Guides
Have you ever wanted to run a quick test of egress ports from userland from a windows machine?
Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.
Read more “Testing Risky Egress Ports”
Guides
Work in progress post
Ok so i posted a snipped of PowerShell on LinkedIn for hunting the confluence logs using a pattern match for ${ (after we have URL decoded (twice). This is just an example of how to parse log files using PS1 so it’s clearly very basic but i wanted to give people an idea of what we do when we “GREP” the logs:
Read more “Searching Confluence Logs with PowerShell”
Guides
If you are just starting out in powershell then you are going to need to know how to do some basics right.
Firstly launch an Integrated Development Environment. Built into Windows is Powershell ISE (integrated script environment) but you can also use Visual Studio of Visual Studio code (or go crazy and write it in Notepad or Notepad++/Sublime/Your editor of choice).
So once we have our editor open we need to create a variable:
Variables in PowerShell use the dollar symbol: “$” e.g.
Read more “How to create a variable in PowerShell?”
Defense
When connecting to Exchange online (there was a reason I needed to do this) I had the following error:
I did some googling that luckily someone has already posted how to fix this:
It turns out WINRM’s ability to use BASIC client authentication is disabled as part of the standard Windows 10 hardening baseline deployed via Intune.
To fix these we need to re-enable BASIC client side WINRM authentication. Read more “Modern Workspace: PowerShell OAuth Error”
Defense
Only admins can use PowerShell, right? Wrong! In Office 365 and Azure AD standard users can connect using PowerShell.
In this quick post we are going to look at how to disable users from being able to read other users data using the MSOL cmdlets. (this also appears to limit AzureAD cmdlets access as well)
Run the following command as a global admin: Read more “Hardening Office 365 PowerShell Access”
Defense
Active directory permissions are a complex beast, at the core of Active Directory you have databases and partitions.
These have access controls lists, there are two types of these:
https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
In active directory auditing these with out of the box tools can be a pain, especially when you are looking to enumerate effective permissions. Luckily a nice chap as made a great PowerShell app which can help you with your auditing activities! Read more “Active Directory Effective Permission Auditing”