CPSH Certified Powershell Hacker
8/17/2020 - 8/20/2020


COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
Register for this course


This course is an intense few days covering the keys to hacking with PowerShell. We know that most companies have an Active Directory infrastructure that manages authentication and authorization to most devices and objects within the organization. Many use PowerShell to speed up and simplify management, which only makes sense. Did you know that a large percentage of hacks over the last year included PowerShell based attacks? Well, they did, which is why we spend 4 days learning how to hack like the pros using nothing but what is already available to us in Windows or now in open source code on Mac and Linux!


  • Penetration Testers
  • Microsoft Administrators
  • Security Administrators
  • Active Directory Administrators
  • Anyone looking to learn more about security
  • General Understanding of Pen Testing
  • General Understanding of Active Directory
  • General Understanding of scripting and programming


Course will run as a live-virtual class unless a minimum enrollment is reached.

Exam Information: The Certified Digital Forensics Examiner exam is taken online. The exam will take 2 hours and consist of 100 multiple choice questions.


Module 1 Introduction to PowerShell
Different Tool Options
Installing everything needed
Language Basics
Using the Windows API and WMI
Interacting with the Registry
Managing Objects and COM Objects

Module 2 Introduction to Active Directory and Kerberos
Overviewof Kerberos
The three-headed monster
Key Distribution Center
Kerberos in Detail
Why we care about Kerberos as a Hacker
Overview of Active Directory
Understanding AD concepts
AD Objects and Attributes

Module 3 Pen Testing Methodology Revisited
Introduction to the methodology
The Plan!!
Vulnerability Identification
Client-sideattacks with and withoutPowerShell

Module 4 Information Gathering and Enumeration
What can a domain user see?
Domain Enumeration
Trust and Privileges Mapping
After the client exploit

Module 5 Privilege Escalation
Local Privilege Escalation
Credential Replay Attacks
Domain Privilege Escalation
Dumping System and Domain Secrets
PowerShell with Human Interface Devices

Module 6 Lateral Movementsand Abusing Trust
Kerberos attacks (Golden, Silver Tickets and more)
Delegation Issues
Attacks across Domain Trusts
Abusing Forest Trusts
Abusing SQL Server Trusts
Pivoting to other machines

Module 7 Persistence and Bypassing Defenses
Abusing Active Directory ACLs
Maintaining Persistence
Bypassing Defenses
Attacking Azure Active Directory

Module 8 Defending Against PowerShell Attacks
Defending an Active Directory Infrastructure
Detecting Attacks
Using Certificates
Using Bastion Hosts
Using AppLocker