Security Focus: Get CVE Information for WannaCrypt

You’ve no doubt heard that the WannaCrypt ransomware is also a worm. The propagation code exploits a patched SMB vulnerability – CVE-2017-0145. How can we use PowerShell to create a Common Vulnerabilities and Exposures (CVE) report for that vulnerability?   Set-MSRCApiKey -ApiKey XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX $cvrfDoc = Get-MsrcCvrfDocument -ID 2017-Mar $Properties = @{ Vulnerability = ($cvrfDoc.Vulnerability | Where-Object…

0

Use CMD to echo a Script Block to an Encoded Command

I like quirky and odd things.  Encoded commands are nothing new, but check out this method for generating one. If you echo a script block with cmd.exe /c, in a PowerShell host, you receive an encoded command (and a couple of other populated parameters) with which to call PowerShell…   cmd /c echo {while ($true) {Write-Output ` “Now…

0

DNS Forwarders Fours Ways

I’m lucky enough to occasionally eat in nice restaurants. A lot of the time, the menu makes for interesting (and pretentious) reading. One may see things along the lines of: Deconstructed green forest gateaux Condensed cauliflower cheese cake Themes of cucumber on a medley of mangoes Wafts of autumn mushroom mist Everything-tastes-like-chicken three ways   And, so taking inspiration from…

0

Set Password of Azure Active Directory B2B User to Not Expire with PowerShell

First up, non-expiring passwords aren’t recommended… but, what if you did want to set an AAD user to have a non-expiring password? Furthermore, what if you wanted to target a B2B user?   Here’s how I get a list of my B2B users, that have a display name starting with Ian, that also have their…

0

Periodically Check PowerShell Job Status

My PowerShell profile starts a load of PowerShell jobs when I’m running as Administrator… Sometimes I need to know when those jobs have finished. Here’s a lovely little infinity loop giving me just that information.   while ($true) {Write-Output ” “; start-sleep 10; get-job; write-output ” “}   Here’s what it comes back with…  …

1

Use PowerShell to List Active Directory Extended Rights

PowerShell providers allow us to traverse various data stores we encounter, as IT professionals, as if they were file systems. There is a PSProvider that allows us to navigate the smooth seas of the Active Directory PSDrive.     Thinking about a file system, we can talk about Access Control Entries (ACEs) that make up Access Control Lists (ACLs) to govern…

0

Security Focus: User PowerShell to Obtain Microsoft Security Update Information

Want to use PowerShell to create a html report of Microsoft security updates? No problem. Read on…   Back in November 2016, the Microsoft Security Response Centre (MSRC) team announced the Security Update Guide portal. Furthering our commitment to security updates   This portal also provides a new RESTful API to obtain Microsoft security update…

0

Restart-Computer (with BitLocker Suspended)

Create a function called Restart-Computer. Use it to call the Restart-Computer cmdlet. Before you call the cmdlet, suspend bitlocker protection so you don’t get password-pestered at boot time…   function Restart-Computer { Suspend-BitLocker -MountPoint “C:” -RebootCount 1 Microsoft.PowerShell.Management\Restart-Computer }   Why does this work?   There are rules for command precedence…     These rules…

0

Fun & Frolics: Generate a 0 and 1 Screen Stream

What a ridiculous title! Believe me, the post gets even more ridiculous. Anyway, it’s a bit of fun!   I had to do the following for a conference I recently spoke at…   function ExfiltrateData { Write-Output ” ” 1..900 | % {Write-Host “$(Get-Random -Minimum 0 -Maximum 2)” -NoNewline } 1..14 | % {Write-Host “$(Get-Random…

0