Building PowerShell Security Tools in a Windows Environment

System administrators aren't on the information security team, but by using the security tools you'll be building in this course in PowerShell, the security team will want to know where you got your skills!
Course info
Level
Intermediate
Updated
Mar 20, 2019
Duration
2h 50m
Table of contents
Description
Course info
Level
Intermediate
Updated
Mar 20, 2019
Duration
2h 50m
Description

IT security is everyone's responsibility. System administrators and IT professionals aren't information security gurus but they still need the tools to be an organization's first line of defense. In this course, Building PowerShell Security Tools in a Windows Environment, you will gain the ability to build PowerShell scripts and modules to discover potential and real security threats in your organization through reporting and change management. First, you will learn how to parse the Windows event log and query for and apply Windows patches. Next, you will discover to detect various changes in your environment. Finally, you will explore how to how to encrypt and decrypt sensitive information with PowerShell. When you are finished with this course, you will have the skills and knowledge of building PowerShell tools to query for and remediate common security threats needed to secure your IT organization.

About the author
About the author

Adam Bertram is an independent consultant, technical writer, trainer, and presenter. Adam specializes in consulting and evangelizing all things IT automation, mainly focused around Windows PowerShell.

More from the author
Infrastructure Testing with Pester
Intermediate
2h 52m
Jan 5, 2017
More courses by Adam Bertram
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Adam Bertram. Welcome to my course, Building PowerShell Security Tools in a Windows Environment. I've been in IT for a long time. Why would you specifically take this course by me? Well, the reason is because I teach it like I see it. I hold no punches and teach from experience, not from a book. And I have over 10 years of experience in PowerShell. Windows system administrators and IT pros don't have to be full-time security personnel. But by using PowerShell, they sure can build some handy tools. This course shows system administrators how to build many different types of tools around the security space with PowerShell. The first place you look when a breach happens is a log. In this course, we're going to dedicate an entire module to the Windows event log. Next, we'll use PowerShell to query and install patches. PowerShell is great for ad hoc patching. We'll then get into the monitoring module where we'll then build some useful tools to monitor the final system through WMI events, some local and AD group membership monitoring in Active Directory, and more. And finally, we'll wrap up with how to properly handle sensitive information, most commonly passwords in your PowerShell script. All in all, we're going to be doing a lot of reporting, and we're going to be covering a lot of PowerShell along the way to make it all happen. By the end of this course, you'll have a great starting point on how you can use PowerShell to monitor your environment across many different areas. I hope you'll join me on this journey to dive into some PowerShell with Building PowerShell Security Tools in a Windows Environment at Pluralsight.

Managing Windows Patches
Patching has got to be one of the most common tasks any Windows sys admin endures. I remember the days when Patch Tuesday would roll around where we'd scramble to get all the patches rolled out, which would inevitably break something. I mean we'd scramble to roll all that stuff back. Those were the days. Anyway, nightmares aside, this is the module I wish I had back then. In this module, we're primarily going to cover three over-arching topics. First is we're going to learn how to query patches first on one computer, then on lots of them at once. We'll break down how to use ComObjects and other methods to quickly and easily query both local and remote systems for patches matching various criteria. Once we've learned the basics of querying patches, we'll then take that information and create some really nice reports. The console output works, but it's really not too pretty. Building HTML reports allows us to visualize the state of patches across all of our servers. And finally, we'll take the next logical step and install all those missing patches. We'll do all of this by building a few PowerShell functions as we go to give you some really useful tools to take away from this module.

Detecting Changes in Your Environment
Thousands of changes are happening every minute or every day in your environment. There's no way you can monitor each one, but we can pick off a few of the important ones. In this module, we're going to cover a few examples of changes and how to take action when those changes occur. What are we going to do in this module? Well first off, we're going to hit on monitoring hard. We'll cover the basics of what makes a great monitor, how to build one, and then we'll go into build some tools. As part of these monitors, we're going to go over defining triggers and then taking action somehow. That could be as simple as sending an email or maybe even running a PowerShell script to do all kinds of things. And finally, we'll apply these tactics to both local and AD groups and the Windows filesystem. Although there are plenty of other things to monitor out there, this module will give you the necessary framework to build monitors of all types.

Managing Sensitive Information Securely
Have you ever used a plain text password in a script just because it was easier? Don't lie. I'll be honest. I have until I figured out a more secure way, yet still pretty easy way to do it. In this module, we're going to cover a few scenarios where we admins have to deal with passwords, certificates, API keys, and all kinds of other sensitive information. And then we'll show you how you can properly handle them. Throughout this module, our theme is going to be sensitive information. We'll start off with figuring out who the lazy ones are in our AD organization, such as who has somehow decided to use the password 123 as their password? We'll then cover some really neat ways to encrypt, decrypt, and store this information on disk securely. And then finally, you'll get an introduction to a community module that aims to help you standardize the way we handle secrets. And we'll also build our own PowerShell module to bring this Pluralsight course module all together.