….is a comprehensive guide for security professionals, penetration testers, system administrators, and both red and blue teams. It focuses on providing the knowledge needed to leverage PowerShell effectively for security operations. The book is authored by Miriam C. Wiesner, a Senior Security Researcher at Microsoft.
From her public bio she brings over 15 years of experience in IT and IT security, having worked in various roles across the field. If you’re interested in enhancing your PowerShell skills for Cybersecurity purposes, consider exploring this book.
For more details, you can find the book’s code repository on GitHub.
Miriam C. Wiesner’s multifaceted background positions her as a knowledgeable and influential figure in the Cybersecurity community. Her book reflects this depth of expertise, making it a valuable resource for both red and blue team practitioners.
Listen to an interview with Miriam on the PowerShell.org podcast here.
Book Overview:
- The book covers a wide range of topics related to PowerShell and its application in Cybersecurity.
- It emphasizes practical techniques for fortifying environments, detecting attacks, and managing security risks.
- The book includes a comprehensive index which makes it great as a reference.
- It introduces several PowerShell based tools to assist with security related tasks.
Key Topics:
- Introduction to PowerShell: A short overview of working in PowerShell.
- Mitigation Techniques: Learn how to mitigate security risks using PowerShell.
- Event Log Analysis: Understand event logs and their significance in relation to PowerShell. Discover important event IDs for monitoring your environment.
- PSRemoting Configuration: Explore PSRemoting, its risks, bypasses, and best practices.
- System Access and Exploitation: PowerShell for system access, exploitation, and hijacking.
- Active Directory and Azure AD Security: Gain insights into securing Active Directory and Azure AD.
- JEA (Just Enough Administration): Learn about restricting command execution using JEA.
- Red and Blue Teams: Common PowerShell tools and cookbooks for Red and Blue teams.
Prerequisites:
- A basic understanding of PowerShell, Cybersecurity fundamentals, and scripting is essential.
- Some familiarity with active directory, C++/C#, and assembly can be beneficial for certain parts of the book.
Software and Hardware Requirements:
- The book’s code examples are designed to run on Windows PowerShell and PowerShell 7.3 and above. Most examples indicate which version is required.
- You’ll need Windows 10 or above for most exercises.
- Windows Server 2019 and above are required for specific scenarios.
More about the author.
Miriam C. Wiesner, the author of “PowerShell Automation and Scripting for Cybersecurity,” brings a wealth of experience to the field and it shows in her book.
Her background:
Professional Journey:
- Her career spans various roles, including:
- Administrator/System Engineer: She’s been on the front lines, managing systems and infrastructure.
- Software Developer: Her coding skills have contributed to building robust solutions.
- Premier Field Engineer: As a trusted advisor, she assisted organizations in optimizing their technology stack.
- Program Manager: Miriam has navigated project management waters, ensuring successful outcomes.
- Security Consultant and Pen tester: Her expertise extends to penetration testing and security consulting.
Research and Contributions:
- Miriam is a Senior Security Researcher at Microsoft.
- She’s part of the team that develops the detections behind Microsoft 365 Defender—a critical role in enhancing threat detection and response.
- She’s a creator of open-source tools based on PowerShell, including EventList and JEAnalyzer.
- Miriam has shared her insights at international conferences such as Black Hat (USA, Europe & Asia), PSConf EU, and more.