Advanced Powershell for Offense and Defense by @Ben0xA
Event Information
Description
Advanced Powershell for Red and Blue teams by @Ben0xA
*** Special thanks to UNCC's 49thSecurity Division for hosting Charlotte ISSA :) - please check with them for registration details if you're a UNCC student***
Bio: Ben Ten is a Senior Security Consultant with TrustedSec doing penetration testing and consulting. He has spent over 15 years doing Application & Web Development; Security Implementation, Consulting, & Training; Federal Regulation and Compliance oversight in relation to Information Technology (HIPAA, HITECH, PCI); and managing a team of developers and IT professionals. He is creator of the PoshSec Framework and works with the PoshSec development team. He has spoken at several conferences over the past 4 years including ShowMeCon, DerbyCon, BSides Chicago/Raleigh/Dallas Fort Worth, HackCon Norway, and more.
Abstract: This workshop will go through using PowerShell with offensive and defensive methodologies. Students will learn about existing scripts and tools as well as how to write their own tools for both offense and defense. The first part of the course will focus on attacking followed by how to detect and defend against the attacks. By going through both the offensive and defensive parts with PowerShell, the student will gain a new understanding of both sides of security which will help reinforce and strengthen their current understanding of security. By focusing on PowerShell attacks, the students will be able to focus attacking systems directly from memory as well as how to detect and deflect these types of attacks without having to use any other tool.
Student Requirements: Students can be from all different types of backgrounds and knowledge. It is recommended that students have basic systems administration experience. While this is an advanced course, those with an introductory knowledge of PowerShell will be fine.
What Students Should Bring:
-Laptop with Windows OS (Native or as a Virtual Machine) (Windows 7,8,10)
-Linux Virtual Machine
Ubuntu 14.04 LTS updated with Penetration Testers Framework (PTF) (https://github.com/trustedsec/ptf)
Note: Kali is fine, but some tools may not work the same. For the class, we will be using Ubuntu with PTF.
What Software Should Students Have Pre-Installed:
VMWare or Virtual Box
https://www.virtualbox.org/
Windows Management Framework 5.0 (requires .NET Framework 4.5 – this should be standard on 7)
https://www.microsoft.com/en-us/download/details.aspx?id=50395
Kiwi Syslog Free Edition
http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.5.1-Freeware.zip
PoshSec Framework
https://github.com/PoshSec/PoshSecFramework/blob/master/Binary/poshsecframework.zip - extract to C:\tools\psf\
Invoke-HoneyCreds.ps1 / Find-MaliciousAccount.ps1
https://github.com/ben0xa/PowerShellDefense/ - download to c:\tools\psf
Sublime Text 2
https://download.sublimetext.com/Sublime%20Text%202.0.2a%20x64%20Setup.exe
What Students Will Be Provided:
-Electronic copies of all of the course material.
-Custom scripts and techniques for both offense and defense.
Contacts:
Please contact @Ben0xA on twitter with any questions about the course content.
Please contact board@charlotteissa.org with any questions regarding anything else.
Note from Organizer: As with all of our classes, we don't ever plan on it, but sometimes we need to cancel or reschedule classes; therefore, we reserve the right to cancel our classes for any reason. Please plan accordingly in terms of your reservations etc. (out of towners, listen up) - for example make hotel reservations that can be canceled without penalty, same for travel.
Note: Charlotte ISSA Members get a $150 discount. If you're already a member of another ISSA chapter, it's only like $30 to add us on as an additional chapter. In case you didn't know, many employers will reimburse you for "Professional Memberships" - they usually have some special finance bucket for that and it's not a big deal at all. Check with your employer to be sure - maybe they'll reimburse you and you can enjoy our many benefits. If you haven't already, you can register for membership here: https://www.charlotteissa.org/join/ . To get the $150 discount, please enter your MEMBERSHIP EMAIL as your PROMO/DISCOUNT CODE.
Class Cost Schedule:
Open - 12/14/2016: $150
12/15/2016 - 1/4/2017: $200
1/5/2017 - 1/19/2017: $250
