PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers

Written by a Microsoft security expert, this practical guide helps you harness PowerShell's offensive and defensive capabilities to strengthen your organization's security. Purchase of the print or Kindle book includes a free PDF eBookKey FeaturesMaster PowerShell for security—configure, audit, monitor, exploit, and bypass defensesGain insights from a Microsoft expert and creator of PowerShell tools EventList and JEAnalyzerBuild stealthy techniques to evade controls while improving detection and responseLearn practical techniques from real-world case studies to enhance your security operationsBook DescriptionTake your cybersecurity skills to the next level with this comprehensive PowerShell security guide! Whether you're on the red or blue team, you'll gain a deep understanding of PowerShell's security capabilities and how to apply them.With years of hands-on experience, the author brings real-world use cases to demonstrate PowerShell’s critical role in offensive and defensive security.After covering PowerShell basics and scripting fundamentals, you'll explore PowerShell Remoting and remote management technologies. You'll learn to configure and analyze Windows event logs, identifying crucial logs and IDs for effective monitoring. The book delves into PowerShell's interaction with system components, Active Directory, and Azure AD, including stealth execution methods. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, providing strategies to mitigate these risks. A dedicated red and blue team cookbook offers practical security tasks. Finally, you'll delve into mitigations such as Just Enough Administration, AMSI, application control, and code signing, emphasizing configuration, risks, exploitation, bypasses, and best practices.By the end of this book, you’ll confidently apply PowerShell for cybersecurity, from detection to defense, staying ahead of cyber threats.What you will learnLeverage PowerShell, its mitigation techniques, and detect attacksFortify your environment and systems against threatsGet unique insights into event logs and IDs in relation to PowerShell and detect attacksConfigure PSRemoting and learn about risks, bypasses, and best practicesUse PowerShell for system access, exploitation, and hijackingRed and blue team introduction to Active Directory and Azure AD securityDiscover PowerShell security measures for attacks that go deeper than simple commandsExplore JEA to restrict what commands can be executedWho this book is forThis book is for security professionals, penetration testers, system administrators, red and blue team members, and cybersecurity enthusiasts aiming to enhance their security operations using PowerShell. Whether you're experienced or new to the field, it offers valuable insights and practical techniques to leverage PowerShell for various security tasks. A basic understanding of PowerShell and cybersecurity fundamentals is recommended. Familiarity with concepts such as Active Directory, as well as programming languages like C and Assembly, can be beneficial.Table of ContentsGetting Started with PowerShellPowerShell Scripting FundamentalsExploring PowerShell Remote Management Technologies and PowerShell RemotingDetection – Auditing and MonitoringPowerShell Is Powerful – System and API AccessActive Directory – Attacks and MitigationHacking the Cloud – Exploiting Azure Active Directory/Entra IDRed Team Tasks and CookbookBlue Team Tasks and Cookbook(N.B. Please use the Read Sample option to see further chapters) Read more