Advanced Powershell for Offense and Defense by @Ben0xA

Event Information

Share this event

Date and Time



University of North Carolina Charlotte

8845 Craver Road

Cone Building, Lukas Room

Charlotte, NC 28262

Event description


Note: Charlotte ISSA Members get a $150 discount. If you're already a member of another ISSA chapter, it's only like $30 to add us on as an additional chapter. In case you didn't know, many employers will reimburse you for "Professional Memberships" - they usually have some special finance bucket for that and it's not a big deal at all. Check with your employer to be sure - maybe they'll reimburse you and you can enjoy our many benefits. If you haven't already, you can register for membership here: https://www.charlotteissa.org/join/ . To get the $150 discount, please enter your MEMBERSHIP EMAIL as your PROMO/DISCOUNT CODE.

Class Cost Schedule:

Registration Open - Dec 14th, 2016: $150

Dec 15th - Jan 4th - $200

Jan 5 - Jan 18 - $250

Advanced Powershell for Red and Blue teams by @Ben0xA

Bio: Ben Ten is a Senior Security Consultant with TrustedSec doing penetration testing and consulting. He has spent over 15 years doing Application & Web Development; Security Implementation, Consulting, & Training; Federal Regulation and Compliance oversight in relation to Information Technology (HIPAA, HITECH, PCI); and managing a team of developers and IT professionals. He is creator of the PoshSec Framework and works with the PoshSec development team. He has spoken at several conferences over the past 4 years including ShowMeCon, DerbyCon, BSides Chicago/Raleigh/Dallas Fort Worth, HackCon Norway, and more.

Abstract: This workshop will go through using PowerShell with offensive and defensive methodologies. Students will learn about existing scripts and tools as well as how to write their own tools for both offense and defense. The first part of the course will focus on attacking followed by how to detect and defend against the attacks. By going through both the offensive and defensive parts with PowerShell, the student will gain a new understanding of both sides of security which will help reinforce and strengthen their current understanding of security. By focusing on PowerShell attacks, the students will be able to focus attacking systems directly from memory as well as how to detect and deflect these types of attacks without having to use any other tool.

Student Requirements: Students can be from all different types of backgrounds and knowledge. It is recommended that students have basic systems administration experience. While this is an advanced course, those with an introductory knowledge of PowerShell will be fine.

What Students Should Bring:

-Laptop with Windows OS (Native or as a Virtual Machine) (Windows 7,8,10)

-Linux Virtual Machine

Ubuntu 14.04 LTS updated with Penetration Testers Framework (PTF) (https://github.com/trustedsec/ptf)

Note: Kali is fine, but some tools may not work the same. For the class, we will be using Ubuntu with PTF.

What Software Should Students Have Pre-Installed:

VMWare or Virtual Box


Windows Management Framework 5.0 (requires .NET Framework 4.5 – this should be standard on 7)


Kiwi Syslog Free Edition


PoshSec Framework

https://github.com/PoshSec/PoshSecFramework/blob/master/Binary/poshsecframework.zip - extract to C:\tools\psf\

Invoke-HoneyCreds.ps1 / Find-MaliciousAccount.ps1

https://github.com/ben0xa/PowerShellDefense/ - download to c:\tools\psf

Sublime Text 2


What Students Will Be Provided:

-Electronic copies of all of the course material.

-Custom scripts and techniques for both offense and defense.


Please contact @Ben0xA on twitter with any questions about the course content.

Please contact board@charlotteissa.org with any questions regarding anything else.

Note from Organizer: As with all of our classes, we don't ever plan on it, but sometimes we need to cancel or reschedule classes; therefore, we reserve the right to cancel our classes for any reason. Please plan accordingly in terms of your reservations etc. (out of towners, listen up) - for example make hotel reservations that can be canceled without penalty, same for travel.

Share with friends

Date and Time


University of North Carolina Charlotte

8845 Craver Road

Cone Building, Lukas Room

Charlotte, NC 28262

Save This Event

Event Saved