I gave a presentation at Sec.MN this week, and wanted to make a blog post that was a collection of resources used by the presentation or requested by attendees.
EDIT 05/20/2016: Slide content and demo code has been slightly modified with content from having presented at Secure360 in May 2016.
Resource Links Used by Presentation, and Addressing Attendee Questions
- MVA: PowerShell Jump Start
- MVA: Advanced PowerShell Jump Start
- MVA: Using PowerShell for Active Directory
- Accidental Sabotage: CredSSP PSRemoting
- PowerSploit Module (Metasploit Framework)
- PowerShellArsenal (Reverse Engineering)
- Disconnecting Terminal Services Sessions with PowerShell
- Constrained PowerShell Remoting Endpoint Configurations (Scripting Guy Blog Series)
- Retrieving IIS App Pool Service Account Passwords in Plain Text!
- Group Managed Service Accounts
- Just In Time, Just Enough Admin: Using Windows PowerShell to Secure a Post-Snowden World (Jeffrey Snover Video Presentation)
- Audit / Log All PowerShell Commands with Group Policy