PowerShell Automation and Scripting for Cybersecurity

Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security with this practical guidePurchase of the print or Kindle book includes a free PDF eBookKey FeaturesMaster PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defensesResearch and develop methods to bypass security features and use stealthy tradecraftExplore essential security features in PowerShell and protect your environment against exploits and bypassesBook DescriptionTake your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you re a red or blue teamer, you ll gain a deep understanding of PowerShell s security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you ll dive into PowerShell Remoting and remote management technologies. You ll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You ll dig deeper into PowerShell s capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you ll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You ll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you ll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you ll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.What you will learnLeverage PowerShell, its mitigation techniques, and detect attacksFortify your environment and systems against threatsGet unique insights into event logs and IDs in relation to PowerShell and detect attacksConfigure PSRemoting and learn about risks, bypasses, and best practicesUse PowerShell for system access, exploitation, and hijackingRed and blue team introduction to Active Directory and Azure AD securityDiscover PowerShell security measures for attacks that go deeper than simple commandsExplore JEA to restrict what commands can be executedWho this book is forThis book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.]]>