This document provides an agenda and slides for a PowerShell presentation. The agenda covers PowerShell basics, file systems, users and access control, event logs, and system management. The slides introduce PowerShell, discuss cmdlets and modules, and demonstrate various administrative tasks like managing files, users, services, and the firewall using PowerShell. The presentation aims to show how PowerShell can be used for both system administration and security/blue team tasks.
Professional Help for PowerShell ModulesJune Blender
Slides from talk at PowerShell Conference Europe 2016 (@PSConfEu). In this deck:
-- Why write PowerShell help?
-- How help for modules differs from cmdlet help
-- Mechanics:
---- Comment-based help vs. XML help
---- About topic format requirements and best practices
-- About Help Content
---- How to start an About topic
---- How to organize an About topic.
---- About topic checklist
-- How to support online help
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
This is an end-to-end introduction to PowerShell, as an interactive shell but more as a scripting language. From the perspective of a full-stack developer, this presentation covers the basics and six of the common issues that occasional users run into.
Professional Help for PowerShell ModulesJune Blender
Slides from talk at PowerShell Conference Europe 2016 (@PSConfEu). In this deck:
-- Why write PowerShell help?
-- How help for modules differs from cmdlet help
-- Mechanics:
---- Comment-based help vs. XML help
---- About topic format requirements and best practices
-- About Help Content
---- How to start an About topic
---- How to organize an About topic.
---- About topic checklist
-- How to support online help
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
This is an end-to-end introduction to PowerShell, as an interactive shell but more as a scripting language. From the perspective of a full-stack developer, this presentation covers the basics and six of the common issues that occasional users run into.
Kicking off with Zend Expressive and Doctrine ORM (ZendCon 2016)James Titcumb
You've heard of the new Zend framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and how to integrate a third party tool like Doctrine ORM.
Php Dependency Management with Composer ZendCon 2016Clark Everetts
A deep-dive for beginners into Composer, the dependency manager for PHP. Learn how Composer helps you obtain the components your applications depend upon, installs them into your project, and controls their update to newer versions.
This is the fourteenth (and last for now) set of slides from a Perl programming course that I held some years ago.
I want to share it with everyone looking for intransitive Perl-knowledge.
A table of content for all presentations can be found at i-can.eu.
The source code for the examples and the presentations in ODP format are on https://github.com/kberov/PerlProgrammingCourse
Learn how to use Bolt in an interactive workshop with hands-on labs.
Join us for an interactive, virtual Bolt workshop on 28 April 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
Event details:
Title: Bolt Virtual Workshop
Date: Wednesday, 1 April 2020
Time: 1:00 p.m. - 3:00 p.m. EDT
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
Slides from our CodeMash 2013 Precompiler session, "Web Development with Python and Django", including a breezy introduction to the Python programming language and the Django web framework. The example code repository is available at https://github.com/finiteloopsoftware/django-precompiler/
Recent workshop on security code review given at SecTalks Melbourne. The slides contain a link to the vulnerable PHP application to perform the review.
PECL Picks - Extensions to make your life betterZendCon
One of the biggest strengths of PHP is its "glue" power. Take any C library and with a little magic and a compiler you have a fantastic extension. These extensions hide in PECL, but few people can tell the good from the unmaintained or just plain broken. Find the best extensions for your project, learn about PECL, and find out how to become a part of the PECL developer community.
Advanced Eclipse Workshop (held at IPC2010 -spring edition-)Bastian Feder
So wie sich PHP weiterentwickelt, so entwickelt sich auch die Art der Programmierung weiter. Die Zeiten sind vorbei, in denen PHP nur von Hobbyprogrammierern genutzt wurde. Doch mit dem Anspruch an die Projekte steigt auch der Anspruch bei der Entwicklung. Schnell wird hierbei auf eine leistungsstarke IDE wie Eclipse PDT, Zend Studio oder Netbeans zurückgegriffen. Doch wie sieht eine anspruchsvolle Entwicklung mit solch einer IDE aus? Dieser Workshop wird Ihnen am Beispiel von der IDE Eclipse PDT demonstrieren, wie solch eine Entwicklung aussehen kann. Im Detail wird Ihnen gezeigt, wie Sie mittels SVN und Subversive Ihren Code mit mehreren Leuten gemeinsam pflegen und entwickeln und wie Sie die Entwicklungsumgebung Ihren Bedürfnissen anpassen, um z.B. mittels phing eigene Build-Prozesse anstoßen zu können. Damit Sie direkt eigene Erfahrungen sammeln können, würden wir Ihnen herzlich anraten, Ihren Laptop mitzubringen. Um zeitraubenden Installationen vorzubeugen, wird Ihnen ein Ubuntu in Form einer Live-CD bereitgestellt. Teilnehmer mit bestehender Linux-Installation und entsprechenden Rechten können ihr System während des Workshops direkt für den täglichen Gebrauch einrichten.
Kicking off with Zend Expressive and Doctrine ORM (ZendCon 2016)James Titcumb
You've heard of the new Zend framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and how to integrate a third party tool like Doctrine ORM.
Php Dependency Management with Composer ZendCon 2016Clark Everetts
A deep-dive for beginners into Composer, the dependency manager for PHP. Learn how Composer helps you obtain the components your applications depend upon, installs them into your project, and controls their update to newer versions.
This is the fourteenth (and last for now) set of slides from a Perl programming course that I held some years ago.
I want to share it with everyone looking for intransitive Perl-knowledge.
A table of content for all presentations can be found at i-can.eu.
The source code for the examples and the presentations in ODP format are on https://github.com/kberov/PerlProgrammingCourse
Learn how to use Bolt in an interactive workshop with hands-on labs.
Join us for an interactive, virtual Bolt workshop on 28 April 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
Event details:
Title: Bolt Virtual Workshop
Date: Wednesday, 1 April 2020
Time: 1:00 p.m. - 3:00 p.m. EDT
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
Slides from our CodeMash 2013 Precompiler session, "Web Development with Python and Django", including a breezy introduction to the Python programming language and the Django web framework. The example code repository is available at https://github.com/finiteloopsoftware/django-precompiler/
Recent workshop on security code review given at SecTalks Melbourne. The slides contain a link to the vulnerable PHP application to perform the review.
PECL Picks - Extensions to make your life betterZendCon
One of the biggest strengths of PHP is its "glue" power. Take any C library and with a little magic and a compiler you have a fantastic extension. These extensions hide in PECL, but few people can tell the good from the unmaintained or just plain broken. Find the best extensions for your project, learn about PECL, and find out how to become a part of the PECL developer community.
Advanced Eclipse Workshop (held at IPC2010 -spring edition-)Bastian Feder
So wie sich PHP weiterentwickelt, so entwickelt sich auch die Art der Programmierung weiter. Die Zeiten sind vorbei, in denen PHP nur von Hobbyprogrammierern genutzt wurde. Doch mit dem Anspruch an die Projekte steigt auch der Anspruch bei der Entwicklung. Schnell wird hierbei auf eine leistungsstarke IDE wie Eclipse PDT, Zend Studio oder Netbeans zurückgegriffen. Doch wie sieht eine anspruchsvolle Entwicklung mit solch einer IDE aus? Dieser Workshop wird Ihnen am Beispiel von der IDE Eclipse PDT demonstrieren, wie solch eine Entwicklung aussehen kann. Im Detail wird Ihnen gezeigt, wie Sie mittels SVN und Subversive Ihren Code mit mehreren Leuten gemeinsam pflegen und entwickeln und wie Sie die Entwicklungsumgebung Ihren Bedürfnissen anpassen, um z.B. mittels phing eigene Build-Prozesse anstoßen zu können. Damit Sie direkt eigene Erfahrungen sammeln können, würden wir Ihnen herzlich anraten, Ihren Laptop mitzubringen. Um zeitraubenden Installationen vorzubeugen, wird Ihnen ein Ubuntu in Form einer Live-CD bereitgestellt. Teilnehmer mit bestehender Linux-Installation und entsprechenden Rechten können ihr System während des Workshops direkt für den täglichen Gebrauch einrichten.
Join Heather as she shares 30 Excel Tips in 30 Minutes. Here's a preview of what you'll learn in this free webinar:
• Demystify dates in calculations
• Use Conditional Formatting to answer your questions
• Easily navigate and select within Excel
• Use AutoFill to your advantage
• and 26 more great tips!
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
In this PowerPoint, learn how a security policy can be your first line of defense. Servers running AIX and other operating systems are frequent targets of cyberattacks, according to the Data Breach Investigations Report. From DoS attacks to malware, attackers have a variety of strategies at their disposal. Having a security policy in place makes it easier to ensure you have appropriate controls in place to protect mission-critical data.
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Tools and Process for Streamlining Mac DeploymentTimothy Sutton
This presentation was given at the MacSysAdmin 2016 conference in Gotebörg, Sweden. Session description follows:
Apple’s popularity and their approach to selling hardware is revolutionizing how IT gets that hardware into the hands of its users. Every year’s new Macs and OS X bring new changes, which doesn’t leave much time for the repetitive setup tasks that are involved in getting machines ready for users (or our testing!). It’s easy to fall behind on OS support, but we have no choice but to support the latest.
The Mac sysadmin community is blessed with so many great open-source tools at its disposal for deploying and managing Macs. We'll look at approaches and tools for automating these to bring speed, consistency and sanity to our deployment processes. By being more systematic, we can be more agile, and reclaim time to work on more important problems.
This session will focus on OS X hardware and tools, but the approaches discussed apply equally to iOS devices.
Python and Oracle : allies for best of data managementLaurent Leturgez
In this presentation, I described Python and how Python can Interact with Oracle database, and Oracle Cloud Infrastructure in various project : from data visualisation to data science.
PuppetConf 2016: A Tale of Two Hierarchies: Group Policy & Puppet – Matt Ston...Puppet
Here are the slides from Matt Stone's PuppetConf 2016 presentation called A Tale of Two Hierarchies: Group Policy & Puppet . Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
This presentation was given at BSides Austin '15, and is an expanded version of the "I hunt sys admins" Shmoocon firetalk. It covers various ways to hunt for users in Windows domains, including using PowerView.
There are so many hidden jewels in the inventory, we'll take a deeper look at what's in there, how it's useful, and what's not in there and how to get it in there. Learn more: http://dell.to/1GDYpr8
How we do it better than IR firms. Learn what you need to know to catch commoditized malware to advanced malware. Ask a Blue Team Ninja, Logoholic and Malware Archaeologist how we do ti.
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
4. About me
• System Analyst at a non-profit religious organization
• Founder of Michigan PowerShell User Group
• Moderator on Hey! Scripting Guys forums and judge for
Microsoft’s Scripting Games.
• Member of #misec
• Avid Gamer and huge sports fan
• Father to a future hacker (kid0) and husband to a
wonderful wife.
5. Disclaimer
• I am not an “expert”, so lets just pretend for the next
little bit that I am.
• There is a TON of sysadmin stuff in here, however it
doubles as security / blue team.
• This talk doesn’t in anyway reflect the stance of my
employer or Microsoft.
• I think I am funny and sometimes talk too fast. If you
have a problem, get over it.
8. What is PowerShell?
• In case you haven’t heard….
– It is a task automation framework, command-line shell
and a scripting language that uses and is built upon the
.NET Framework
• Installed in every Microsoft Operating System from
Windows 7 / 2008 R2 and beyond.
• Current Version is 3.0
9. Tons of support
• Integration is deep within Microsoft Product line
• Other vendors support it as well
10. What is a cmdlet?
• A cmdlet is a “lightweight command that is used in
the Windows PowerShell environment.”
• Basically it is the commands built into the
language.
• Examples:
– Get-Help
– Write-Host
– Register-ObjectEvent
11. Some basic language information
• Naming Convention
– Verb-Noun
• Get-Mailbox
• New-ADComputer
– Verbs are Defined by Microsoft (98 Total)
• Aliases Help
– Get-Childitem (ls, dir, gci)
– But, you shouldn’t use them in your scripts.
– See them all? Get-Alias
• Get-Help also “helps”
– Get-Help is your new best friend
12. Aliases for the *nix Guys
PowerShell PowerShell Alias *nix
Get-ChildItem ls, gci, dir ls
Copy-Item cp, copy cp
Get-Help man, help man
Get-Content cat, type cat
13. Get-ExecutionPolicy
• From about_execution_policies
– Windows PowerShell execution policies let you determine the
conditions under which Windows PowerShell loads
configuration files and runs scripts.
– Instead, the execution policy helps users to set basic rules
and prevents them from violating them unintentionally.
• Can set system-wide or on user basis and via Group
Policy
• Can bypass easily so this is not a security measure!!!!
14. Making Tools
• One of the best things about PowerShell.
• You can easily make tools
(functions, scripts, modules, etc…) and repackage
them and share them.
• Tons of resources on how to share and where to
share are out there.
15. Modules
• A module is a set of related Windows PowerShell
functionalities that can be dynamic or that can
persist on disk. Modules that persist on disk are
referenced, loaded, and persisted as script
modules, binary modules, or manifest modules.
Unlike snap-ins, the members of these modules
can include
cmdlets, providers, functions, variables, aliases, an
d much more.
16. Modules Cont…
• What are modules good for?
– Repackaging tools
– Sharing Scripts
• Some very cool modules out there
– PSCX
– Office 365
– NTFS Security
17. Recording your session
• PowerShell has built in logging.
• Log your commands, the output and whole kitten
kaboodle
• Start-Transcript
• Stop-Transcript
18. A few last minute notes
• Objects!
– Everything is an object unless you decide to make it text.
• Pipeline!
– Things being objects makes everything much more fun.
• Variables!
– Prefixed with $
• Special Variables!
– Some special ones including
• $_
• $true
21. File Permissions
• By far not my favorite thing to do
• A complete pain if you have to set permissions a
lot of files
• xcals and cacls.exe are nice, but we can use
PowerShell
22. File Permissions
• Built in commands for doing ACLS
– Get-ACL, Set-ACL
• However…. These cmdlets are
difficult at best to use. Actually
painful is a better word.
24. That sucks…. Kind of
• Easily put into a function. Especially if files you are
setting permissions on have the same permissions
required.
• Requires time spent in the MSDN documentation
to actually get setting permissions right.
• There is some help though. The File System
Security PowerShell Module 2.1 by Raimund
Andrée
26. Monitor File System Changes
• With a few lines of code, you can monitor to
changes in a directory.
• However, it goes away with PowerShell Session.
• Can email, write to host, log to file or event logs.
29. Show-Users
• This section will be a lot of auditing commands /
scripts / functions.
• Creating users is done everywhere.
• Lets see some info about what info we can gather
30. Local Users?
• Local Users are a pain… Lets view them all!
$computer = $env:COMPUTERNAME
$adsi = [ADSI]("WinNT://$computer,computer")
$users = $adsi.psbase.children | Where
{$_.psbase.schemaclassname -eq "User"} | Select
Name
foreach ($user in $users) {
$user.name
}
31. Local Groups?
• Local Groups are a pain… Lets view them all!
$computer = $env:COMPUTERNAME
$adsi = [ADSI]("WinNT://$computer,computer")
$groups = $adsi.psbase.children | Where
{$_.psbase.schemaclassname -eq "Group"} | Select
Name
foreach ($group in $groups) {
$group.name
}
32. Local Admins?
• Get local admins on a machine. Better yet scan all the machines!
function Get-LocalAdministrators {
param (
[string]$computer = $env:computername
)
$admins = Get-WMIObject -class win32_groupuser –computer $computer
$admins = $admins | where {$_.groupcomponent –like '*"Administrators"'}
$admins | Foreach{
$_.partcomponent –match “.+Domain=(.+),Name=(.+)$”>$nul
$matches[1].trim('"') + “” + $matches[2].trim('"')
}
}
33. Services and Users
• One of the biggest pains I find is people using
accounts for services.
• Quick way to check tons of computers using
Confirm-ServiceAccounts
Get-Content computers.txt |
Confirm-ServiceAccounts |
Select SystemName, DisplayName,
StartName
34. SIDS….
• Easily get SIDs while doing forensics.
$objUser = New-Object
System.Security.Principal.NTAccount($domain,$user)
$strSID =
$objUser.Translate([System.Security.Principal.SecurityI
dentifier])
$strSID.Value
35. Lets track some users…..
• Lets see who logged on and logged off on a
computer.
get-winevent -FilterHashTable
@{LogName='Security'; StartTime='6/27/2012
12:00:00am'; ID=@(4624,4625,4634,4647,4648)} |
select timecreated,id
36. Across the entire network.
get-winevent -FilterHashTable @{LogName='Security';
StartTime='6/27/2012 12:00:00am';
ID=@(4624,4625,4634,4647,4648)} |
select timecreated,id$eventhashtable = @{LogName='Security';
StartTime='6/27/2012 12:00:00am';
ID=@(4624,4625,4634,4647,4648)}
Get-Content computers.txt | Foreach {
Write “Retrieving logs for $_ at $(Get-Date)”
get-winevent –FilterHashTable $eventhashtable |
select timecreated,id;
}
37. User have profile on PC?
• A very rudimentary way to check to see if someone
logged on to a PC.
Get-WmiObject -Class Win32_UserProfile |
Select SID, LastUseTime, LocalPath
39. Host Files…..
• Editing hosts files is always fun.
• Merged some functions into a module that does
host file manipulation.
• REMEMBER TO RUN AS ADMINISTRATOR…..
41. Firewall fun (V3)
• You can manage the Windows Firewall using
PowerShell in Windows 7. Can do it, but takes a
little bit to get used to.
• Microsoft added Firewall Commands in Windows 8
/ Windows 2012.
• There is a new module called NetworkSecurity
42. Basic Firewall Administration
• The following command is pretty straight forward.
Allows telnet to be accessible on the local subnet.
New-NetFirewallRule -DisplayName “Allow
Inbound Telnet” -Direction Inbound -Program
%SystemRoot%System32tlntsvr.exe -
RemoteAddress LocalSubnet -Action Allow
43. Where it gets cool….
• This rule BLOCKS telnet. However, this stores the
firewall rule in a GPO so you can deploy it from the
PowerShell window.
New-NetFirewallRule -DisplayName “Block
Outbound Telnet” -Direction Outbound -Program
%SystemRoot%System32tlntsvr.exe –Protocol
TCP –LocalPort 23 -Action Block –PolicyStore
domain.contoso.comgpo_name
44. Even cooler…..
• You can manage a Windows Firewall Remotely!
• You must be admin on the remote computer. Well
hopefully you are.
• Note: A CIM session is a client-side object
representing a connection to a local or remote
computer.
$Session = New-CimSession –ComputerName Host
Remove-NetFirewallRule –DisplayName
“AllowTelnet” –CimSession $Session
46. PoshSec.com
• A project to help better utilize PowerShell in the Infosec
Space.
• Started by myself and Will Steele (@pen_test).
• Looking for guest bloggers. If you want to write an
article, let us know. team@poshsec.com
47. PowerShell Saturday in Michigan?
• I am looking to bring PowerShell Saturday to
Michigan.
• PowerShell Saturday is a day long conference on
PowerShell.
• Want to speak? Let me know. Can be anything
PowerShell related.
48. Special Thanks!
• Thank you for proofing my slides and providing
valuable feed back!
• Will (@pen_test)
• Wolfgang (@jwgoerlich)
• Scott (@sukotto_san)
• Matt (@mattifestation)
49. Contact & Downloads
• Contact:
– mwjcomputing@gmail.com
– @mwjcomputing
– http://www.mwjcomputing.com/
– http://www.michiganpowershell.com/
• Downloads related to talk
– http://www.mwjcomputing.com/resources/grrcon-2012
• Sides, Code Samples and links to scripts used in this talk.
• Note: Code isn’t completely done. I need to add help and clean
it up a tad. It does however all work. So expect updates within a
week.