Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

+33 1 84 19 32 26 info@flane.fr

MT-MSPSAS

Formation en ligne

Durée
3 jours

Prix (Hors Taxe)

4 390,– €

Dates et Inscription

Demande de date

Modalités de financement

Prise en charge possible via votre OPCO – nous contacter.

Handicap

Accessibilité aux Personnes en Situation de Handicap – nous contacter

Master Class

Master Class: Workshop Microsoft PowerShell Advanced Security (MSPSAS) – Outline

Detailed Course Outline

IT Security – Holistic Analysis of Potential Security Risks

IT security is not an end in itself
Classification of potential threats
Risk management, cost-benefit analysis, and ROI assessment of security measures
Implementation of the "Defense in Depth" concept
The Pareto Principle in IT security
Security as a process
Attack tactics and privilege escalation
Security by obscurity vs. KISS (Keep It Simple, Stupid)

The architecture of PowerShell and its potential vulnerabilities

The role and development of command-line tools in the Microsoft context
Comparison of the management approach in MS Windows and MS Exchange Manage Shell
Modular approach of PowerShell and object-oriented programming
Risk assessment compared to .cmd and .exe
Authentication

Clean Code vs. Obfuscation

Clean Code principles
Techniques of code obfuscation
Aliases – Obfuscation with built-in tools
The Invoke-Obfuscation tool
Detecting obfuscation with statistical methods
Code encoding

Code injection and execution in memory

Invoke-Expression
Running code from built-in help
Functions with unchecked parameters
In-memory execution through remote code

Credentials

Handling secure strings and PSCredential objects
Securing credentials with certificates
- Basics of public key infrastructure
- Storing encrypted credentials (certificate)
- Using encrypted credentials for remote sessions
Credentials for remote scripts
Credentials for scheduled jobs

Elevation

Running script code in the LocalSystem context
Self-elevator

Code signing

Managing PowerShell code signing
Requirements for the PKI
Signing code

Applocker

Design of Applocker execution policies
Bypassing Applocker script rules
Managing Applocker through PowerShell

PowerShell logging

Types and use cases of logging
Transcript
Over-the-shoulder transcription via GPO
PowerShell output streams
Deep scriptblock logging in the event log

Just-Enough-Administration

The principle of least privilege
PowerShell Constrained Language Mode
What is JEA?
PS Session Config and Role Capabilities
Setting up and testing the JEA configuration