Cargando…
PowerShell Automation and Scripting for Cybersecurity Hacking and Defense for Red and Blue Teamers /
Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security Purchase of the print or Kindle book includes a free PDF eBook Key Features Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited,
2023.
|
| Edición: | 1st edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Foreword
- Contributors
- Table of Contents
- Preface
- Part 1: PowerShell Fundamentals
- Chapter 1: Getting Started with PowerShell
- Technical requirements
- What is PowerShell?
- The history of PowerShell
- Why is PowerShell useful for cybersecurity?
- Getting started with PowerShell
- Windows PowerShell
- PowerShell Core
- Execution Policy
- Help system
- PowerShell versions
- PowerShell editors
- Summary
- Further reading
- Chapter 2: PowerShell Scripting Fundamentals
- Technical requirements
- Variables
- Data types
- Automatic variables
- Environment variables
- Reserved words and language keywords
- Variable scope
- Operators
- Comparison operators
- Assignment operators
- Logical operators
- Control structures
- Conditions
- Loops and iterations
- Naming conventions
- PowerShell profiles
- Understanding PSDrives in PowerShell
- Making your code reusable
- Cmdlets
- Functions
- The difference between cmdlets and script cmdlets (advanced functions)
- Aliases
- Modules
- Summary
- Further reading
- Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting
- Technical requirements
- Working remotely with PowerShell
- PowerShell remoting using WinRM
- Windows Management Instrumentation (WMI) and Common Information Model (CIM)
- Open Management Infrastructure (OMI)
- PowerShell remoting using SSH
- Enabling PowerShell remoting
- Enabling PowerShell remoting manually
- Configuring PowerShell Remoting via Group Policy
- PowerShell endpoints (session configurations)
- Connecting to a specified endpoint
- Creating a custom endpoint
- a peek into JEA
- PowerShell remoting authentication and security considerations
- Authentication
- Authentication protocols
- Basic authentication security considerations
- PowerShell remoting and credential theft
- Executing commands using PowerShell remoting
- Executing single commands and script blocks
- Working with PowerShell sessions
- Best practices
- Summary
- Further reading
- Chapter 4: Detection
- Auditing and Monitoring
- Technical requirements
- Configuring PowerShell Event Logging
- PowerShell Module Logging
- PowerShell Script Block Logging
- Protected Event Logging
- PowerShell transcripts
- Analyzing event logs
- Finding out which logs exist on a system
- Querying events in general
- Which code was run on a system?
- Downgrade attack
- EventList
- Getting started with logging
- An overview of important PowerShell-related log files
- Increasing log size
- Summary
- Further reading
- Part 2: Digging Deeper
- Identities, System Access, and Day-to-Day Security Tasks
- Chapter 5: PowerShell Is Powerful
- System and API Access
- Technical requirements
- Getting familiar with the Windows Registry
- Working with the registry
- Security use cases
- User rights
- Configuring access user rights