I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Oct 01 2014
Program like a Monkey – I mean an Orangutan – It’s OOK!
Learning PowerShell & Python isn’t enough… I need to learn OOK! Introduction Ook! is a programming language designed for orang-utans. Ook! is essentially isomorphic to the well-known esoteric language BrainF***, but has even fewer syntax elements. Design Principles A programming language should be writable and readable by orang-utans. To this end, the syntax should be …
Oct 01 2014
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks This is an excellent presentation and I highly recommend anyone who is an admin or who is responsible for AD security. Investigating PowerShell Attacks Ryan Kazanciyan Technical Director, Mandiant Matt Hastings Consultant, Mandiant Over the past two years, we’ve seen targeted attackers increasingly utilize PowerShell to conduct …
Oct 01 2014
ShellShock/BashBug – Bash Vulnerability Affects Linux, Unix, & Mac OSX
10/01/2014 Updates: Shellshock: Vulnerable Systems you may have missed and how to move forward VMware Begins to Patch Bash Issues Across Product Line Honeypot Snares Two Bots Exploiting Bash Vulnerability Updated (9/29/2014): PowerCLI script for checking VMWare systems.for BashBug vulnerability ShellShock webscanner Dark Reading: New BashBug vulnerabilities surface Dark Reading: Making Sense of ShellShock Chaos …
Sep 30 2014
Azure & Active Directory
Azure is big. It’s really big. Seriously, it’s hard to comprehend just how big it really is. (Apologies to Douglas Adams.) In July of last year, then-CEO Steve Ballmer stated that Azure data centers held “comfortably over a million physical servers.” Last year, Azure server purchases accounted for 17% of all server purchases worldwide. …
Sep 29 2014
Disarming EMET 5
EMET version 5 has been out for only a few months and Offensive Security has identified bypass methods: INTRODUCTION In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general …
Sep 28 2014
PowerShell: ADSI and Case Sensitivity
In developing a custom PowerShell script which leveraged ADSI, I noticed that the script wasn’t working properly. Here’s a sample block of the script which uses ADSI to get changes made to ExtensionAttribute11 as part of an Active Directory Convergence test script: 1 2 3 4 $ADSITarget = [ADSI]”LDAP://$DC” $Searcher = New-Object DirectoryServices.DirectorySearcher($ADSITarget,”(sAMAccountName=$ConvergenceObject)”) $ConvergenceObjectData = …
Sep 27 2014
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several. I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …
Sep 25 2014
PowerShell Code: Find Active Directory Site Containing AD Subnet
Here’s a quick script that returns the site in the Active Directory forest given a subnet (ex. 10.20.30.0). Match-Subnet2Site.ps1 Param ( [string]$Subnet ) $IPSubnetRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0)\b’ # $IPRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b’ IF ($Subnet -match $IPSubnetRegEx) { Write-Output “Searching the AD forest for subnet: $Subnet ” } ELSE { Write-Error “The provided subnet ($Subnet) is not …
Sep 24 2014
Azure Active Directory Stats
Over 2.9 Million Organizations are using Azure Active Directory More than 10 Billion Authentications per week Azure Active Directory is spread out across 14 data centers Contains more than 240 million user accounts Organizations using Azure Active Directory across 127 countries Supports over 1400 integrated third-party apps Azure AD Statistics
Sep 24 2014
LOL! Lingering Object Liquidator for Active Directory
Microsoft released the LOL GUI tool for removing Active Directory lingering objects. Historically, removing lingering objects from AD had been a painful process. Note that LOL is not a straightforward download. Follow the following steps to download: Log on to the Microsoft Connect site (using the Sign in) link with a Microsoft account:: http://connect.microsoft.com Note: …
Recent Comments