Monthly Archives: June 2013

PowerShell 4.0 preview available for download

Microsoft has released the Windows Management Framework 4.0 Preview. This Framework includes the latest version of PowerShell, version 4.0 and also PowerShell ISE 4.0 and other upgrades to the framework.

It is however important to note that PowerShell 4.0 is not compatible with the same range of systems as PowerShell 3.0 was. Here is the list of supported operating systems:

    • Windows 7 with Service Pack 1
    • Windows Server 2008 R2 with Service Pack 1
    • Windows Server 2012

The download, documentation and more information on the Microsoft site:

http://www.microsoft.com/en-us/download/details.aspx?id=39347

New article on PowerShell Magazine: Query MSDN from PowerShell

Recently I have been querying MSDN quite frequently to find out the details of certain Active Directory attributes and the available properties and methods on ComObjects and .Net Classes. In my quest to automate everything I created a PowerShell function that opens up a search query on the MSDN website. This function accepts different cultures as an argument of the -Culture parameter, so it is possible to get search results in the language you are comfortable in. For more information about this function have a look at the article on PowerShell Magazine:

http://www.powershellmagazine.com/2013/06/26/pstip-query-msdn-from-powershell/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PowershellMagazine+%28PowerShell+Magazine%29

The function is available for download in the Technet Scripting Gallery:

http://gallery.technet.microsoft.com/Search-Msdn-a-function-eafee2bb

My day at TechEd Pre-conference

Yesterday I attended the TechEd Europe 2013 Pre-conference. I had signed up for the ‘Lessons from the Field: Useful Hacker Techniques for Administrators’ session by Hasain Alshakarti, Paula Januszkiewicz and Marcus Murray. They were quite knowledgeable on the subject matter and presented their information in an interesting way.

To give a short overview of the topics that were covered:

  • Use a vulnerable .aspx page on an IIS server in combination with several methods of escalation of privilege to compromise a Active Directory domain.
  • Managed Service Accounts as a method to harden application servers
  • Abusing Direct Memory Access used by Firewire/Thunderbolt to compromise a fully patched Windows 8 machine using the Inception tool
  • Using offline registry to compromise a machine
  • Using Aerodump to snif and hack networks
  • www.cloudcracker.com is a website that cracks WPA2 passwords in twenty minutes
  • Using mimikatz to grab username and password from memory
  • Using findstr.exe to grab plain text passwords / hashed passwords from virtual machine memory snapshots
  • Core Impact Professional, a hacking / administrative tool that can useful in both scenarios. Either as a emergency response tool or as a malicious tool to take control of computers.
  • Rubberducky: A usb key that acts as a keyboard which can be used to bypass UAC and other security features to quickly install malware on a sytem.
  • Volitility a memory analysis tool which can be used to gather a variety of information from a dump file. Including passwords and credential hashes

Downloads for this session are available at:

http://sdrv.ms/11ka1Ju
http://cqure.pl
http://truesec.com

 

What is new in Windows 8.1

Together with Server 2012R2, Windows 8.1 has also been released. Some of the notable changes are as follows:

  • Workplace join – Useful for BYOD scenarios, to offer an alternative to domain join a personal device
  • Internet Explorer 11 – Faster and better IE
  • NFC Tap-to-Pair printing – Wonder how that will work with a desktop 😉
  • Boot to Desktop – A lot of people have been asking for this and it is here
  • Improvements to Desktop and Start Screen – Another good one for anyone using Windows 8 on a non-touch device

For the full list of changes, fixes and new features have a look at the Technet article which is available here:

What’s New in Windows 8.1

What is new in PowerShell 4.0

Now that Server 2012R2 has been released, PowerShell 4.0 has also become available. Unfortunately it is not yet available as a standalone download, older operating systems will have to wait for the Windows Management Framework to become available as an optional download.

Some notable features that are available for PowerShell 4.0 are as follows:

  • Desired State Configuration – This allows for configuration of a computer in a way that was previously not possible with PowerShell.
  • Remote debugging – In PowerShell 4.0 it is now possible to set breakpoints for PSSessions, which allows for easier debugging of scripts that are running remotely
  • Get-Process now supports User names – No more Get-WmiObject -Class Win32_Process!!
  • Several language improvements and bug fixes.

For a full list of all changes have a look a the corrosponding TechNet Article which is available here:

What’s New in Windows PowerShell

And here are the direct links to some of the sections features in this article:

Convert TechEd Europe 2013 schedule to PowerShell objects

After I filled out my session slots for TechEd Europe 2013, I thought I would have some fun with the schedule. At first I thought I would rip the details from the website, until I noticed the ‘Subscribe to your entire schedule’ button on the website.

Since Outlook calendar items are neatly structured I decided that was the easiest method of converting my schedule to PowerShell. I am using the Outlook.Application ComObject to collect the information from my Outlook calendar.

Here is the code I utilized for this purpose:

Add-type -Assembly "Microsoft.Office.Interop.Outlook" | Out-Null
$Outlook = New-Object -ComObject Outlook.Application
$Namespace = $Outlook.GetNameSpace("MAPI")
$InternetCalendars = $Namespace.folders |
   Where-Object {$_.FullFolderPath -eq '\\Internet Calendars'}
$TechNetFolder = $InternetCalendars.folders |
   Where-Object {$_.FullFolderPath -match 'Teched Europe 2013'}
$TechNetFolder.Items | Sort-Object -Property Start |
   Select-Object -Property Subject,Start,End,Duration,Location,Body

Now this provides me with a neatly organized collection objects that contain the Title, Start Time, End Time, Duration and a description of the session. To find out which other properties are available on the Calendar items the Get-Member Cmdlet can be used. For example:

$TechNetFolder.Items | Get-Member

All the properties and methods that are available on these objects are now available. This provides us with a way to organize our schedule for TechEd however we see fit. Let me know what you think or if you have a nice way of utilizing this.

My TechEd Europe 2013 schedule

5270.TECHED madrid.png-550x0I have put together my schedule for TechEd 2013 and will share it in this blog post, what are your thoughts. Did I miss any good sessions here or do you have any recommendations?

Subject Start End Duration
Lessons from the Field: Useful Hacker Techniques for Administrators 24-06 09:00 24-06 17:00 480
The Cloud OS: It?s Time! 25-06 09:00 25-06 10:30 90
Transform the Datacenter with Server and Management Innovations from Microsoft 25-06 11:00 25-06 12:00 60
Big Data. Small Data. All Data. 25-06 11:00 25-06 12:00 60
Advanced Automation Using Windows PowerShell 25-06 13:30 25-06 14:45 75
Desired State Configuration in Windows Server 2012 R2 PowerShell 25-06 15:15 25-06 16:30 75
Windows PowerShell Unplugged 25-06 17:00 25-06 18:15 75
APTs: Cybercrime, Cyber Attacks, Warfare and Threats Exposed 26-06 08:30 26-06 09:45 75
Desired State Configuration with Windows Server 2012 R2 26-06 10:15 26-06 11:30 75
Infrastructure Services on Windows Azure: Virtual Machines and Virtual Networks with Mark Russinovich 26-06 10:15 26-06 11:30 75
The Inside Man: Surviving the Ultimate Cyber Threat 26-06 10:15 26-06 11:30 75
Overview of Windows Server 2012 Hyper-V 26-06 12:00 26-06 13:15 75
Practical Implementation of Windows Server 2012 Storage Technologies 26-06 14:00 26-06 14:45 45
Windows Azure Internals 26-06 15:15 26-06 16:30 75
Tuning Images for VDI Usage 26-06 15:15 26-06 16:30 75
Storage and Availability Improvements in Windows Server 2012 R2 26-06 17:00 26-06 18:15 75
Designing a Virtual Desktop Infrastructure Architecture for Scale and Performance on Window Server 2012 26-06 17:00 26-06 18:15 75
Windows is the Future 27-06 08:30 27-06 09:45 75
Microsoft Integration Vision and Roadmap 27-06 10:15 27-06 11:30 75
Pass the Hash and Other Credential Theft and Reuse: Preventing Lateral Movement and Privilege Escalation 27-06 10:15 27-06 11:30 75
Running Your Active Directory in Windows Azure Virtual Machines 27-06 10:15 27-06 11:30 75
Managing Multi-Hypervisor Environments with Microsoft System Center 2012 27-06 10:15 27-06 11:30 75
Hackers (Not) Halted (repeats on 6/27 at 5 pm) 27-06 12:00 27-06 13:15 75
Building Hosted Clouds Using Windows Server 2012 R2 27-06 12:00 27-06 13:15 75
Configuring and Tuning Windows 8 27-06 12:00 27-06 13:15 75
Deploying Windows 8 and Touch in the Enterprise 27-06 14:00 27-06 14:45 45
Automating Microsoft System Center Deployment with the PowerShell Deployment Toolkit 27-06 15:15 27-06 16:30 75
Pieces of 8: Prospecting for Windows 8 Gold 27-06 15:15 27-06 16:30 75
Integrating with Microsoft System Center 2012 and Windows PowerShell 27-06 17:00 27-06 18:15 75
Sysinternals Primer: TechEd 2013 Edition 27-06 17:00 27-06 18:15 75
What?s New in Windows 8.1 Security: Overview (repeated from 6/26 at 8:30 am) 27-06 17:00 27-06 18:15 75
Hackers (Not) Halted (repeated from 6/27 at 12:00) 27-06 17:00 27-06 18:15 75
Using Windows PowerShell Magic to Manage Microsoft Office 365 28-06 08:30 28-06 09:45 75
Adventures in Underland: What Passwords Do When No One Is Watching 28-06 08:30 28-06 09:45 75
Deep Dive on Hyper-V Network Virtualization in Windows Server 2012 R2 28-06 08:30 28-06 09:45 75
License to Kill: Malware Hunting with the Sysinternals Tools 28-06 10:15 28-06 11:30 75
Better Networking, More Net Gains: How Windows Server 2012 Can Be Your Director of Protocol(s) 28-06 12:00 28-06 13:15 75
Windows 8: Essential Security Features Every Admin Should Know About 28-06 12:00 28-06 13:15 75
Case of the Unexplained 2013: Windows Troubleshooting with Mark Russinovich 28-06 12:00 28-06 13:15 75
Windows Server 2012 Deployment and Ongoing Management: Why Server Core Is Right for You 28-06 14:45 28-06 16:00 75
Upgrading the Platform – How to Get There! Part 2: Networking Infrastructure and Management 28-06 14:45 28-06 16:00 75
What?s New in Windows 8.1 Security: Modern Access Control Deep Dive 28-06 16:30 28-06 17:45 75
Live Demonstration: Hacker Tools You Should Know and Worry About 28-06 16:30 28-06 17:45 75