The document discusses using PowerShell for remote security assessments. It describes using SSH with PowerShell to remotely manage Windows and Unix machines. A better solution is to use Windows Remote Management (WinRM) and WS-Management to create PowerShell sessions on remote machines, allowing administrators to run commands and scripts remotely with the same syntax. Examples are provided for using PowerShell to generate user lists, scan for malicious processes, kill processes, and parse event logs across multiple remote machines.
Enterprise PowerShell for Remote Security Assessments
As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Forensic analysts, incident handlers, penetration testers, and auditors all regularly find themselves in situations where they need to remotely assess a large number of systems through an automated set of tools. Microsoft’s PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale Windows security assessments.