1 / 20

PowerShell Security best practices

PowerShell Security best practices. Lee Holmes | @ Lee_Holmes Principal SDE |Windows PowerShell | Microsoft. Security geek Developer on the Windows PowerShell team since V1 Author of the Windows PowerShell Cookbook, PowerShellCookbook.com, and Windows PowerShell Pocket Reference

bao
Download Presentation

PowerShell Security best practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PowerShell Security best practices Lee Holmes | @Lee_Holmes Principal SDE |Windows PowerShell | Microsoft

  2. Security geek • Developer on the Windows PowerShell team since V1 • Author of the Windows PowerShell Cookbook, PowerShellCookbook.com, and Windows PowerShell Pocket Reference • @Lee_Holmes & leeholmes.com/blog About Me

  3. What about Execution Policy? • PowerShell Remoting • Scripts  Executables • Dealing with Forensics PowerShell the ShellOperational Security

  4. PowerShell the ShellOperational Security – Execution Policy

  5. PowerShell the ShellOperational Security – Execution Policy Not a user restriction Not a magical form of Antimalware

  6. You Remoting Host Files PowerShell the ShellOperational Security – PowerShell Remoting Understanding the Double-Hop problem Authentication: Kerberos vs. CredSSP – Pass the Hash? Accessing Remote Resources

  7. PowerShell the ShellOperational Security – Scripts  Executables Moving to Post-Exploitation defense “I want to secure my system against C++ attacks” Making sense of holistic system lockdown

  8. PowerShell the ShellOperational Security – Dealing with Forensics @HackingDave @ObscureSec / @Mattifestation “Living off the Land” @JosephBialek “Reflective DLL Injection”

  9. Preventing unrestricted admin access System-wide Transcripts Automatic Module logging Detecting attacks on mitigations PowerShell the ShellOperational Security – Dealing with Forensics

  10. Script Encryption / Obfuscation • Avoiding Code Injection • Avoiding Hard-Coded Secrets PowerShell the LanguageScripting Security

  11. PowerShell the LanguageScripting Security - Script Encryption / Obfuscation

  12. PowerShell the LanguageScripting Security - Script Encryption / Obfuscation Answer: Don’t.

  13. When dealing with dynamic commands or parameters, it’s common to fall back to old programming practices: system(), eval(), exec() Maybe Invoke-Expression? PowerShell the LanguageScripting Security - Preventing Code Injection

  14. PowerShell the LanguageScripting Security – Avoiding Code Injection

  15. PowerShell the LanguageScripting Security – Avoiding Code Injection Parameters support variables Commands support splatting Invocation supports indirection

  16. PowerShell the LanguageScripting Security – Avoiding Code Injection But I REALLY need to!

  17. PowerShell the LanguageScripting Security – Avoiding Code Injection But I REALLY need to!

  18. PowerShell the LanguageScripting Security - Avoiding Hard-Coded Secrets Data protection through Windows’ Data Protection API (DPAPI)

  19. PowerShell the LanguageScripting Security - Avoiding Hard-Coded Secrets Export / Import CliXml ConvertFrom / ConvertToSecureString

  20. Reflective DLL Loading with PowerShell: http://www.youtube.com/watch?v=OAd68_SYQc8 • Living off the Land: http://www.youtube.com/watch?v=j-r6UonEkUw • Get-Help about_Group_Policy_Settingshttp://technet.microsoft.com/en-us/library/jj149004.aspx • Constrained PowerShell Endpointshttp://www.youtube.com/watch?v=kmjJLKlL1Wg • PowerShell Language Specification: http://www.microsoft.com/en-us/download/details.aspx?id=36389 • Composing Command Arguments: http://www.powershellcookbook.com/recipe/XoMw/run-programs-scripts-and-existing-tools Resources

More Related