PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers
暫譯: PowerShell 自動化與腳本編寫於網路安全:紅隊與藍隊的駭客與防禦

Wiesner, Miriam C.

  • 出版商: Packt Publishing
  • 出版日期: 2023-08-16
  • 售價: $1,850
  • 貴賓價: 9.5$1,758
  • 語言: 英文
  • 頁數: 572
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1800566379
  • ISBN-13: 9781800566378
  • 相關分類: Powershell資訊安全駭客 Hack
  • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses
  • Research and develop methods to bypass security features and use stealthy tradecraft
  • Explore essential security features in PowerShell and protect your environment against exploits and bypasses

Book Description

Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies. You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.

What you will learn

  • Leverage PowerShell, its mitigation techniques, and detect attacks
  • Fortify your environment and systems against threats
  • Get unique insights into event logs and IDs in relation to PowerShell and detect attacks
  • Configure PSRemoting and learn about risks, bypasses, and best practices
  • Use PowerShell for system access, exploitation, and hijacking
  • Red and blue team introduction to Active Directory and Azure AD security
  • Discover PowerShell security measures for attacks that go deeper than simple commands
  • Explore JEA to restrict what commands can be executed

Who this book is for

This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial.

商品描述(中文翻譯)

探索 PowerShell 的攻防能力,以加強您組織的安全性

購買印刷版或 Kindle 書籍包括免費 PDF 電子書

主要特點

- 精通 PowerShell 安全性,通過配置、審計、監控、利用和繞過防禦來增強安全性
- 研究和開發繞過安全功能的方法,並使用隱秘的技術
- 探索 PowerShell 中的基本安全功能,並保護您的環境免受利用和繞過的攻擊

書籍描述

透過這本全面的 PowerShell 安全指南,將您的網路安全技能提升到新高度!無論您是紅隊還是藍隊成員,您都將深入了解 PowerShell 的安全能力及其使用方法。在回顧 PowerShell 基礎和腳本基礎後,您將深入研究 PowerShell 遠端管理和遠端管理技術。您將學習如何配置和分析 Windows 事件日誌,並了解最重要的事件日誌和 ID,以監控您的環境。您將更深入地探討 PowerShell 與底層系統、Active Directory 和 Azure AD 的互動能力。此外,您將探索 Windows 內部結構,包括 API 和 WMI,以及如何在不使用 powershell.exe 的情況下運行 PowerShell。您將揭示身份驗證協議、枚舉、憑證盜竊和利用,以幫助減輕您環境中的風險,並提供紅隊和藍隊的日常安全任務食譜。最後,您將深入研究緩解措施,包括 Just Enough Administration、AMSI、應用程式控制和代碼簽名,重點關注配置、風險、利用、繞過和最佳實踐。到本書結束時,您將深入了解如何從紅隊和藍隊的角度使用 PowerShell。

您將學到什麼

- 利用 PowerShell 及其緩解技術,檢測攻擊
- 加強您的環境和系統以抵禦威脅
- 獲得有關 PowerShell 的事件日誌和 ID 的獨特見解,並檢測攻擊
- 配置 PSRemoting,了解風險、繞過和最佳實踐
- 使用 PowerShell 進行系統訪問、利用和劫持
- 紅隊和藍隊對 Active Directory 和 Azure AD 安全性的介紹
- 發現針對比簡單命令更深層次攻擊的 PowerShell 安全措施
- 探索 JEA 以限制可執行的命令

本書適合誰

本書適合安全專業人員、滲透測試者、系統管理員以及希望學習如何利用 PowerShell 進行安全操作的紅隊和藍隊成員。對 PowerShell、網路安全基礎和腳本的基本理解是必須的。對於某些部分,對 Active Directory、C++/C# 和組合語言的基本理解將是有益的。

目錄大綱

  1. Getting Started with PowerShell
  2. PowerShell Scripting Fundamentals
  3. Exploring PowerShell Remote Management Technologies and PowerShell Remoting
  4. Detection – Auditing and Monitoring
  5. PowerShell Is Powerful – System and API Access
  6. Active Directory – Attacks and Mitigation
  7. Hacking the Cloud – Exploiting Azure Active Directory/Entra ID
  8. Red Team Tasks and Cookbook
  9. Blue Team Tasks and Cookbook
  10. Language Modes and Just Enough Administration (JEA)
  11. AppLocker, Application Control, and Code Signing
  12. Exploring the Antimalware Scan Interface (AMSI)
  13. What Else? – Further Mitigations and Resources

目錄大綱(中文翻譯)


  1. Getting Started with PowerShell

  2. PowerShell Scripting Fundamentals

  3. Exploring PowerShell Remote Management Technologies and PowerShell Remoting

  4. Detection – Auditing and Monitoring

  5. PowerShell Is Powerful – System and API Access

  6. Active Directory – Attacks and Mitigation

  7. Hacking the Cloud – Exploiting Azure Active Directory/Entra ID

  8. Red Team Tasks and Cookbook

  9. Blue Team Tasks and Cookbook

  10. Language Modes and Just Enough Administration (JEA)

  11. AppLocker, Application Control, and Code Signing

  12. Exploring the Antimalware Scan Interface (AMSI)

  13. What Else? – Further Mitigations and Resources