Presentation is loading. Please wait.

Presentation is loading. Please wait.

POWERSHELL SECURITY BEST PRACTICES Lee Holmes Principal SDE |Windows PowerShell | Microsoft.

Similar presentations


Presentation on theme: "POWERSHELL SECURITY BEST PRACTICES Lee Holmes Principal SDE |Windows PowerShell | Microsoft."— Presentation transcript:

1 POWERSHELL SECURITY BEST PRACTICES Lee Holmes Principal SDE |Windows PowerShell | Microsoft

2 ABOUT ME  Security geek  Developer on the Windows PowerShell team since V1  Author of the Windows PowerShell Cookbook, PowerShellCookbook.com, and Windows PowerShell Pocket Reference & leeholmes.com/blog

3 POWERSHELL THE SHELL OPERATIONAL SECURITY  What about Execution Policy?  PowerShell Remoting  Scripts  Executables  Dealing with Forensics

4 POWERSHELL THE SHELL OPERATIONAL SECURITY – EXECUTION POLICY

5 Not a user restriction Not a magical form of Antimalware

6 POWERSHELL THE SHELL OPERATIONAL SECURITY – POWERSHELL REMOTING You Remoting Host Files Understanding the Double-Hop problem Authentication: Kerberos vs. CredSSP – Pass the Hash? Accessing Remote Resources

7 POWERSHELL THE SHELL OPERATIONAL SECURITY – SCRIPTS  EXECUTABLES Moving to Post-Exploitation defense “I want to secure my system against C++ attacks” Making sense of holistic system lockdown

8 POWERSHELL THE SHELL OPERATIONAL SECURITY – DEALING “Living off the “Reflective DLL Injection”

9 POWERSHELL THE SHELL OPERATIONAL SECURITY – DEALING WITH FORENSICS Preventing unrestricted admin access System-wide Transcripts Automatic Module logging Detecting attacks on mitigations

10 POWERSHELL THE LANGUAGE SCRIPTING SECURITY  Script Encryption / Obfuscation  Avoiding Code Injection  Avoiding Hard-Coded Secrets

11 POWERSHELL THE LANGUAGE SCRIPTING SECURITY - SCRIPT ENCRYPTION / OBFUSCATION

12 Answer: Don’t.

13 POWERSHELL THE LANGUAGE SCRIPTING SECURITY - PREVENTING CODE INJECTION When dealing with dynamic commands or parameters, it’s common to fall back to old programming practices: system(), eval(), exec() Maybe Invoke-Expression?

14 POWERSHELL THE LANGUAGE SCRIPTING SECURITY – AVOIDING CODE INJECTION

15 Parameters support variables Commands support splatting Invocation supports indirection

16 POWERSHELL THE LANGUAGE SCRIPTING SECURITY – AVOIDING CODE INJECTION But I REALLY need to!

17 POWERSHELL THE LANGUAGE SCRIPTING SECURITY – AVOIDING CODE INJECTION But I REALLY need to!

18 POWERSHELL THE LANGUAGE SCRIPTING SECURITY - AVOIDING HARD-CODED SECRETS Data protection through Windows’ Data Protection API (DPAPI)

19 POWERSHELL THE LANGUAGE SCRIPTING SECURITY - AVOIDING HARD-CODED SECRETS Export / Import CliXml ConvertFrom / ConvertTo SecureString

20 RESOURCES  Reflective DLL Loading with PowerShell:  Living off the Land:  Get-Help about_Group_Policy_Settings  Constrained PowerShell Endpoints  PowerShell Language Specification:  Composing Command Arguments: tools tools


Download ppt "POWERSHELL SECURITY BEST PRACTICES Lee Holmes Principal SDE |Windows PowerShell | Microsoft."

Similar presentations


Ads by Google