Or log in to access your purchased courses

PowerShell For InfoSec Professionals

The simple fact is if you are going to be attacking or defending modern environments with newer operating systems (Windows 10, Server 2016) – you need Powershell!

There is no getting around it, and the sooner you drink the Powershell Koolaid the better InfoSec Professional you will be.


  • Simple programming fundamentals
  • Cmdlets
  • Variables
  • WMI Objects

Security tasks with Powershell:

  • PowerShell Tool Development
  • PCAP Parsing and Sniffing
  • Malware Analysis

Pentesting tasks:

  • Ping Sweeping
  • Port Scanning
  • Enumerating Hosts/Networks
  • Download & Execute
  • Parsing Nmap scans
  • Parsing Nessus scan

Tool development:

  • Programming logic for security tasks
  • Tool structure
  • …..and of course, integrating with Metasploit, and other security tools


C1L1: Powershell Basics

Author: Joseph McCray

Introduction In this lesson, we will see and use some basic commands in the PowerShell console. We also have videos that will help you, and after this lesson is finished, you can use the PowerShell console to move from one folder to another, see what it contains and other things. Learning Objectives: Get to know [...]

C1L2: Simple Event Log Analysis

Author: Joseph McCray

Introduction: Event logs provide information about applications and can be modified including parameters using cdmlets characteristics that help to dump these events into specific variables or simply to identify specific dates…

C1L3: Simple Log File Analysis

Author: Joseph McCray

Introduction The Log file analysis is an important task that allows us to get critical information about a service, an application or system. When we need to examine or when we need…

C1L4: Parsing Log files using windows PowerShell

Author: Joseph McCray

PARSING LOG FILES Download the sample IIS log http://pastebin.com/LBn64cyA (new-object System.Net.WebClient).DownloadFile(“http://pastebin.com/raw.php?i=LBn64cyA”, “c:\ps\u_ex1104.log”) Get-Content “.\*log” | ? { ($_ | Select-String “WebDAV”)} The above command would give us all the WebDAV requests.…

C1L7: Pentester Tasks

Author: Joseph McCray

Introduction. In this lesson, we will learn to ping with Powershell, and we will also perform a similar scan to Nmap, we will see several scripts to perform port scanning.…

C1L11: Introduction to scripting and toolmaking

Author: Joseph McCray

Start the ISE CTRL+R Get-EventLog -LogName application   Now run the script .\GrabLogs.ps1   $LogName=”application” Get-EventLog -LogName $LogName | Export-Clixml C:\Users\Workshop\Desktop\Scripts\$LogName.xml Now run the script .\GrabLogs.ps1 param( $LogName=”application” ) Get-EventLog…

C1L12: Attacking Windows 7

Author: Joseph McCray

ATTACKING WINDOWS 7 NOTE: You’ll be using your Ubuntu Linux host as the attacker machine in this lab sudo /sbin/iptables -F infosecaddicts cd ~/toolz/metasploit ./msfconsole use exploit/windows/browser/ie_cgenericelement_uaf set ExitOnSession false…

C1L13: Client-Side Enumeration

Author: Joseph McCray

CLIENT SIDE ENUMERATION You can list the active sessions by typing: sessions -l You can “interact” with any active session by typing sessions -i 3 (replace 3 with the session…