I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Oct 03 2014
XEN Hypervisor Vulnerabilities
And you were wondering why Amazon had rolling reboots of EC2 recently… From the Whitepaper “FROM RING 3 TO RING0: EXPLOITING THE XEN X86 INSTRUCTION EMULATOR” (bitdefender): ABSTRACT While a VMM can provide a considerable level of security by isolation, it is generally true that by increasing the code-base that runs on a given host …
Oct 02 2014
BadUSB Overview (Presentation & Slides) & Recent Release of BadUSB Exploit Code
BadUSB – The problems with USB One of the best talks I saw at BlackHat USA 2014 was on security issues with USB that are built into the spec (i.e. can’t be changed easily). BadUSB Black Hat USA 2014 Presentation Slides BadUSB Black Hat USA 2014 Presentation Video Here are the primary reasons why USB …
Oct 02 2014
Using PowerShell to Perform a Reverse DNS Lookup in Active Directory
Typically, one would use ping -a to get the hostname for a specific IP address which performs a DNS reverse lookup. Querying AD for a computer with an IP works great for computers joined to the Active Directory domain since most computers in AD have the IP Address configured on the computer account. When the …
Oct 01 2014
Program like a Monkey – I mean an Orangutan – It’s OOK!
Learning PowerShell & Python isn’t enough… I need to learn OOK! Introduction Ook! is a programming language designed for orang-utans. Ook! is essentially isomorphic to the well-known esoteric language BrainF***, but has even fewer syntax elements. Design Principles A programming language should be writable and readable by orang-utans. To this end, the syntax should be …
Oct 01 2014
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks This is an excellent presentation and I highly recommend anyone who is an admin or who is responsible for AD security. Investigating PowerShell Attacks Ryan Kazanciyan Technical Director, Mandiant Matt Hastings Consultant, Mandiant Over the past two years, we’ve seen targeted attackers increasingly utilize PowerShell to conduct …
Oct 01 2014
ShellShock/BashBug – Bash Vulnerability Affects Linux, Unix, & Mac OSX
10/01/2014 Updates: Shellshock: Vulnerable Systems you may have missed and how to move forward VMware Begins to Patch Bash Issues Across Product Line Honeypot Snares Two Bots Exploiting Bash Vulnerability Updated (9/29/2014): PowerCLI script for checking VMWare systems.for BashBug vulnerability ShellShock webscanner Dark Reading: New BashBug vulnerabilities surface Dark Reading: Making Sense of ShellShock Chaos …
Sep 30 2014
Azure & Active Directory
Azure is big. It’s really big. Seriously, it’s hard to comprehend just how big it really is. (Apologies to Douglas Adams.) In July of last year, then-CEO Steve Ballmer stated that Azure data centers held “comfortably over a million physical servers.” Last year, Azure server purchases accounted for 17% of all server purchases worldwide. …
Sep 29 2014
Disarming EMET 5
EMET version 5 has been out for only a few months and Offensive Security has identified bypass methods: INTRODUCTION In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general …
Sep 28 2014
PowerShell: ADSI and Case Sensitivity
In developing a custom PowerShell script which leveraged ADSI, I noticed that the script wasn’t working properly. Here’s a sample block of the script which uses ADSI to get changes made to ExtensionAttribute11 as part of an Active Directory Convergence test script: 1 2 3 4 $ADSITarget = [ADSI]”LDAP://$DC” $Searcher = New-Object DirectoryServices.DirectorySearcher($ADSITarget,”(sAMAccountName=$ConvergenceObject)”) $ConvergenceObjectData = …
Sep 27 2014
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several. I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …
Recent Comments