The PowerShell Podcast Securing PowerShell with Fred Weinmann
I hope you are ready to learn because Fred hits the ground running with information and never lets up. We cover a lot of ground on security and PowerShell, covering topics like: Constrained Language Mode (CLM), script block logging, Anti-Malware Scan Interface (AMSI) and why you should be using it, and more. We finish things up with one of Fred's favorite topics: his amazing PowerShell modules like PSFramework, PSUtil, and PSAzureMigrationAdvisor.
Friedrich Weinmann Bio:
Friedrich Weinmann might be the most enthusiastic advocate of PowerShell I have ever met, and coming from a community where enthusiasm is the norm, that is a bold claim. He is a fantastic teacher and has helped many PowerShellers get started, including Andrew Pla. He is a Premier Field Engineer at Microsoft. Most importantly to him, he creates modules to simplify daily PowerShell. From his Magnum Opus PSFramework to PSAzureModuleAdvisor, which will help you convert your scripts in Azure as AzureAD and MsOnline become unsupported at the end of 2022.
Quote from Fred:
"Execution policy has never prevented a single attacker from running PowerShell if they really wanted to. It’s like you’re trying to protect your home and prevent burglars from coming in by putting a stone on your lawn. That’s the effect of the execution policy. They might miss the stone, they might break a leg, that just might save your day."
Resource links:
Freidrich's GitHub - https://github.com/FriedrichWeinmann
Friedrich's Website - https://allthingspowershell.blogspot.com/
Twitter! - https://twitter.com/fredweinmann
CLM - https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
Freidrich on the value of teaching - https://allthingspowershell.blogspot.com/2018/12/the-roi-of-teaching-others.html
Ashley Mcglone labs - https://github.com/GoateePFE/PowerShellSummit2019/tree/master
Why Execution Policy is not security - https://www.netspi.com/blog/technical/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/
AaronLocker - https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/