This post is a follow-up of sorts from my earlier posts on PowerShell, my PowerShell presentation at BSides Baltimore, and my presentation at DEF CON 24. Hopefully this post provides current information on PowerShell usage for both Blue and Red teams. Related posts: BSides Charm Presentation Posted: PowerShell Security: Defending the Enterprise from the Latest …
Tag: Windows10
Feb 11 2016
Detecting Offensive PowerShell Attack Tools
At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most …
Feb 11 2016
PowerShell Version 5 Security Enhancements
PowerShell version 5 is RTM (As of 12/18/2015). Prior to this there was a “production preview” available since August which means it was supported, but not final. With the final release of PowerShell v5 now available, I highly recommend you download PowerShell v5 and start testing to prepare for production deployment. While the PowerShell v5 …
Jan 31 2016
Microsoft EMET 5.5 Released – Benefits, New Features, Protection, Logging, & GPO Config
Microsoft recently released Enhanced Mitigation Experience Toolkit (EMET) version 5.5 (it jumped from 5.2 to 5.5) which includes Windows 10 compatibility and better GPO support (among others). I’ve included information from a variety of Microsoft sources in this post so that others don’t have to search for the data separately. The resources/references are listed at …
Aug 02 2015
DEF CON 23 (2015) Red vs Blue: Modern Active Directory Attacks & Defense Talk Detail
This week at DEF CON 23, I will be speaking about Active Directory attack & defense in my talk “Red vs Blue: Modern Active Directory Attacks & Defense”. This is the 4th iteration of this talk and includes the latest updates to attack methods and defensive strategies.This DEF CON version has a new segment I …
Jul 26 2015
Black Hat USA 2015 Red vs Blue Active Directory Attack & Defense Talk Detail
Next week at Black Hat USA 2015, I will be speaking about Active Directory attack & defense in my talk “Red vs Blue: Modern Active Directory Attacks Detection and Protection”. This is the 3rd iteration of this talk and includes the latest updates to attack methods and defensive strategies. I’m including lots of updates and …
May 08 2015
Microsoft Ignite 2015 Security Sessions
Microsoft retired several conferences this year (TechEd, MEC, MMC, etc) and merged them into a single mega-conference called Microsoft Ignite 2015. About 23,000 people (~29k including all staff and support personnel) converged on the McCormick Place Conference Center in Chicago, IL during the week of May 4th (May the Fourth be With You!). I recently …
May 07 2015
Windows 10 Microsoft Passport (aka Microsoft Next Generation Credential) In Detail
At the Microsoft Ignite conference this week, there are several sessions covering Windows 10 features. One of biggest changes in Windows 10 is the new credential management method and the related “Next Generation Credential”, now named Microsoft Passport. There hasn’t been much information on how the new credential system works, so I challenged myself to …