PowerShell Automation and Scripting for Cybersecurity Hacking and Defense for Red and Blue Teamers

Book Cover
Average Rating
Author
Wiesner, Miriam C.,
Published
Birmingham : Packt Publishing, Limited, 2023.
Status
Available Online

Description

Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security Purchase of the print or Kindle book includes a free PDF eBook Key Features Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research and develop methods to bypass security features and use stealthy tradecraft Explore essential security features in PowerShell and protect your environment against exploits and bypasses Book Description Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective. What you will learn Leverage PowerShell, its mitigation techniques, and detect attacks Fortify your environment and systems against threats Get unique insights into event logs and IDs in relation to PowerShell and detect attacks Configure PSRemoting and learn about risks, bypasses, and best practices Use PowerShell for system access, exploitation, and hijacking Red and blue team introduction to Active Directory and Azure AD security Discover PowerShell security measures for attacks that go deeper than simple commands Explore JEA to restrict what commands can be executed Who this book is for This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.

More Details

Format
Edition
1st edition.
Language
English
ISBN
9781800569263, 1800569262

Notes

General Note
Description based upon print version of record.
General Note
Mitigating risks through backup and restore privileges
Description
Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security Purchase of the print or Kindle book includes a free PDF eBook Key Features Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research and develop methods to bypass security features and use stealthy tradecraft Explore essential security features in PowerShell and protect your environment against exploits and bypasses Book Description Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective. What you will learn Leverage PowerShell, its mitigation techniques, and detect attacks Fortify your environment and systems against threats Get unique insights into event logs and IDs in relation to PowerShell and detect attacks Configure PSRemoting and learn about risks, bypasses, and best practices Use PowerShell for system access, exploitation, and hijacking Red and blue team introduction to Active Directory and Azure AD security Discover PowerShell security measures for attacks that go deeper than simple commands Explore JEA to restrict what commands can be executed Who this book is for This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.
Local note
O'Reilly O'Reilly Online Learning: Academic/Public Library Edition

Table of Contents

Cover
Title Page
Copyright and Credits
Foreword
Contributors
Table of Contents
Preface
Part 1: PowerShell Fundamentals
Chapter 1: Getting Started with PowerShell
Technical requirements
What is PowerShell?
The history of PowerShell
Why is PowerShell useful for cybersecurity?
Getting started with PowerShell
Windows PowerShell
PowerShell Core
Execution Policy
Help system
PowerShell versions
PowerShell editors
Summary
Further reading
Chapter 2: PowerShell Scripting Fundamentals
Technical requirements
Variables
Data types
Automatic variables
Environment variables
Reserved words and language keywords
Variable scope
Operators
Comparison operators
Assignment operators
Logical operators
Control structures
Conditions
Loops and iterations
Naming conventions
PowerShell profiles
Understanding PSDrives in PowerShell
Making your code reusable
Cmdlets
Functions
The difference between cmdlets and script cmdlets (advanced functions)
Aliases
Modules
Summary
Further reading
Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting
Technical requirements
Working remotely with PowerShell
PowerShell remoting using WinRM
Windows Management Instrumentation (WMI) and Common Information Model (CIM)
Open Management Infrastructure (OMI)
PowerShell remoting using SSH
Enabling PowerShell remoting
Enabling PowerShell remoting manually
Configuring PowerShell Remoting via Group Policy
PowerShell endpoints (session configurations)
Connecting to a specified endpoint
Creating a custom endpoint
a peek into JEA
PowerShell remoting authentication and security considerations
Authentication
Authentication protocols
Basic authentication security considerations
PowerShell remoting and credential theft
Executing commands using PowerShell remoting
Executing single commands and script blocks
Working with PowerShell sessions
Best practices
Summary
Further reading
Chapter 4: Detection
Auditing and Monitoring
Technical requirements
Configuring PowerShell Event Logging
PowerShell Module Logging
PowerShell Script Block Logging
Protected Event Logging
PowerShell transcripts
Analyzing event logs
Finding out which logs exist on a system
Querying events in general
Which code was run on a system?
Downgrade attack
EventList
Getting started with logging
An overview of important PowerShell-related log files
Increasing log size
Summary
Further reading
Part 2: Digging Deeper
Identities, System Access, and Day-to-Day Security Tasks
Chapter 5: PowerShell Is Powerful
System and API Access
Technical requirements
Getting familiar with the Windows Registry
Working with the registry
Security use cases
User rights
Configuring access user rights

Discover More

More Like This

  • x86 software reverse-engineering, cracking, and counter-measures Cover
  • Advanced persistent security: a cyberwarfare approach to implementing adaptive enterprise protection, detection, and reaction strategies Cover
  • Microcontroller exploits Cover
  • Tribe of hackers blue team: tribal knowledge from the best in defensive cybersecurity Cover
  • Hands on hacking Cover
  • Penetration testing essentials Cover
  • HACKER CULTURE A TO Z: a fun guide to the people, ideas, and gadgets that made the tech world Cover
  • BUILDING AND AUTOMATING PENETRATION TESTING LABS IN THE CLOUD: set up cost-effective hacking environments for learning cloud security on AWS, Azure, and GCP Cover
  • Becoming the hacker: the playbook for getting inside the mind of an attacker Cover
  • Hacking multifactor authentication Cover
  • Learn ethical hacking from scratch: your stepping stone to penetration testing Cover
  • Hacking exposed industrial control systems: ICS and SCADA security secrets & solutions Cover
  • Gray hat hacking: the ethical hacker's handbook Cover
  • Dream! Hack! Build!: unleash citizen-driven innovation with the power of hackathons Cover
  • How I rob banks: (and other such places) Cover
  • Reconnaissance for Ethical Hackers: Focus on the Starting Point of Data Breaches and Explore Essential Steps for Successful Pentesting Cover
  • Hacking web performance: moving beyond the basics of web performance optimization Cover
  • How to hack like a ghost Cover
  • Hunting cyber criminals: a hacker's guide to online intelligence gathering tools and techniques Cover
  • Mastering reverse engineering: re-engineer your ethical hacking skills Cover
  • The Iot hacker's handbook: a practical guide to hacking the internet of things Cover
  • Beginning ethical hacking with Python Cover
  • Hacks, leaks, and revelations: the art of analyzing hacked and leaked data Cover
  • Beginning ethical hacking with Kali Linux: computational techniques for resolving security issues Cover
  • Learning Kali Linux: security testing, penetration testing, and ethical hacking Cover

Reviews from GoodReads

Loading GoodReads Reviews.

Citations

APA Citation, 7th Edition (style guide)

Wiesner, M. C., & Janca, T. (2023). PowerShell Automation and Scripting for Cybersecurity: Hacking and Defense for Red and Blue Teamers (1st edition.). Packt Publishing, Limited.

Chicago / Turabian - Author Date Citation, 17th Edition (style guide)

Wiesner, Miriam C. and Tanya, Janca. 2023. PowerShell Automation and Scripting for Cybersecurity: Hacking and Defense for Red and Blue Teamers. Birmingham: Packt Publishing, Limited.

Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)

Wiesner, Miriam C. and Tanya, Janca. PowerShell Automation and Scripting for Cybersecurity: Hacking and Defense for Red and Blue Teamers Birmingham: Packt Publishing, Limited, 2023.

Harvard Citation (style guide)

Wiesner, M. C. and Janca, T. (2023). Powershell automation and scripting for cybersecurity: hacking and defense for red and blue teamers. 1st edn. Birmingham: Packt Publishing, Limited.

MLA Citation, 9th Edition (style guide)

Wiesner, Miriam C.,, and Tanya Janca. PowerShell Automation and Scripting for Cybersecurity: Hacking and Defense for Red and Blue Teamers 1st edition., Packt Publishing, Limited, 2023.

Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.

Staff View

Grouped Work ID
26257952-9777-f106-410d-7ba82bfc0366-eng
Go To Grouped Work View in Staff Client

Grouping Information

Grouped Work ID26257952-9777-f106-410d-7ba82bfc0366-eng
Full titlepowershell automation and scripting for cybersecurity hacking and defense for red and blue teamers
Authorwiesner miriam c
Grouping Categorybook
Last Update2025-01-24 12:33:29PM
Last Indexed2025-04-11 03:05:55AM

Book Cover Information

Image Sourcedefault
First LoadedJan 19, 2025
Last UsedApr 29, 2025

Marc Record

First DetectedDec 16, 2024 11:27:00 PM
Last File Modification TimeDec 17, 2024 08:26:26 AM
SuppressedRecord had no items

MARC Record

LEADER07591cam a22004937a 4500
001on1393307979
003OCoLC
00520241217082403.0
006m     o  d        
007cr cnu||||||||
008230812s2023    enk     o     000 0 eng d
019 |a 1393241978
020 |a 9781800569263
020 |a 1800569262
035 |a (OCoLC)1393307979|z (OCoLC)1393241978
037 |a 9781800566378|b O'Reilly Media
040 |a EBLCP|b eng|c EBLCP|d YDX|d ORMDA|d OCLCO|d UKAHL|d OCLCF
049 |a MAIN
050 4|a QA76.9.A25
08204|a 005.8|2 23/eng/20230822
1001 |a Wiesner, Miriam C.,|e author.
24510|a PowerShell Automation and Scripting for Cybersecurity|h [electronic resource] :|b Hacking and Defense for Red and Blue Teamers /|c Miriam C. Wiesner ; foreword by Tanya Janca.
250 |a 1st edition.
260 |a Birmingham :|b Packt Publishing, Limited,|c 2023.
300 |a 1 online resource (572 p.)
500 |a Description based upon print version of record.
500 |a Mitigating risks through backup and restore privileges
5050 |a Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: PowerShell Fundamentals -- Chapter 1: Getting Started with PowerShell -- Technical requirements -- What is PowerShell? -- The history of PowerShell -- Why is PowerShell useful for cybersecurity? -- Getting started with PowerShell -- Windows PowerShell -- PowerShell Core -- Execution Policy -- Help system -- PowerShell versions -- PowerShell editors -- Summary -- Further reading -- Chapter 2: PowerShell Scripting Fundamentals -- Technical requirements -- Variables -- Data types
5058 |a Automatic variables -- Environment variables -- Reserved words and language keywords -- Variable scope -- Operators -- Comparison operators -- Assignment operators -- Logical operators -- Control structures -- Conditions -- Loops and iterations -- Naming conventions -- PowerShell profiles -- Understanding PSDrives in PowerShell -- Making your code reusable -- Cmdlets -- Functions -- The difference between cmdlets and script cmdlets (advanced functions) -- Aliases -- Modules -- Summary -- Further reading -- Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting
5058 |a Technical requirements -- Working remotely with PowerShell -- PowerShell remoting using WinRM -- Windows Management Instrumentation (WMI) and Common Information Model (CIM) -- Open Management Infrastructure (OMI) -- PowerShell remoting using SSH -- Enabling PowerShell remoting -- Enabling PowerShell remoting manually -- Configuring PowerShell Remoting via Group Policy -- PowerShell endpoints (session configurations) -- Connecting to a specified endpoint -- Creating a custom endpoint -- a peek into JEA -- PowerShell remoting authentication and security considerations -- Authentication
5058 |a Authentication protocols -- Basic authentication security considerations -- PowerShell remoting and credential theft -- Executing commands using PowerShell remoting -- Executing single commands and script blocks -- Working with PowerShell sessions -- Best practices -- Summary -- Further reading -- Chapter 4: Detection -- Auditing and Monitoring -- Technical requirements -- Configuring PowerShell Event Logging -- PowerShell Module Logging -- PowerShell Script Block Logging -- Protected Event Logging -- PowerShell transcripts -- Analyzing event logs -- Finding out which logs exist on a system
5058 |a Querying events in general -- Which code was run on a system? -- Downgrade attack -- EventList -- Getting started with logging -- An overview of important PowerShell-related log files -- Increasing log size -- Summary -- Further reading -- Part 2: Digging Deeper -- Identities, System Access, and Day-to-Day Security Tasks -- Chapter 5: PowerShell Is Powerful -- System and API Access -- Technical requirements -- Getting familiar with the Windows Registry -- Working with the registry -- Security use cases -- User rights -- Configuring access user rights
520 |a Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security Purchase of the print or Kindle book includes a free PDF eBook Key Features Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research and develop methods to bypass security features and use stealthy tradecraft Explore essential security features in PowerShell and protect your environment against exploits and bypasses Book Description Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective. What you will learn Leverage PowerShell, its mitigation techniques, and detect attacks Fortify your environment and systems against threats Get unique insights into event logs and IDs in relation to PowerShell and detect attacks Configure PSRemoting and learn about risks, bypasses, and best practices Use PowerShell for system access, exploitation, and hijacking Red and blue team introduction to Active Directory and Azure AD security Discover PowerShell security measures for attacks that go deeper than simple commands Explore JEA to restrict what commands can be executed Who this book is for This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.
590 |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition
650 0|a Computer security.|9 65527
650 0|a Hacking.|9 404059
7001 |a Janca, Tanya,|e writer of foreword.
77608|i Print version:|a Wiesner, Miriam C.|t PowerShell Automation and Scripting for Cybersecurity|d Birmingham : Packt Publishing, Limited,c2023|z 9781800566378
85640|u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781800566378/?ar|x O'Reilly|z eBook
938 |a Askews and Holts Library Services|b ASKH|n AH41210266
938 |a ProQuest Ebook Central|b EBLB|n EBL30682258
938 |a YBP Library Services|b YANK|n 305636632
994 |a 92|b VIA
999 |c 359663|d 359663