SEC505: OnDemand

Provided by

Enquire about this course

What You Will Learn

In this course (SEC505) you will learn how to:
  • Write PowerShell scripts for Windows and Active Directory security automation
  • Run PowerShell scripts on remote hosts with SSH or SSL/TLS
  • Defend against PowerShell malware, such as ransomware
  • Harden Windows Server and Windows 11 against skilled attackers
You will leave this course ready to start writing your own PowerShell scripts to help secure your Windows environment. It's easy to find Windows security checklists, but how do you automate those changes across thousands of machines? How do you safely run scripts on many remote boxes? In this course you will learn not just Windows and Active Directory security, but how to manage security using PowerShell.

There is another reason PowerShell has become popular: PowerShell is just plain fun! You will be surprised at how much you can accomplish with PowerShell in a short period of time, it's much more than just a scripting language, and you don't have to be a coding expert to get going.

Learning PowerShell is also useful for another kind of security: job security. Employers are looking for IT people with PowerShell skills. You don't have to know any PowerShell to attend this course, we will learn it together during the labs.

Unfortunately, PowerShell is being abused by hackers and malware authors. On the last day of the course in the capstone lab, you will write and defend against a fully functional ransomware script. Don't worry, if you're new to PowerShell, you'll get lots of guidance in the lab when you write the script.
Topic Highlights
  • Quickly get up and running writing your own PowerShell scripts
  • PowerShell remote command execution with SSH or SSL/TLS
  • How to defend against PowerShell ransomware
  • PowerShell for Active Directory, Windows Server and DevOps
  • Certificate authentication, TLS and Public Key Infrastructure (PKI)
  • Windows Firewall, IPsec and WMI scripting
You Will Be Able To
  • Write PowerShell scripts for security automation.
  • Execute PowerShell scripts on remote systems with SSH or SSL/TLS.
  • Harden PowerShell itself against abuse.
  • Enable PowerShell transcription logging for your SIEM.
  • Use PowerShell to access the WMI service for remote command execution, searching event logs, reconnaissance, and more.
  • Use Group Policy and PowerShell to grant administrative privileges in a way that reduces the harm if an attack succeeds (assume breach).
  • Block the lateral movement of hackers and ransomware using Windows Firewall.
  • Configure PowerShell remoting to use Just Enough Admin (JEA) policies to create a Windows version of Linux sudo and setuid root.
  • Configure mitigations against pass-the-hash attacks, Kerberos Golden Tickets, Remote Desktop Protocol (RDP) man-in-the-middle attacks, Security Access Token abuse, and other attacks discussed in SEC504 and other SANS hacking courses.
  • Install and manage a full Windows Public Key Infrastructure (PKI), including smart cards, certificate auto-enrollment, Online Certificate Status Protocol (OCSP) web responders, and detection of spoofed root Certificate Authentications (CAs).
  • Harden essential protocols against exploitation, such as TLS, RDP, DNS, PowerShell Remoting, and SMB.
What You Will Receive
  • Over 200 PowerShell scripts written by the course author, plus security templates and other tools used in the labs.
  • Hard copy printed course books with tons of notes already in the manuals (in general, SEC505 attendees rarely need to take hand-written notes during seminar, the notes are already in the courseware).
  • Electronic copies of the courseware that can be searched.
  • Audio recordings of the entire course that you can download and keep.


Start date Location / delivery
No fixed date Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...