PowerShell Automation and Scripting for Cybersecurity Hacking and Defense for Red and Blue Teamers
You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham
Packt Publishing, Limited
2023
|
| Edition: | 1st edition |
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Cover
- Title Page
- Copyright and Credits
- Foreword
- Contributors
- Table of Contents
- Preface
- Part 1: PowerShell Fundamentals
- Chapter 1: Getting Started with PowerShell
- Technical requirements
- What is PowerShell?
- The history of PowerShell
- Why is PowerShell useful for cybersecurity?
- Getting started with PowerShell
- Windows PowerShell
- PowerShell Core
- Execution Policy
- Help system
- PowerShell versions
- PowerShell editors
- Summary
- Further reading
- Chapter 2: PowerShell Scripting Fundamentals
- Technical requirements
- Variables
- Data types
- Authentication protocols
- Basic authentication security considerations
- PowerShell remoting and credential theft
- Executing commands using PowerShell remoting
- Executing single commands and script blocks
- Working with PowerShell sessions
- Best practices
- Summary
- Further reading
- Chapter 4: Detection
- Auditing and Monitoring
- Technical requirements
- Configuring PowerShell Event Logging
- PowerShell Module Logging
- PowerShell Script Block Logging
- Protected Event Logging
- PowerShell transcripts
- Analyzing event logs
- Finding out which logs exist on a system
- Querying events in general
- Which code was run on a system?
- Downgrade attack
- EventList
- Getting started with logging
- An overview of important PowerShell-related log files
- Increasing log size
- Summary
- Further reading
- Part 2: Digging Deeper
- Identities, System Access, and Day-to-Day Security Tasks
- Chapter 5: PowerShell Is Powerful
- System and API Access
- Technical requirements
- Getting familiar with the Windows Registry
- Working with the registry
- Security use cases
- User rights
- Configuring access user rights
- Automatic variables
- Environment variables
- Reserved words and language keywords
- Variable scope
- Operators
- Comparison operators
- Assignment operators
- Logical operators
- Control structures
- Conditions
- Loops and iterations
- Naming conventions
- PowerShell profiles
- Understanding PSDrives in PowerShell
- Making your code reusable
- Cmdlets
- Functions
- The difference between cmdlets and script cmdlets (advanced functions)
- Aliases
- Modules
- Summary
- Further reading
- Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting
- Technical requirements
- Working remotely with PowerShell
- PowerShell remoting using WinRM
- Windows Management Instrumentation (WMI) and Common Information Model (CIM)
- Open Management Infrastructure (OMI)
- PowerShell remoting using SSH
- Enabling PowerShell remoting
- Enabling PowerShell remoting manually
- Configuring PowerShell Remoting via Group Policy
- PowerShell endpoints (session configurations)
- Connecting to a specified endpoint
- Creating a custom endpoint
- a peek into JEA
- PowerShell remoting authentication and security considerations
- Authentication