American Cyber Alliance
Operationalizing Cybersecurity

News

News & Event Updates

ACA offers PowerShell bootcamp Sept. 24-27

Arkansas_PowerShell_course_bootcamp.PNG

The ACA is offering a four-day PowerShell professional development bootcamp from September 24th through September 27th in Little Rock, Arkansas. This course will teach you everything you need to know about utilizing PowerShell to conduct OPSEC-minded principles, as well as how to effectively avert, diminish, and expose malicious PowerShell.

What is PowerShell

PowerShell is a “task automation and configuration management framework” from Microsoft®. It is a shell, which means that it provides access to operating system services and contains a scripting language for writing complex code. PowerShell executes its commands in the background

Benefits of PowerShell

The benefits of PowerShell is that it allows for bulk operations to be executed extremely quickly. This is especially useful for administrators who may need to run the same service or command (say, uploading 5,000 user profiles) on multiple systems. PowerShell also integrates with SharePoint which allows for the manipulation of web-based content such as web applications, web site collections, web sites, etc. In short, PowerShell not only directly interface with any service that has a user interface but can be used to access data from systems where a user interface may not be available.

The potential of PowerShell as a management tool allows for some possibility for it to be implemented in the cybersecurity field, whether to exploit a system or defend. The ACA’s PowerShell course will teach attackers and defenders how to use PowerShell in their operations or to aid those who want to research and develop their own PowerShell security feature bypasses.

Example Course Topics:

  • PowerShell Remoting

  • Enactment of PowerShell in Non-Traditional Host Operations

  • Configuration, Auditing, Analysis and Evasion of Preventative and Detective Security Controls including PSv5 Logging, Constrained Language Mode and AMSI

  • Low-level, Win32 Interop and .NET Internals for Host Product Evasion and Secrecy

  • Exploiting Code Injection Vulnerabilities

This training program is intended for those who already are familiar with Penetration testing, Active Directory, and attacking the Microsoft Windows environment. A personal laptop is required for participation.