At first glance, when I see the word “Security” paired with “PowerShell”, my mind instantly goes into protection mode. Right away I think of malicious activities like “Living off the land” attacks, mimikatz, PowerSploit and Empire to name a few.
But here is the kicker; PowerShell isn’t just a useful tool for malicious actors. It can be equally useful for counteracting malicious activity and detecting unwanted intrusions. For example, what if you wanted to check AD for which valid users, or possibly malicious users, have privileged access because of a group assignment? Yes, you could use ADUC and navigate through the OU’s to the groups and check its membership. This is fine if you’re doing this once and have just a couple of privileged groups. But it’s fairly safe to say that none of us fall into that category.
The solution? Automation. In this webinar, Russell Smith, from our sponsor Netwrix, introduces the basics of using PowerShell to automate simple checks for keeping Active Directory, Azure Active Directory, and Windows file servers secure. You will learn how to use PowerShell cmdlets and modules, including connecting to Azure Active Directory. Russell will explain how each script works so that you can adapt them for your own environment.
You will learn just how easy it can be to automate PowerShell scripts to:
- Monitor Azure AD sign-in logs
- Check privileged group membership in Windows Server Active Directory
- Report on Windows Server Active Directory schema changes
- Get Windows Server NTFS file permissions reports
- Search the Windows Event Log for file permission changes
Here are some of the commands we are going to examine in this webinar:
- Get-AzureADAuditSignInLogs
- Get-ADGroupMember
- Get-ADObject
- Get-ADRootDSE
- Get-ChildItem
- Get-Acl
- Get-Content
- Get-WinEvent
Even if you are very knowledgeable about some or all of the commands in this list, be assured that this will be about more than just PowerShell commands; it’s about gluing them together into useful scripts.
Join now! You don’t want to miss this real training for free session.