“PowerShell for Hackers” course
Lecturer: Mohsen Amiri
Course start: Saturday, September 5
Days: Saturday and Wednesday of every week
Duration of the course: 39 hours (13 sessions of 3 hours, from 17:30 to 20:30)
Deadline for registration with a 20% discount: until Tuesday, September 1
3,700,000 tomans
2,960,000 tomans
Communication with the education office of Ravin Academy in messengers:
Telegram | WhatsApp
Contact number:
021-91693023
http://ravinacademy.com/course/powershell-for-hackers/
Course topics
Chapter 1: Hello PowerShell
1.1 Introduction to PowerShell
1.2 What is Cmdlet?
1.3 PowerShell basic scripting
1.3.1 Data types and data structures
1.3.2 If-else-switch
1.3.3 Loops (for-foreach-while)
1.3.4 Objects
1.3.5 Outputs
1.3.6 Variables
1.3.7 Error Handling
1.4 Modules
1.5 Jobs
1.6 PowerShell advanced scripting
1.7 PowerShell remoting
1.8 Introduction to File-Less attacks
Chapter 2: Attack and Defense Strategies
2.1 Obfuscate PowerShell codes
2.2 Deobfuscate PowerShell codes
2.3 Bypass AMSI and AV
2.4 What is JEA and how to abuse it
2.5 What is UAC and how to bypass it
2.6 What is AppLocker and how to bypass it
2.7 What is PowerShell constrained language mode and how to bypass it
2.8 Scriptblock logging definition and bypass methodology
2.9 PowerShell logging and abuse event logging
Chapter 3: Windows Management Instrumentation (WMI)
3.1 WMI basics and introduction
3.2 WQL
3.3 Instance queries
3.4 Meta queries
3.5 Event queries
3.6 Permanent eventing
Chapter 4: Active Directory and Kerberos
4.1 Overview of Active directory
4.2 Overview of Kerberos
4.3 Active directory objects
4.4 Working with GPO
4.5 Domain trusts
4.6 Information gathering and exfiltration
4.7 Active directory ACLs
4.8 DACLs
4.9 ACE
4.10 Exploiting ACL and DACLs
4.11 Kerberos based attacks
4.11.1 Overpass the hash
4.11.2 Pass the ticket
4.11.3 Golden Ticket
4.11.4 Silver Ticket
4.11.5 Kerberos
4.11.6 Constrained Delegation
4.11.7 Un-Constrained Delegation
4.11.8 ASRepRoast
4.11.9 Bruteforce
4.11.10 Password Spray
4.12 Abuse LAPS
PowerShell
5.1 C# in PowerShell
5.2 PowerShell in C#
5.3 Reflection for assembly and DLL
5.4 Load .net in memory
5.5 WIN32 API programming in PowerShell
5.6 Token and memory manipulations
5.7 Hooking in PowerShell
5.8 Inject all the things
5.9 Hard-link and Symlink Attacks
Chapter 6: Persist PowerShell code
6.1 High and Low privilege persistence
6.2 Persist using Task scheduler
6.3 Persist using registry
6.4 PowerShell profile
6.5 Some other persistent techniques
Chapter 7: Privilege Escalation using PowerShell
7.1 Abuse services
7.2 DLL hijacking
7.3 Phishing attack to escalate privilege
7.4 Some other privilege escalation attack
