SUMMARY History End of life CLI Services Security Considerations - - PowerPoint PPT Presentation

▶

Apr 06, 2023 285 likes •726 views

SUMMARY History End of life CLI Services Security Considerations Powershell Server Setup BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995) Windows ME

SLIDE 1

SLIDE 2

SUMMARY

▶ History ▶ End of life ▶ CLI ▶ Services ▶ Security Considerations ▶ Powershell ▶ Server Setup

SLIDE 3

BRIEF HISTORY (WINDOWS CLIENT)

▶

MSDOS (1980)

▶

WINDOWS (1985)

▶

WINDOWS 3.1 (1992)

▶

Windows 95 (1995)

▶

Windows ME (2000)

▶

Windows XP (2001)

▶

Windows Vista (2006)

▶

Windows 7 (2009)

▶

Windows 8 (2012)

▶

Windows 10 (2015)

SLIDE 4

BRIEF HISTORY (WINDOWS SERVER)

▶ Windows NT 4.0 (1993) ▶ Windows NT 4.0 (1996) ▶ Windows Server 2003 ▶ Windows Server 2008 ▶ Server 2012 ▶ Server 2016 ▶ Server 2019 (2018)

SLIDE 5

SLIDE 6

MARKET SHARE

SLIDE 7

END OF LIFE

▶ Windows 7 (2020) ▶ Windows 8.1 (2023)

SLIDE 8

END OF LIFE

SLIDE 9

KERNEL TYPES

SLIDE 10

KERNEL

SLIDE 11

COMMAND LINE INTERFACE (CLI)

SLIDE 12

COMMAND LINE INTERFACE (CLI)

SLIDE 13

SERVICES

*Fixes 99% of printer problems

SLIDE 14

WINDOWS SERVER

SLIDE 15

SERVER CORE

SLIDE 16

ACTIVE DIRECTORY (AD)

SLIDE 17

DYNAMIC HOST CONFIGURATION PROTOCOL(DHCP)

SLIDE 18

FILE TRANSFER PROTOCOL (FTP)

SLIDE 19

INTERNET INFORMATION SERVICES (IIS)

SLIDE 20

SERVER MESSAGE BLOCK (SMB)

SLIDE 21

DOMAIN NAME SERVICE (DNS)

SLIDE 22

GROUP POLICY OBJECTS (GPO)

SLIDE 23

SECURITY CONSIDERATIONS

SLIDE 24

WINDOWS DEFENDER

▶ Built into Windows ▶ Behavior based/Signature based

SLIDE 25

WINDOWS DEFENDER

SLIDE 26

POWERSHELL BASED EXPLOITATION

▶ “Living off the land” ▶ Open Source Tools

▶

Bloodhound

▶

Empire (BC-Security Branch)

▶

Powerup

▶

PoshC2

▶

Death Star

▶

And more…

SLIDE 27

WHEN SIGNATURE DETECTION FAILS

SLIDE 28

BEHAVIOR DETECTION SUCCEEDS

SLIDE 29

WINDOWS DEFENDER + GROUP POLICIES

SLIDE 30

WINDOWS DEFENDER + GROUP POLICIES

SLIDE 31

SLIDE 32

POWERSHELL COMMANDS

▶ Get-Service

▶

Lists services running or stopped

SLIDE 33

POWERSHELL COMMANDS

▶ Get-Childitem (-hidden)

▶

Lists directories and files

SLIDE 34

POWERSHELL COMMANDS

▶ Start-Service <servicename> ▶ Stop-Service <servicename>

▶

Start/Stop service

▶

Ex. Start-Service DNS

SLIDE 35

POWERSHELL COMMANDS

▶ sc.exe start <servicename> ▶ sc.exe stop <servicename>

▶

Start/Stop service

SLIDE 36

POWERSHELL COMMANDS

▶ Set-Service –Name <serviceName> -StartupType <startupType>

▶

Automatic (Delayed)

▶

Automatic

▶

Manual

▶

Disabled

SLIDE 37

POWERSHELL COMMANDS

▶ Get-MpComputerStatus

▶

Gets the status of antimalware software on system

SLIDE 38

POWERSHELL COMMANDS

▶ Start-MpScan

▶

[-ScanPath <String>]

▶

[-ScanType <ScanType>]

▶

[-CimSession <CimSession[]>]

▶

[-ThrottleLimit <Int32>]

▶

[-AsJob]

SLIDE 39

POWERSHELL COMMANDS

▶ Get-Process

▶

List Processes

SLIDE 40

POWERSHELL COMMANDS

▶ Get-ComputerInfo

▶

Display system information

SLIDE 41

POWERSHELL COMMANDS

▶ Clear

▶

Clear Screen

SLIDE 42

POWERSHELL COMMANDS

▶ More info https://docs.microsoft.com/en-us/powershell/

SLIDE 43

SUMMARY

BRIEF HISTORY (WINDOWS CLIENT)

BRIEF HISTORY (WINDOWS SERVER)

MARKET SHARE

END OF LIFE

END OF LIFE

KERNEL TYPES

KERNEL

COMMAND LINE INTERFACE (CLI)

COMMAND LINE INTERFACE (CLI)

SERVICES

WINDOWS SERVER

SERVER CORE

ACTIVE DIRECTORY (AD)

DYNAMIC HOST CONFIGURATION PROTOCOL(DHCP)

FILE TRANSFER PROTOCOL (FTP)

INTERNET INFORMATION SERVICES (IIS)

SERVER MESSAGE BLOCK (SMB)

DOMAIN NAME SERVICE (DNS)

GROUP POLICY OBJECTS (GPO)

SECURITY CONSIDERATIONS

WINDOWS DEFENDER

WINDOWS DEFENDER

POWERSHELL BASED EXPLOITATION

Bloodhound

Empire (BC-Security Branch)

Powerup

PoshC2

Death Star

And more…

WHEN SIGNATURE DETECTION FAILS

BEHAVIOR DETECTION SUCCEEDS

WINDOWS DEFENDER + GROUP POLICIES

WINDOWS DEFENDER + GROUP POLICIES

POWERSHELL COMMANDS

Lists services running or stopped

POWERSHELL COMMANDS

Lists directories and files

POWERSHELL COMMANDS

Start/Stop service

POWERSHELL COMMANDS

Start/Stop service

POWERSHELL COMMANDS

Automatic (Delayed)

Automatic

Manual

Disabled

POWERSHELL COMMANDS

Gets the status of antimalware software on system

POWERSHELL COMMANDS

[-ScanPath <String>]

[-ScanType <ScanType>]

[-CimSession <CimSession[]>]

[-ThrottleLimit <Int32>]

[-AsJob]

POWERSHELL COMMANDS

List Processes

POWERSHELL COMMANDS

Display system information

POWERSHELL COMMANDS

Clear Screen

POWERSHELL COMMANDS

SERVER SETUP