Attack and Defend with Powershell

This condensed, hands-on workshop will introduce students to Powershell’s offensive and defensive capabilities.

We’ll connect to our PoC command-and-control centers as we remotely take over a computer: we’ll start by fetching some logs and get different settings to better understand our victim, then exploit some holes to elevate our privilege.  We'll then review various ways to stay persistent, steal passwords and documents, grab screen and email content, install a surreptitious keylogger, turn on the mic and webcam, control the mouse and keyboard, modify various settings, defeat two-factor authentication mechanisms, steal web sessions, execute programs at will.. mimicking anything that a real attacker may do.

From a defender perspective, we’ll understand how such attacks work, review the artifacts that they leave behind, and close some of the holes that allow them to take place. Time permitting, we’ll also write scripts that monitor and alert on some of the more common attacks (plus a bonus: a fun way to defeat most ransomwares with Powershell!)


Students are expected to understand Windows operations and network infrastructure, and have some basic experience with Powershell.

Equipment Requirements

Students will need to bring their own computer, capable of simultaneously running at least two guest Windows VMs.  Training VMs will be provided during class.

Aelon Porat


Aelon Porat is an information security manager at Cision.  He has extensive experience attacking and defending corporate environments.  He likes to jump inside networks and out of planes.