Welcome to my central repository for PowerShell automation and security research. This project documents my professional growth in Cybersecurity, focusing on leveraging PowerShell for system administration, threat hunting, and infrastructure management.
The objective of this repository is to build a library of reusable scripts and detailed "Threat-Brief" style documentation that demonstrates proficiency in:
- Enterprise Administration: Managing Active Directory objects and Group Policy at scale.
- Security Automation: Parsing logs and identifying Indicators of Compromise (IoCs).
- System Hardening: Automating security configurations based on industry benchmarks.
To simulate a true corporate network, this lab utilizes a multi-VM architecture hosted in Oracle VirtualBox. This allows for testing remote administration and network-based security controls.
- Domain Controller: Windows Server 2019 (
ad.lab) - Management Workstation: Windows Enterprise (Version 22H2)
- Connectivity: Isolated via VirtualBox Internal Network to ensure a safe testing perimeter.
- Tools: Remote Server Administration Tools (RSAT) installed on the workstation to manage the DC via PowerShell.
I utilize a strict snapshot strategy to maintain environment integrity:
- Base Configuration: Clean OS installs with all necessary modules pre-loaded.
- Snapshots: A "Golden Image" snapshot is taken before any script execution.
- Rollback: After testing high-impact or destructive scripts (like bulk user management or GPO changes), the workstation VM is rolled back to a clean state.
- Lab 00: Vulnerable AD Configuration β
- Lab 01: Environment & Module Verification β
- Lab 02: Automated Bulk User Creation β
- Lab 03: Privileged Group Membership Audit π‘
- Lab 04: Stale Account Identification & Disablement βͺ
- Lab 05: Automated OU Structure Deployment βͺ
- Lab 06: Password Policy Compliance Reporting βͺ
- Lab 07: Incident Response: Automated Account Lockout βͺ
- Lab 08: GPO Inventory & Link Reporting βͺ
- Lab 09: DNS & Domain Controller Health Check βͺ
- Lab 10: Security Log Parsing: Brute Force Detection βͺ
Thomas Price Cybersecurity Professional
Current Certifications:
- GIAC Foundational Cybersecurity Technologies (GFACT)
- GIAC Security Essentials (GSEC)
- GIAC Security Operations Certified (GSOC)
- CompTIA A+
- Currently pursuing CompTIA Security+ 701
Connect with me:
- GitHub: https://github.com/tp8888
- Medium: Thomas Price on Medium