Powershell for Penetration Testers presented at DeepSec 2014

by Nikhil Mittal,

Summary : PowerShell has changed the way how Windows is used, secured and also the way Windows is 0wned. It is an automation platform for everybody; developers, defenders and attackers. PowerShell provides easy access to almost everything in a Windows machine and network. It comes installed by default in modern versions of Windows. During a penetration test, it could be really helpful to use this powerful shell and scripting language for further attacks.
This training would help anyone who wants to know more about powershell from a security perspective. If you are a defender, you could learn how this attack vector can be used against a corporate environment. If you are a pen tester you would learn how to use powershell for pen testing in a windows environment. You will learn various techniques like privilege escalation, backdoors, keylogging, data exfiltration, dumping system secrets in plain, persistence, pivoting, in-memory code execution, using top sites as C&C, web shells, bots... the list goes on.
Learning how to use a target environment for your purpose is crucial in pen tests. Open source tools which help in achieving this would also be discussed including those written by the trainer. The training aims to bring PowerShell goodness to security professionals and includes hands-on in a lab environment and CTF like exercises. You would be able to write your own scripts for security testing after this training. This training aims to forever change how you pen test a Windows based environment.
Course Content
1. Introduction to PowerShell
2. Using ISE, help system, cmdlets and syntax of PowerShell
3. Writing simple PowerShell scripts
4. Functions, Objects, Pipeline, Jobs and Modules
5. Recon, Information Gathering and the likes - Tools written/integrated in powershell
6. Vulnerability Scanning and Analysis – Tools written/integrated in powershell
7. Exploitation – Usage with Metasploit
8. Post-Exploitation – What powershell is actually made for
9. Pivoting to other machines
10. Poshing the hashes™
11. PowerShell with Human Interface Devices
12. PowerShell for Web App Pen testing
13. Achieving Persistence
14. Owning other MS products – SQL Server, Exchange, AD etc.
15. Clearing Tracks
16. Quick System Audits with Powershell
17. Security controls available with PowerShell