Active Directory Enumeration with ChatGPT

I’ve not slept well for the last week and my brain is hurting, so I thought I would see if I can take our lovely new SKYNET overload AI “CHATGPT” and make it do all my work for me!

A common vulnerability in systems like Active Directory is where a system administrator writes a password in the description field. So the easy answer to this is DO NOT DO THIS. However during penetration testing we want to check. There’s tons of ways to do this but I thought I’d ask our AI roboto to help, so let’s see!

Guides

Testing Risky Egress Ports

Have you ever wanted to run a quick test of egress ports from userland from a windows machine?

Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.

Guides

Searching Confluence Logs with PowerShell

Work in progress post

Ok so i posted a snipped of PowerShell on LinkedIn for hunting the confluence logs using a pattern match for ${ (after we have URL decoded (twice). This is just an example of how to parse log files using PS1 so it’s clearly very basic but i wanted to give people an idea of what we do when we “GREP” the logs:

Guides

How to create a variable in PowerShell?

If you are just starting out in powershell then you are going to need to know how to do some basics right.

Firstly launch an Integrated Development Environment. Built into Windows is Powershell ISE (integrated script environment) but you can also use Visual Studio of Visual Studio code (or go crazy and write it in Notepad or Notepad++/Sublime/Your editor of choice).

So once we have our editor open we need to create a variable:

Variables in PowerShell use the dollar symbol: “$” e.g.

Defense

Modern Workspace: PowerShell OAuth Error

Create PowerShell Session is failed using OAuth

When connecting to Exchange online (there was a reason I needed to do this) I had the following error:

I did some googling that luckily someone has already posted how to fix this:

https://www.vansurksum.com/2021/03/11/create-powershell-session-is-failed-using-oauth-when-using-the-exchange-online-v2-powershell-module/

It turns out WINRM’s ability to use BASIC client authentication is disabled as part of the standard Windows 10 hardening baseline deployed via Intune.

To fix these we need to re-enable BASIC client side WINRM authentication. Read more “Modern Workspace: PowerShell OAuth Error” →

Defense

Hardening Office 365 PowerShell Access

Only admins can use PowerShell, right? Wrong! In Office 365 and Azure AD standard users can connect using PowerShell.

In this quick post we are going to look at how to disable users from being able to read other users data using the MSOL cmdlets. (this also appears to limit AzureAD cmdlets access as well)

Disable MSOL Read Access

Run the following command as a global admin: Read more “Hardening Office 365 PowerShell Access” →

Defense

Active Directory Effective Permission Auditing

Active directory permissions are a complex beast, at the core of Active Directory you have databases and partitions.

These have access controls lists, there are two types of these:

DACL
SACL

https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists

In active directory auditing these with out of the box tools can be a pain, especially when you are looking to enumerate effective permissions. Luckily a nice chap as made a great PowerShell app which can help you with your auditing activities! Read more “Active Directory Effective Permission Auditing” →