  • Password guessing, dumping og credential replay

  • Bruk av PowerShell Empire og exploit-workflows

8. Hvordan er eksamen?

  • Eksamen tas online via Mile2’s Learning Management System (LMS).

  • Typisk format: ca. 2 timer, 100 multiple-choice spørsmål.

  • Minimum 70 % riktig kreves for å bestå.

  • (Hands-on ferdigheter øves i labene og er relevant for praktisk forståelse ved eksamen.)

9. Gir kurset sertifisering?
Ja — ved bestått eksamen blir du Certified PowerShell Hacker (C)PSH. Sertifiseringen utdeles gjennom Mile2.

10. Hvordan fornyer jeg sertifiseringen?
Fornyelse/vedlikehold:

  • Bestå gjeldende versjon av eksamen ved behov for re-sertifisering.

  • Opparbeide og rapportere CEUs (Continuing Education Units) i din Mile2-konto i henhold til Mile2s krav.

11. Kan jeg delta digitalt / bestille bedriftskurs?
Ja — kurset tilbys både som fysisk kurs og som live virtuelt kurs. Vi kan også levere kurset som bedriftsinternt, skreddersydd etter organisasjonens behov.

Andre relevante kurs

5 dager
Classroom Virtual
5 dager
Classroom Virtual
4 dager
Classroom Virtual