CPSH: Certified PowerShell Hacker

This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization.

Course Outline
Self Study Version
Certification Path

All Prices Are in Candian Dollars

Price :


Choose the date and press 'Add To Cart'

course is guaranteed to run


Who Should Attend? Penetration Testers Microsoft Administrators Security Administrators Active Directory Administrators Anyone looking to learn more about security Key Data Course Title: Certified PowerShell Hacker Duration: 4 Days Class Format Options: Prerequisites: General Understanding of Pen Testing General Understanding of Active Directory General Understanding of scripting and programming CPEs: 32 Course Outline

Module 1 Introduction to PowerShell

  • Different Tool Options
  • Installing everything needed
  • Language Basics
  • Using the Windows API and WMI
  • Interacting with the Registry
  • Managing Objects and COM Objects


Module 2 – Introduction to Active Directory and Kerberos

  • Overview of Kerberos
  • The three-headed monster
  • Key Distribution Center
  • Kerberos in Detail
  • Why we care about Kerberos as a Hacker
  • Overview of Active Directory
  • Understanding AD concepts
  • AD Objects and Attributes


Module 3 – Pen Testing Methodology Revisited

  • Introduction to the methodology
  • The Plan!!
  • Vulnerability Identification
  • Client-side attacks with and without PowerShell


Module 4 – Information Gathering and Enumeration

  • What can a domain user see?
  • Domain Enumeration
  • Trust and Privileges Mapping
  • After the client exploit


Module 5 – Privilege Escalation

  • Local Privilege Escalation
  • Credential Replay Attacks
  • Domain Privilege Escalation
  • Dumping System and Domain Secrets
  • PowerShell with Human Interface Devices


Module 6 – Lateral Movements and Abusing Trust

  • Kerberos attacks (Golden, Silver Tickets and more)
  • Delegation Issues
  • Attacks across Domain Trusts
  • Abusing Forest Trusts
  • Abusing SQL Server Trusts
  • Pivoting to other machines


Module 7 – Persistence and Bypassing Defenses

  • Abusing Active Directory ACLs
  • Maintaining Persistence
  • Bypassing Defenses
  • Attacking Azure Active Directory


Module 8 – Defending Against PowerShell Attacks

  • Defending an Active Directory Infrastructure
  • Detecting Attacks
  • Logging
  • Transcripts
  • Using Certificates
  • Using Bastion Hosts
  • Using AppLocker