The best way to develop the best defense is to study the offense’s methods. Here are several recent reports that detail current modern network attacks: Mandiant APT Whitepaper Microsoft Security Intelligence Report Verizon Enterprise DBIR 2014
Category: PowerShell
Nov 06 2014
How Attackers Pull the Active Directory Database (NTDS.dit) from a Domain Controller
I performed extensive research on how attackers dump AD credentials, including pulling the Active Directory database (ntds.dit) remotely. This information is covered in two newer and greatly expanded posts: How Attackers Dump Active Directory Database Credentials Attack Methods for Gaining Domain Admin Rights in Active Directory The original post data follows: How Attackers Pull …
Nov 03 2014
PowerShell Code: ADSI Convert Domain Distinguished Name to Fully Qualified Domain Name
Convert Domain Distinguished Name to Fully Qualified Domain Name: $ADObjectDN = “CN=Object1,OU=OrgUnit1,DC=child,DC=domain,DC=com” [array]$ADObjectDNArray = $ADObjectDN -Split(“,DC=”) [int]$DomainNameFECount = 0 ForEach ($ADObjectDNArrayItem in $ADObjectDNArray) { IF ($DomainNameFECount -gt 0) …
Nov 03 2014
PowerShell for Pentesters
PowerShell is extremely useful for admins. This power is also extremely useful for attackers. There are several PowerShell tools specifically for increasing access on a network: PowerSploit PowerSploit – PowerShell based pentest tool set developed by Mattifestation. PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, …
Nov 02 2014
Windows 8: Using PowerShell to Decrypt Wireless SSID Passwords with NetSH
Show the saved password for SSID named “SSID_NAME” in Windows 8. ((netsh wlan show profiles name=”SSID_NAME” key=clear | select-string “Key Content” ) -split(” Key Content : “))[1]
Oct 31 2014
PowerShell Data Types
Useful table with Powershell’s data types and descriptions: [string] Fixed-length string of Unicode characters [array] Array of values [xml] Xml object [int] 32-bit signed integer [DateTime] Date and Time [long] 64-bit signed integer [decimal] 128-bit decimal value [single] Single-precision 32-bit floating point number [double] Double-precision 64-bit floating point number [char] A Unicode 16-bit character [byte] …
Oct 21 2014
Hyper-V How to install integration services when the virtual machine is not running
From Microsoft’s Virtualization Blog, How to install integration services when the virtual machine is not running: We’ve been talking to a lot of people about deploying integration services (integration components) lately. As it turns out, they’re pretty easy to patch offline with existing Hyper-V tools. First, why would you update integration services on a not-running …
Oct 15 2014
PowerShell Function: Get-ADAuthGroups
Here’s a PowerShell Function that leverages Active Directory .Net to get a list of the AD authorization groups. This is extremely useful to get a complete list of security groups that comprise a user’s AD Kerberos token without having to loop or recurse AD groups. Function GetAuthGroups { Param ( $AccountID, [switch]$CountAuthGroups, [Switch]$ReturnGroups = …
Recent Comments