Résumé du cours
This course focuses on IT security by providing a comprehensive analysis of potential risks and security measures. It covers key topics such as risk management, the implementation of "Defense in Depth," and the use of PowerShell for security tasks, including code signing, logging, and credential management. Participants will also learn about secure scripting techniques, privilege escalation, and best practices for managing security in Microsoft environments.
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
A qui s'adresse cette formation
Administrators, IT Decision-Makers
Pré-requis
! or other equivalent knowledge
Objectifs
At the end of this course, you should be able to:
- Identify and assess IT security risks, including threat classification and risk management strategies.
- Implement the "Defense in Depth" security concept and apply the Pareto Principle to prioritize security measures.
- Analyze and apply PowerShell security techniques, including secure coding practices, code obfuscation, and credential management.
- Apply authentication and encryption methods to secure credentials, both locally and in remote sessions.
- Manage and configure PowerShell security settings, including code signing, logging, and execution policies.
- Understand and mitigate privilege escalation and attack tactics to enhance system defenses.
- Leverage Applocker and Just-Enough-Administration (JEA) to enforce least-privilege security principles and secure system administration.
Contenu
IT Security – Holistic Analysis of Potential Security Risks
- IT security is not an end in itself
- Classification of potential threats
- Risk management, cost-benefit analysis, and ROI assessment of security measures
- Implementation of the "Defense in Depth" concept
- The Pareto Principle in IT security
- Security as a process
- Attack tactics and privilege escalation
- Security by obscurity vs. KISS (Keep It Simple, Stupid)
The architecture of PowerShell and its potential vulnerabilities
- The role and development of command-line tools in the Microsoft context
- Comparison of the management approach in MS Windows and MS Exchange Manage Shell
- Modular approach of PowerShell and object-oriented programming
- Risk assessment compared to .cmd and .exe
- Authentication
Clean Code vs. Obfuscation
- Clean Code principles
- Techniques of code obfuscation
- Aliases – Obfuscation with built-in tools
- The Invoke-Obfuscation tool
- Detecting obfuscation with statistical methods
- Code encoding
Code injection and execution in memory
- Invoke-Expression
- Running code from built-in help
- Functions with unchecked parameters
- In-memory execution through remote code
Credentials
- Handling secure strings and PSCredential objects
- Securing credentials with certificates
- Basics of public key infrastructure
- Storing encrypted credentials (certificate)
- Using encrypted credentials for remote sessions
- Credentials for remote scripts
- Credentials for scheduled jobs
Elevation
- Running script code in the LocalSystem context
- Self-elevator
Code signing
- Managing PowerShell code signing
- Requirements for the PKI
- Signing code
Applocker
- Design of Applocker execution policies
- Bypassing Applocker script rules
- Managing Applocker through PowerShell
PowerShell logging
- Types and use cases of logging
- Transcript
- Over-the-shoulder transcription via GPO
- PowerShell output streams
- Deep scriptblock logging in the event log
Just-Enough-Administration
- The principle of least privilege
- PowerShell Constrained Language Mode
- What is JEA?
- PS Session Config and Role Capabilities
- Setting up and testing the JEA configuration
Allemand
Allemagne
Moyens Pédagogiques :