Detect Services and Port Changes using PowerShell

Libraries: If you want this lab, consider one of these libraries.
Security

Detect Services and Port Changes using PowerShell

In this lab, you’ll practice and develop skills in PowerShell and Windows configuration to look at ways to build defensive capabilities into corporate systems on a company network looking to detect changes to services and ports on a system. When you’re finished, you’ll have the necessary skills and knowledge to create tailored cyber security defense detections for activities relevant to blue team cyber security defense.

Get started Contact sales

Lab Info

Rating

(11)

Level

Beginner

Last updated

Jul 30, 2025

Duration

50m

Challenge

Getting Started in the Lab Environment

Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge

Detecting Changes in Services

In this challenge you will create a script on a corporate server in order to monitor the services running on a system. You will create the script using PowerShell. You will then attempt to detect changes to services on the system to test your new PowerShell script.

This will demonstrate how to use the built-in PowerShell capability available on common Windows operating systems to be able to perform customized audit and security detections. This will help you and your organization protect critical servers by using only known services.
Challenge

Detecting Port Changes

In this challenge you will need to create a script on a corporate server in order to identify new ports created on the system. You will create the script using PowerShell. You will then attempt to create a new port on the system to test your new PowerShell script, simulating a malicious process.

This will demonstrate how to use the built-in PowerShell capability available on common Windows operating systems to be able to perform customized security detections. This will help you and your organization protect critical servers in a repeatable way.

Building further on your learning, you will access findings by remoting from your blue team workstation acting as a central collection and analysis point.
Challenge

The Last Challenge

Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.

About the author

Tim Coakley

Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.