I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Jun 12 2014
New APT Approaches
The Trend Micro Security Intelligence Blog has an interesting article on how hackers are using legitimate tools as part of APT attacks. In our 2013 predictions, we noted how malware would only gradually evolve without much in the way of significant change. This can be seen in the use of some (otherwise legitimate) hacking tools …
Jun 10 2014
PowerShell 101: PowerShell Guide/CheatSheet
Michael Sorens has put together a comprehensive guide to using PowerShell: This series of articles evolved out of my own notes on PowerShell as I poked and prodded it to show me more. As my collection burgeoned, I began to organize them until I had one-line recipes for most any simple PowerShell task. Simple, though, …
Jun 05 2014
Great InfoWorld Interview with Mark Russinovich on Azure and Cloud Computing
InfoWorld has a great Interview with Mark Russinovich, Microsoft Technical Fellow, on Azure and Cloud Computing. I included my favorite quotes below: Intro: Mark Russinovich is a legendary figure in the computer industry. A former teenage hacker who went on to earn a PhD in computer engineering from Carnegie Mellon, Russinovich cofounded Winternals Software — …
Jun 03 2014
PowerShell is Central to Everything Microsoft
So how important is Windows PowerShell? Well for starters, Windows PowerShell grabbed three of the top ten TechEd 2014 talks in Houston this year. PowerShell.Org printed out 3,000 DSC Resource guide books to hand out at the Scripting Guys booth, and to give out in presentations – they were gone in two days. In addition, …
Jun 02 2014
Active Directory 2012 DCPromo
Starting with Windows Server 2012, DCPromo is no longer used to promote a member server to be a Domain Controller. Since DCPromo no longer works (Microsoft calls this featured deprecated), there is a new GUI option and associated Powershell commandlets. There are major changes to the promotion process which integrate the process. This simplified process …
May 29 2014
PowerShell: Useful WMI Classes
Here are some WMI Classes I have found useful: Get-WmiObject -Class Win32_BIOS Get-WmiObject -Class Win32_ComputerSystem Get-WmiObject -Class Win32_OperatingSystem Get-WmiObject -Class Win32_NetworkAdapter Get-WmiObject -Class Win32_NetworkAdapterConfiguration Get-WmiObject -Class Win32_Product Enumerating Win32 WMI Classes: [array]$WMINames = Get-WmiObject -Query ‘Select * From Meta_Class WHERE __Class LIKE “win32%”‘ | Where-Object { $_.PSBase.Methods } | Select-Object Name, Methods $WMINames = $WMINames …
May 27 2014
PowerShell Code: Get & Set Active Directory Tombstone Lifetime and Active Directory Delete & Recycle Operations
Active Directory is a multi-master database replicated among multiple Domain Controllers. In order to ensure that objects are fully replicated before deletions are processed (purged), objects that are marked for deletion before they are completely purged from Active Directory. Active Directory marks the object as deleted by performing the following actions on the object: The …
May 22 2014
Microsoft TechEd 2014 Sessions Posted
One of the toughest parts of being in the IT field is staying up to date with technology trends, directions, and products. I have found that free-to-view online content is a great way to do this. Microsoft has TechEd sessions posted going back to 2008: 2014 2013 2012 2011 2010 2009 2008 Here are some …
May 22 2014
Virtualization Updates to Active Directory 2012
As part of the many updates to Active Directory, one of the most interesting is virtualization safeguarding in Windows Server 2012. Active Directory Domain Controllers running Windows Server 2012 can now identify if they are virtualized and have been improperly restored or cloned (copied). Windows Server 2012 introduces a new feature called the VM Generation …
May 20 2014
Microsoft BlueHat Resources
Microsoft has their own internal employee security conference called “BlueHat“. Here are session links from the past few years:
Recent Comments