PowerShell for Penetration Testers

Transcription

1 Training: PowerShell for Penetration Testers Dates of the training: March 14-15,2016 in Heidelberg, Germany Book Now using the code: TR16HMTRAINING and save an additional 10% of the current valid rate! Overview PowerShell has changed the way Windows networks are attacked. It is Microsoft s shell and scripting language available by default in all modern Windows computers. It could interact with.net, WMI, COM, Windows API, Registry and other computers on a Windows network. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests done by the instructor. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase. Some of the techniques (see the course content for details), implemented using PowerShell, used in the course: In-memory shellcode execution using client side attacks. Exploiting SQL Servers (more than executing commands) Using Metasploit payloads with no detection Active Directory trust mapping, abuse and Kerberos attacks. Dump Windows passwords, Web passwords, Wireless keys, LSA Secrets and other system secrets in plain text Using DNS, HTTPS, Gmail etc. as communication channels for shell access and exfiltration. Network relays, port forwarding and pivots to other machines.

2 Reboot and Event persistence Bypass security controls like Firewalls, HIPS and Anti-Virus. The course is a mixture of demonstrations, exercises, hands-on and lecture. The course also has a live CTF which attendees could try with and after the training. Course Content Introduction to PowerShell Language Essentials Using ISE Help system Syntax of cmdlets and other commands Variables, Operators, Types, Output Formatting Conditional and Loop Statements Functions Modules PowerShell Remoting and Jobs Writing simple PowerShell scripts Extending PowerShell with.net WMI with PowerShell Playing with the Windows Registry COM Objects with PowerShell Recon, Information Gathering and the likes Vulnerability Scanning and Analysis Exploitation Getting a foothold Exploiting MSSQL Servers Client Side Attacks with PowerShell PowerShell with Human Interface Devices Writing shells in PowerShell Using Metasploit and PowerShell together Porting Exploits to PowerShell

3 Post-Exploitation What PowerShell is actually made for Enumeration and Information Gathering Privilege Escalation Dumping System and Domain Secrets Kerberos attacks (Golden, Silver Tickets and more) Backdoors Pivoting to other machines Poshing the hashes Replaying credentials Network Relays and Port Forwarding Achieving Persistence Clearing Tracks Quick System Audits with PowerShell Detecting PowerShell attacks Security controls available with PowerShell What Would the Attendees Gain? PowerShell Hacker s Cheat Sheet, access to the online CTF, solutions to exercises, sample source code, Lab manual, Lab machines (VM), updated tools and extra slides explaining things which could not be covered. The attendees would learn a powerful attack method which could be applied from day one after the training. The attendees would understand that it is not always required to use a third party tool or non-native code on the target machine for post exploitation. The attendees would learn how PowerShell makes things easier than previous scripting options on Windows like VB. Attendees would be able to write own scripts and customize existing ones for security testing after this training. This training aims to change how you test a Windows based environment.

4 PREREQUISITES: Basic understanding of how penetration tests are done. Basic understanding of a programming or scripting language could be helpful but is not mandatory. An open mind. SYSTEM REQUIREMENTS: A Windows 7 or later system with 4 GB RAM, with Administrative access and ability to run PowerShell scripts. Ability to run VMware virtual machines. About Your Trainer: Nikhil Mittal He is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients. He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world s top information security conferences. He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at

5 Booking Recommended Online Booking of Trainings Through: Sign-Up Form Booking code: TR16HMTRAINING Using this booking code automatically gives you an additional 10% off the current valid price! You can register with this code up until March 13 th, Contact TROOPERS ORGANIZATION TEAM Need assistance? Zögern Sie nicht uns zu kontaktieren. Wir sprechen fließend Englisch und Deutsch. Booking is also possible offline through your trusted partner from: HM Training Solutions, Falkenstrasse 6,63820 Elsenfeld, Germany