Course repository for PowerShell for Pentesters Course
Playlist Link –
PowerShell for Pentesters is a basic introduction to using PowerShell on internal penetration tests. This course is essentially the PowerShell module from my popular Movement, Pivoting, and Persistence course on TCM Academy and Udemy. In the course we will cover:
- User, group, and workstation enumeration
- Domain enumeration
- Downloading with PowerShell
- Group Policy Enumeration
- ACL Enumeration
- PowerShell Remoting
- PowerView and other popular offensive PowerShell scripts
- Mimikatz exploitation
Scripts are provided for easy installation of Active Directory functionality, however no instruction will be given on installing virtual machines in video. A lab guide provided in this repo will outline the basics for installing your network on Virtualbox. The process is similar on VMWare Workstation and Workstation Pro.
You will need Hashcat for the course, which is accessible at https://hashcat.net/hashcat/. You can also access Hashcat through Kali Linux if you have it installed. A course wordlist is included in the repo which contains user passwords when necessary, and will not require a GPU to crack.
This script will auto-generate the required users, groups, and permissions necessary for my Powershell for Pentesters course.
In order to generate a functional domain controller and active directory, the listed PowerShell scripts need to be executed in the following order:
Invoke-ForestDeploy -DomainName <domain name>
This will install the Windows Active Directory Domain Services toolset and generate the actual domain. Follow the instructions on screen, making note of the domain name used as this will be needed later.
Invoke-ADGenerator -DomainName <domainname>
This will generate the appropriate users, groups, permissions, configurations, and misconfigurations needed for the actual course.
executeScript -ComputerName Workstation-01
This is ran on the Workstation-01 machine created to appropriately name the workstation in the domain. Ensure that you use -ComputerName flag and specify Workstation-01.