Training Offensive PowerShell for Red and Blue Teams

Offensive PowerShell for Red and Blue Teams

Instructors: Nikhil Mittal

Duration: 2 days

Penetration tests and Red team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice.

PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .NET, WMI, COM, Windows API, Registry and other computers on a Windows domain. This makes it imperative for penetration testers and Red teamers to learn PowerShell.

This training is aimed towards attacking Windows networks using PowerShell and is based on real-world penetration tests and Red team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase. Some of the techniques (see the course content for details), implemented using PowerShell, used in the course:

  • In-memory script and shellcode execution using client-side attacks
  • Extensive AD Enum and Trust mapping
  • Privilege escalation (user hunting, delegation issues and more)
  • Kerberos attacks and defense (Golden, Silver ticket, Kerberoast and more)
  • Abusing cross-forest trust (lateral movement across forest, PrivEsc and more)
  • Abusing SQL Server trust in AD (command execution, trust abuse, lateral movement)
  • Credentials replay attacks (over PTH, token replay, etc.)
  • Persistence (WMI, GPO and more)
  • Bypassing defenses (app whitelisting, AMSI, Advanced Threat Analytics, etc.)
  • Dump Windows passwords, web passwords, wireless keys, LSA secrets and other system secrets in plain text
  • Using DNS, HTTPS, Gmail, etc. as communication channels for shell access and exfiltration
  • Network relays, port forwarding and pivots to other machines

The course is a mixture of demonstrations, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools.

Attendees will get free one-month access to a complete Active Directory environment after the training.

Attendees would be able to write their own scripts and customize existing ones for security testing after this training. This training aims to change how you test a Windows-based environment.


Date: January, 29-30, 2018 the two days before the IT-Defense conference starts.

Please note that this training will be held in English.

Leonardo Royal Hotel Munich
Moosacher Strasse 90
80809 München
Tel: +49 (89) 288 538 0
Fax: +49 (89) 288 538 100