Tuesday, November 10, 2015

Vantage Point's 5 Rules

Five Rules For Becoming A Successful Security Researcher

1. Set Realistic Goals

Be ambitious, but realistic. If you are a beginner, pick easy targets and take the time to build up your skills, or you will soon feel overwhelmed and frustrated.

2. Learn the Basic Skills You Need (But Don’t Waste Time Learning Too Much)

The most important rule: Start by learning the basics (how things work) instead of learning attack techniques first. 
To get going, you should be know at least:
  • Be able to read and understand all forms of code;
  • Understand how code gets translated and executed on a CPU;
  • Be able to write basic tools and scripts;
  • Know how operating systems work;
  • Fully understand TCP/IP networks.
The learning process never stops, so make sure to pick up new knowledge along the way.

3. Do Something New

Innovate instead of copying other’s work.

4. Don’t Give Up Easily

5 Don’t Take Things Personal

Sunday, August 9, 2015

ERP and RFP and BSIMM

If you sing it in the key of C magic happens.

ERP - https://en.wikipedia.org/wiki/Enterprise_resource_planning

RFP - https://en.wikipedia.org/wiki/Request_for_proposal
My girlfriend has been requesting a proposal for years now. (*rim shot*)

BSIMM - https://www.bsimm.com/

Powershell Commands

https://blog.netspi.com/powershell-remoting-cheatsheet/

Introduction to PowerShell Remoting

PowerShell Remoting is essentially a native Windows remote command execution feature that’s build on top of the Windows Remote Management (WinRM) protocol.  Based on my super Google results, WinRM is supported by Windows Vista with Service Pack 1 or later, Windows 7, Windows Server 2008, and Windows Server 2012.

Enabling PowerShell Remoting

Before we get started let's make sure PowerShell Remoting is all setup on your system.      
  1. In a PowerShell console running as administrator enable PowerShell Remoting.         

    This should be enough, but if you have to troubleshoot you can use the commands below
  2. Make sure the WinRM service is setup to start automatically.  
  3. Set all remote hosts to trusted. Note: You may want to unset this later.             
           

Executing Remote Commands with PowerShell Remoting

Now we can play around a little. There’s a great blog from a while back that provides a nice overview of PowerShell Remoting at http://blogs.technet.com/b/heyscriptingguy/archive/2009/10/29/hey-scripting-guy-october-29-2009.aspx. It’s definitely on my recommended reading list, but I'll expand on the examples a little.
  • Executing a Single Command on a Remote System

    The "Invoke-Command" command can be used to run commands on remote systems.  It can run as the current user or using alternative credentials from a non domain system.  Examples below.
    If the ActiveDirectory PowerShell module is installed it's possible to execute commands on many systems very quickly using the pipeline. Below is a basic example.
    Sometimes it's nice to run scripts stored locally on your system against remote systems.  Below are a few basic examples.
    Also, if your dynamically generating commands or functions being passed to remote systems you can use invoke-expression through invoke-command as shown below.
  • Establishing an Interactive PowerShell Console on a Remote System

    An interactive PowerShell console can be obtained on a remote system using the "Enter-PsSession" command.  It feels a little like SSH.  Similar to "Invoke-Command", "Enter-PsSession" can be run as the current user or using alternative credentials from a non domain system.  Examples below.
    If you want out of the PowerShell session the "Exit-PsSession" command can be used.
  • Creating Background Sessions

    There is another cool feature of PowerShell Remoting that allows users to create background sessions using the "New-PsSession" command.  Background sessions can come in handy if you want to execute multiple commands against many systems.  Similar to the other commands, the "New-PsSession" command can run as the current user or using alternative credentials from a non domain system.  Examples below.
     
    If the ActiveDirectory PowerShell module is installed it's possible to create background sessions for many systems at a time (However, this can be done in many ways).  Below is a command example showing how to create background sessions for all of the domain systems.  The example shows how to do this from a non domain system using alternative domain credentials.
  • Listing Background Sessions

    Once a few sessions have been established the "Get-PsSession" command can be used to view them.
     
  • Interacting with Background Sessions

    The first time I used this feature I felt like I was working with Metasploit sessions, but these sessions are a little more stable. Below is an example showing how to interact with an active session using the session id.
    To exit the session use the "Exit-PsSession" command. This will send the session into the background again.
  • Executing Commands through Background Sessions

    If your goal is to execute a command on all active sessions the "Invoke-Command" and "Get-PsSession" commands can be used together. Below is an example.
  • Removing Background Sessions

    Finally, to remove all of your active sessions the "Disconnect-PsSession" command can be used as shown below.

Wrap Up

Naturally PowerShell Remoting offers a lot of options for both administrators and penetration testers. Regardless of your use case I think it boils down to this:
  • Use "Invoke-Command" if you're only going to run one command against a system
  • Use "Enter-PSSession" if you want to interact with a single system
  • Use PowerShell sessions when you're going to run multiple commands on multiple systems
Hopefully this cheatsheet will be useful. Have fun and hack responsibly.

References