Securing Windows and PowerShell Automation Training Bootcamp Course – Hands-on
Securing Windows and PowerShell Automation Training Bootcamp; Hackers know how to use PowerShell for evil, do you know how to use it for good? You will learn PowerShell and Windows security hardening at the same time. SecOps requires automation, and Windows automation means PowerShell. You’ve run a vulnerability scanner and applied patches – now what?
This Securing Windows and PowerShell Automation Training Bootcamp course is designed for systems engineers, security architects, and the Security Operations (SecOps) team. The focus of the Securing Windows and PowerShell Automation Training course is on how to automate the NSA Top 10 Mitigations and the CIS Critical Security Controls related to Windows, especially the ones that are difficult to implement in large environments.
Securing Windows and PowerShell Automation Training Bootcamp – Objectives:
Upon completing this Securing Windows and PowerShell Automation Training Bootcamp course, learners will be able to meet these objectives:
• Configure mitigations against attacks such as pass-the-hash, Kerberos golden tickets, Remote Desktop Protocol (RDP) man-in-the-middle, Security Access Token abuse, and other attacks discussed in SEC504 and other SANS hacking courses.
• Execute PowerShell commands on remote systems and begin to write your own PowerShell scripts.
• Harden PowerShell itself against abuse, and enable transcription logging for your SIEM.
• Use Group Policy and PowerShell to grant administrative privileges in a way that reduces the harm if an attack succeeds (assume breach).
• Block hacker lateral movement and malware Command & Control channels using Windows Defender Firewall, IPsec, DNS sinkholes, admin credential protections, and more.
• Prevent exploitation using AppLocker and other Windows OS hardening techniques in a scalable way with PowerShell.
• Configure PowerShell remoting to use Just Enough Admin (JEA) policies to create a Windows version of Linux sudo and setuid root.
• Install and manage a full Windows Public Key Infrastructure (PKI), including smart cards, certificate auto-enrollment, Online Certificate Status Protocol (OCSP) web responders, and detection of spoofed root Certification Authorities (CAs).
• Harden must-have protocols against exploitation, such as SSL/TLS, RDP, DNS, DNSSEC, PowerShell Remoting, and SMB.
• Use PowerShell to access the WMI service for remote command execution, searching event logs, reconnaissance, and more.
Registration closes for all classes 2 weeks prior to the start date.
For Government/Corporate purchases, please complete and submit this form.