Please contact me at nikhil[dot]uitrgpv[at]gmail[dot]com for more details and schedule.


Offensive PowerShell for Red and Blue Teams

Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. 

PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell.
This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase.  Some of the techniques (see the course content for details), implemented using PowerShell, used in the course:
-    In-memory shellcode execution using client side attacks.
-    Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.)
-    Using Metasploit payloads with no detection
-    Active Directory trust mapping, abuse and Kerberos attacks.
-    Dump Windows passwords, Web passwords, Wireless keys, LSA Secrets and other system secrets in plain text
-    Using DNS, HTTPS, Gmail etc. as communication channels for shell access and exfiltration.
-    Network relays, port forwarding and pivots to other machines.
-    Reboot and Event persistence
-    Bypass security controls like Firewalls, HIPS and Anti-Virus.

The course is a mixture of demonstrations, exercises, hands-on and lecture.  The training focuses more on methodology and techniques than tools. Attendees will get free one month access to a complete Active Directory environment after the training. 

Attendees would be able to write own scripts and customize existing ones for security testing after this training. This training aims to change how you test a Windows based environment.

Course Content

Day1 – PowerShell Essentials
-    Introduction to PowerShell
-    Language Essentials
-    Using ISE
-    Help system
-    Syntax of cmdlets and other commands
-    Variables, Operators, Types, Output Formatting
-    Conditional and Loop Statements
-    Functions
-     Modules
-    PowerShell Remoting and Jobs
-    Writing simple PowerShell scripts
-    Extending PowerShell with .Net
-    Accessing Windows API
-    WMI with PowerShell
-    Playing with the Windows Registry
-    COM Objects with PowerShell

Day 2 – Getting a foothold
-    Recon, Information Gathering and the likes
-    Vulnerability Scanning and Analysis
-    Exploitation – Getting a foothold
-    Exploiting MSSQL Servers
-    Client Side Attacks with PowerShell
-    PowerShell with Human Interface Devices
-    Writing shells in PowerShell
-    Using Metasploit and PowerShell together
-    Porting Exploits to PowerShell

Day 3 – Post Exploitation and Lateral Movement
-    Post-Exploitation – What PowerShell is actually made for
-    Enumeration and Information Gathering
-    Privilege Escalation
-    Dumping System and Domain Secrets
-    Kerberos attacks (Golden, Silver Tickets and more)
-    Backdoors and Command and Control
-    Abusing SQL Server Trusts
-    Pivoting to other machines
-    Poshing the hashes™
-    Replaying credentials
-    Network Relays and Port Forwarding

Day 4 – Persistence, Defenses and Bypass
-    Achieving Persistence
-    Clearing Tracks
-    Bypass Basic Defenses
-    Detecting and stopping PowerShell attacks
-    Bypass Advanced Defenses
-    Quick System Audits with PowerShell
-    Security controls available with PowerShell

What would the attendees gain?

1. PowerShell Hacker’s Cheat Sheet, one month access to the online Lab, solutions to exercises, sample source code, Lab manual, Lab machines (VM) , updated tools and extra slides explaining things which could not be covered.
2. The attendees would learn a powerful attack method which could be applied from day one after the training.
3. The attendees would understand that it is not always required to use third party executables, non-native code or memory corruption exploits on the targets.
4. The attendees would learn how PowerShell reduces dependence on existing frameworks yet seamlessly integrates with them.


1. Basic understanding of how penetration tests are done.
2. Basic understanding of a programming or scripting language could be helpful but is not mandatory.
3. An open mind.

System Requirements

A Windows 7 or later system with 4 GB RAM, with Administrative access and ability to run PowerShell scripts.
Ability to run VMware virtual machines.


Hacking with Human Interface Devices

This training focuses on using USB Human Interface Device for penetration testing.  The emphasis of this comprehensive training would be on using HIDs in each step of a penetration test.

We will see how attacks like backdoors, keyloggers, in-memory code execution, data stealing, wireless hackery, dns txt queries for code execution and backdoors, dumping system secrets, persisting on the targets, setting up rogue APs, worms and more could be done using only HID and built-in tools in an Operating System. Focus would be on Windows but attacks on Linux and OS X would also be discussed.

Details about Kautilya will be discussed which is a toolkit developed by the trainer which eases the use of USB HID in Penetration Tests. The participants will learn about programming a HID as per their requirement.  At least three different HIDs would be used.
Different techniques of using a HID would be discussed. This includes hiding the device inside other device and Social Engineering scenarios. No hardware knowledge is required. Participants would be able to program their own devices after the training. This training aims to make HID usage in Penetration Tests practical.


  1. Great Work Sir... really i am speechless to appreciate u for this great job... RAB!

  2. Do you know if the training at HITCON can be done remotely?

    1. Sorry. The training at HITCON is live and can't be attended remotely.

  3. training is free or what??

  4. Hi Nikhil. I am taking your penetration test for PowerShell online. My question is where I can find the scripts that you use on the part of Brute Force 1 and 2. Cannot find them in nishang module. Thanks

    1. Drop me an email at nikhil[dot]uitrgpv[at]

    2. Well, now you made every bot on the World Wide Web to email him.

  5. Hey Nikhil, I'm still working through the coursework from PowerShell for Penetration Testers from Security Tube! Amazing course so far man! Can't wait to finish these exam scripts, they are demanding and awesome!!

  6. Hi Nikhil, just wondering where to download the videos for your course on security tube, I have signed up but not sure where to find the content

  7. Hi Nikhil,

    I have a website for penetration test, for which i have a powershell script to validate under IE - which is working fine. I now have to do the screen scraping and object spy analysis in chrome & firefox.
    I have used psueragent to set up for chrome, but how do i instantiate new chrome object. Is there a way to handle the chrome browser window? find window handle and get the text, location, buttons, checkboxes, radiobuttons etc - since i need to find a radiobutton and retrieve data.
    Please let me know.