Securing Windows and PowerShell Automation Training

Securing Windows and PowerShell Automation Training


Securing Windows and PowerShell Automation Training Course Hands-on

Hackers know how to use PowerShell for evil, do you know how to use it for good? In Securing Windows and PowerShell Automation Training you will learn PowerShell and Windows security hardening at the same time. SecOps requires automation, and Windows automation means PowerShell. You’ve run a vulnerability scanner and applied patches – now what? A major theme of this Securing Windows and PowerShell Automation Training course is defensible design: we have to assume that there will be a breach, so we need to build in damage control from the beginning. Whack-a-mole incident response cannot be our only defensive strategy – we’ll never win, and we’ll never get ahead of the game. By the time your monitoring system tells you a Domain Admin account has been compromised, it’s TOO LATE.

This Securing Windows and PowerShell Automation Training course is not a vendor show to convince you to buy another security appliance or to install yet another endpoint agent. The idea is to use built-in or free Windows and Active Directory security tools when we can (especially PowerShell and Group Policy) and then purchase commercial products only when absolutely necessary.

This Securing Windows and PowerShell Automation Training course is designed for systems engineers, security architects, and the Security Operations (SecOps) team. The focus of the Securing Windows and PowerShell Automation Training course is on how to automate the NSA Top 10 Mitigations and the CIS Critical Security Controls related to Windows, especially the ones that are difficult to implement in large environments.

Securing Windows and PowerShell Automation Training will also prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exam to prove your Windows security expertise. The GCWN certification counts towards a Master’s Degree in Information Security from the SANS Technology Institute ( and satisfies the Department of Defense 8570 computing environment requirement. The GCWN is also a foundational certification for soldiers in the U.S. Army’s 255-S Information Protection Program, especially now that the DoD has standardized on Windows 10.

This is a fun Securing Windows and PowerShell Automation Training course and a real eye-opener, even for Windows administrators with years of experience. We don’t cover patch management, share permissions, or other such basics – the aim is to go far beyond that. Come have fun learning PowerShell and Windows security at the same time!

Securing Windows and PowerShell Automation TrainingRelated Courses:

Duration:6 days

Skills Gained:

• How to use PowerShell for security automation
• How to run PowerShell scripts on thousands of hosts
• How to do SecOps/DevOps continuous enforcement
• How to deploy and manage a Windows PKI
• How to manage privileges for assumed breach
• How to do endpoint protection for assumed breach
• How to do pre-forensics to help the Hunt Team
• How to secure Kerberos, DNS, TLS, RDP and SMB
• How to use PowerShell WMI for the Blue Team

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Course Content:

1. Setting Up the BIG-IP System

Day 1: PowerShell Automation and Security

New to scripting? No problem!
Quick intro to scripting, such as ForEach loops
PowerShell remote command execution
Transcription logging for forensics
Parsing and mining nmap port scanner XML output
Searching event logs faster with XPath queries
Writing your own functions and scripts
Capturing command output for parsing
Preparing to pipe .NET objects, not text

Day 2: Continuous Secure Configuration Enforcement

PowerShell Desired State Configuration (DSC)
NSA’s Secure Host Baseline GPOs
Using Group Policy to target PowerShell scripts
Scheduling elevated PowerShell tasks safely
Empowering the Hunt Team and incident responders
Server hardening automation for DevOps
Why Server Nano and Server Core?
Microsoft Security Compliance Manager (free tool)
Windows Operating System and application hardening tools
Customizing INF security template text
Group Policy continuous enforcement

Day 3: Windows PKI and Smart Cards

Windows Public Key Infrastructure (PKI) can be fun!
Installing and managing a PKI, a step-by-step walk through
Detecting malicious trusted root Certification Authorities with PowerShell
Hands-free Group Policy deployment of certificates
Private key archival and lost key recovery
How to quickly deploy smart cards for admins
Best practices for private key security
Installing an Online Certificate Status Protocol (OCSP) responder
Issuing a code signing certificate for PowerShell scripts
Scripting to compare file hashes, like a poor-man’s Tripwire

Day 4: Administrative Compromise and Privilege Management

PowerShell Just Enough Admin (JEA)
Automate local Administrators group management
Limiting privileges, logon rights, and permissions
Privileged Access Workstations (PAWs)
LSASS memory protections against DLL injection
Token abuse and pass-the-hash attack mitigations
User Account Control (UAC) and smart cards
Safely delegating IT power for least privilege
Active Directory permissions for IT delegation
Designing Organizational Units for administrative least privilege
Active Directory administrative tier model
Active Directory logging and auditing
Windows 10 facial biometrics and Credential Guard

Day 5: Endpoint Protection and Pre-Forensics

Application whitelisting with AppLocker
Automating AppLocker with PowerShell
PowerShell constrained language mode
Microsoft’s benevolent rootkit: EMET
IPSec is not just for VPNs!
IPSec is built into Windows for endpoint protection
IPSec share permissions for TCP/UDP ports
PowerShell scripting of Windows Firewall rules
Group Policy management of Windows Firewall
Pre-forensics for incident response preparation
Pre-forensics requires particular audit policies
System snapshot baselines to help the Hunt Team

Day 6: Defensible Networking and Blue Team WMI

Windows Management Instrumentation (WMI)
PowerShell for WMI scripting
Group Policy use of WMI filters
Securing PowerShell and Fan-Out Remoting
Remote Desktop Protocol (RDP) weaknesses
Hardening TLS and eliminating SSL
SSL/TLS cipher suites for perfect forward secrecy
Kerberos armoring and restricting NTLM
PowerShell management of DNS records
DNS sinkholes for malware and phishing sites
Implementing DNSSEC with PowerShell and Group Policy
DNS secure dynamic updates with Kerberos
SMBv3 encryption and downgrade attacks
How to disable IPv6 tunneling, but keep IPv6

Whether you are looking for general information or have a specific question, we want to help

Request More Information

    Time Frame: 0-3 Months4-12 Months

    Print Friendly, PDF & Email