Presentation is loading. Please wait.

Presentation is loading. Please wait.

#BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides. PowerShell: Drink the Kool-Aid.

Published byLoreen McCormick Modified over 9 years ago

Similar presentations

Presentation on theme: "#BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides. PowerShell: Drink the Kool-Aid."— Presentation transcript:

1 #BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides. PowerShell: Drink the Kool-Aid

2 AGENDA SA Vs SA Why PowerShell PowerShell Overview Why you should care Brief description System Administration Incident Response Compliance Module #BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides.

3 PS C:\>Get-Content –ne Presentation Not intended to make you a programmer Not a deep-dive Will Not make you an expert We are not affiliated with any sweet rich vendors

4 PS C:\>Get-Content HardbitSolutions Wayne Pruitt 85%Mountaindew,15%Brain The Lead Geek of the Hardbit Solutions team MCAD, MCSD, MCDBA, C|EH, E|CSA, C|HFI, E|CSP, E|DRP, E|CIH and E|CEI. Over the past 12 years he has held many jobs supporting a variety of roles within the Federal Government ranks; ranging from system administrator, security administrator, developer and several IT manager roles. Zack Wojton 87%Beer,2%CrownRoyal,11%Hair CTO of the Hardbit Solutions team Masters of Science in Information Technology | Security, MCSA, ICND, G2700, C|EH, E|CSA, and C|HFI certifications A night owl, that believes in life-long learning. Has over a decade of IT security under his belt, held more IT related jobs than they have certifications for, and believes security is where it all comes together. Masters is so almost over. #BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides.

5 PS C:\>SA-Vs-SA Sure we have things wrong with our industry (but that is why it rocks!) Secure Administrator Mentoring Crossing the streams

6 PS C:\>Why-PowerShell Scripting powers for all Make reusable tools

7 PS C:\>Get-Caring PowerShell is native PowerShell can save you time PowerShell can save you $ PowerShell can do remote administration PowerShell can be controlled through policy Can be immediately effective

8

9 PS C:\>Get-Started No book necessary (there are some sweet ones) Verb-Noun Get-Help / Man Get-Command Get-Help About_*

10 PS C:\> Get-Process Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 213 16 6644 15060 95 30.15 5140 AcroRd32 386 47 236592 257684 398 293.63 5476 AcroRd32 _________________________________ PS C:\> Get-Process | sort-object –property VM -descending Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 3587 151 101740 156400 617 21.06 8920 OUTLOOK 583 23 85832 90608 577 4.88 8736 powershell _________________________________ PS C:\> Get-Process | sort-object –property VM –descending | select- object –first 10 –property company, Name, ID, Path | fl Company : Microsoft Corporation Name : OUTLOOK Id : 8920 Path : C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE DEMO

11 PS C:\>PowerShell Administrators Get-Hotfix Account Info / Management System Inventory / Management Log Review (Failed Logons)

12 PS C:\>PowerShell IR / Analysis Gather restore points Gather File Information Gather NIC Modes Gather File MRU List

13 PS C:\>PowerShell Compliance Is machine part of a domain? Gather Server Roles Gather Local Groups Gather Members of Local Admin Group Answer “are security updates installed on a regular basis?”

14 PS C:\>PowerShell Module Sweetness Get-MachineInfo Get-Uptime Get-RebootTime Get-PageFile Get-PendingReboot Get-InstalledSoftware Get-USBDevice

15 PS C:\>Get-Questions Any Questions?

16 CHEERS!

17 Resources: Hardbit Solutions: http:/www.HardbitSolutions.com PowerShellCommunity.Org: http://www.PowershellCommunity.Org Many excellent books: Manning Press book by PowerShell Dev Lead Bruce Payette: PowerShell in Action O’Reilly book by PowerShell Dev Lee Holmes – Windows PowerShell Cookbook

Download ppt "#BSidesCLEVO PowerShell Copyright (C) 2014 ClevelandBSides. PowerShell: Drink the Kool-Aid."

Similar presentations

Presentation: 20 minutes

Presentation: 20 minutes
SharePoint 2007 Operations Module 1: Introduction.

SharePoint 2007 Operations Module 1: Introduction.
02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
By Aaron Nelson I blog at SCVMM This!. Why Virtualize Four components make virtualization very compelling. * (to me) Live Migration – If you need to switch.

By Aaron Nelson I blog at SCVMM This!. Why Virtualize Four components make virtualization very compelling. * (to me) Live Migration – If you need to switch.
Daniel Petri MVP, Microsoft Infrastructure Manager John Bryce Training November 2007.

Daniel Petri MVP, Microsoft Infrastructure Manager John Bryce Training November 2007.
Welcome Course 20410B Module 0: Introduction Audience

Welcome Course 20410B Module 0: Introduction Audience
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
PowerShell: Drink the Kool-Aid!. Who we are…..Who we are…..

PowerShell: Drink the Kool-Aid!. Who we are…..Who we are…..
#BSidesCMH PowerShell Copyright (C) 2014 ColumbusBSides. PowerShell: Drink the Kool-Aid.

#BSidesCMH PowerShell Copyright (C) 2014 ColumbusBSides. PowerShell: Drink the Kool-Aid.
Windows Server 2012 Certification and Training June 2012.

Windows Server 2012 Certification and Training June 2012.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.
Module 1: Installing Internet Information Services 5.0.

Module 1: Installing Internet Information Services 5.0.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Deploying and Managing Windows Server 2012

Deploying and Managing Windows Server 2012
© 2007 Asynchrony Solutions, Inc. 1 10/29/07 Introduction to PowerShell Brian Button VP Engineering Asynchrony Solutions, Inc

© 2007 Asynchrony Solutions, Inc. 1 10/29/07 Introduction to PowerShell Brian Button VP Engineering Asynchrony Solutions, Inc
Course 2072: Administering a Microsoft SQL Server 2000 Database.

Course 2072: Administering a Microsoft SQL Server 2000 Database.
9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.

9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.
SharePoint 2010 Development Environment A Guide to Setup SharePoint 2010 Development Environment on Windows 7 Machine.

SharePoint 2010 Development Environment A Guide to Setup SharePoint 2010 Development Environment on Windows 7 Machine.
PowerShell Basics. o PowerShell is a great way to manipulate server and/or workstation components o It’s geared toward system administrators by creating.

PowerShell Basics. o PowerShell is a great way to manipulate server and/or workstation components o It’s geared toward system administrators by creating.
Course 10135A Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010.

Course 10135A Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010.

Similar presentations

Ads by Google