SEC505: Securing Windows with PowerShell and the Critical Security Controls

A session at SANS Baltimore Spring 2016

How can we defend against pass-the-hash attacks, administrator account compromise, and the lateral movement of hackers inside our networks? How do we actually implement the Critical Security Controls on Windows in a large environment? How can we significantly reduce the client-side exploits that lead to advanced persistent threat malware infections? We tackle these tough problems in SEC505: Securing Windows with PowerShell and the Critical Security Controls. Understanding how penetration testers and hackers break into networks is not the same as knowing how to design defenses against them, especially when you work in a large and complex Active Directory environment. Knowing about tools like Metasploit, Cain, Netcat, and Poison Ivy is useful, but there is no simple patch against their abuse. The goal of this course is to show you ways to defend against both current Windows attack techniques and the likely types of attacks we can expect in the future. This requires more than just reactive patch management - we need to proactively design security into our systems and networks. That is what SEC505 is about. Your adversaries want to elevate their privileges to win control over your servers and domain controllers, so a major theme of this course is controlling administrative powers through Group Policy and PowerShell scripting. Learning PowerShell is probably the single best new skill for Windows administrators, especially with the trend toward cloud computing. Most of your competition in the job market lacks scripting skills, so knowing PowerShell is a great way to make your resume stand out. This course devotes the entire first day to PowerShell, then we do more PowerShell exercises throughout the rest of the week. Don't worry, you don't need any prior scripting experience to attend. SEC505 will also prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exam to prove your Windows security expertise. The GCWN certification counts toward getting a Master's Degree in information security from the SANS Technology Institute (www.sans.edu) and also satisfies the Department of Defense 8570 computing environment requirement. This is a fun course and a real eye-opener, even for Windows administrators with years of experience. Come have fun learning PowerShell and Windows security!

About the speaker

This person is speaking at this event.
Jason Fossen

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Mon 9th May 2016

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session