Tag Archives: Security

PowerShell Conference and Cloud Automation

The last two weeks I had the opportunity to speak at a number of events. The PowerShell Conference Europe in Hanover and technical user groups in the UK. This post is intended to provide information about the various events and is intended to share the information in regard to the sessions.

Last week, 17-20 April, the PowerShell Conference Europe was held again. This event was once again a great success, with sessions presented by the PowerShell Team and experts from their respective fields. Enthusiasts gathered from all over the Europe, and the world, to participate in this event. There were plenty of lively interactions between attendees and speakers and the PowerShell team. All in all there was a great atmosphere of sharing and collaboration at the conference.

The location of the conference, unchanged for 3 years now, housed the 300+ attendees easily. In contrast to last year the rooms in which the sessions were held were located more conveniently so that limited the amount of walking around the venue. On the last day of the conference an German X-Factor event was being held in the same venue, so this resulted an interesting mix of people in- and around the venue.

I could not mention this years PowerShell Conference without at least mentioning the fact that #SadJoey hashtag was a trending topic at the conference. Due to an excellent picture tweeted by PowerShell team member, Steve Lee.

To give you and impression of the event I have shared some pictures of the PowerShell Conference Europe here:

I presented the following three topics, so head over to my GitHub account to grab the slides and code, as always it is stored in the Events repository:

All presentations and accompanying code can be found in the PSConfEU GitHub repository here. All sessions have been recorded and this post will be updated with the links to the videos once it becomes available.

The week following the PowerShell Conference I left for the UK to speak at various PowerShell, WinOps and Cloud Infrastructure user groups. The theme of the topics was mostly focused on Cloud Automation using Azure Functions and Microsoft Flow in combination with several other products of the Office 365 suite.

As the sessions in the UK were in the week after the PowerShell Conference, Tobias Weltner was so kind to gift two PSConfEU shirts for the user groups in the UK. The best question was rewarded with the polo with the PSConfEU logo embroidered on it. This was of course a tough call, and for the second shirt I opted for the always reliable Get-Random cmdlet.

It was impressive to see everyone turn up for the technical meetups, as all of them took place in the evenings and the Microsoft Flow workshop was held on Saturday. There are a lot of people with passion for their jobs and the technologies they work with. It was great to meet you all, thanks for your interest and the engaging discussions, both after as well as during the sessions.

The slide decks, labs and code I have used are stored into my GitHub account in the Events repository:

The big take away for me is that fueling this passion in the technical communities is important and sharing ideas is what drives this. By doing so we are able to learn from each other and improve our technical abilities. This would of course not be possible without the support of all the sponsors, and in my case my employer Rubrik, as they make it possible for me to participate and contribute to the technical communities.

I also put the slides up on SlideShare to make it easier to view and share:








Share

A week in Singapore – DevOps Days and PowerShell Conference Asia

Last week was a very busy for us over in Singapore, together with the PowerShell Conference Asia team we organized a 3-day conference in Singapore. In the same week the DevOps Days Singapore team hosted their conference and I was a speaker at this event as well.

This year marked the third year of being a part of PSConfAsia, the first two years I was a speaker there, this year I joined the PSConfAsia team and helped organize the event. We were all very pleased with the quality of content that the speakers have provided us with as well as with the attendance of the PowerShell Team. We have seen both speakers and attendees fly from far and beyond to join us and the conference and we can proudly say we made it worth their time.

DevOps Days Singapore

At DevOps Days I presented an ignite talk, a five minute speech on a single topic. Now 5 minutes for a talk is already a challenging, but the second condition was that the slides should automatically advance to the next every 15 seconds. While I have been giving short talks for a while, the challenge of timing a talk to match up with the slides.

The code has been shared on GitHub in my Events repository:
Automation – How I came to see the light

A video of the whole day of DevOps Days is also available, here is the link to the start of my Ignite session:

PowerShell Conference Asia

The PowerShell Conference Asia resumes for its 3rd year this October, bringing speakers from Asia and around the world to deliver in-depth PowerShell and DevOps sessions. Speakers include the Microsoft PowerShell Product Team from headquarters in Redmond and a strong line-up of MVPs, well-known international speakers, and community contributors.

At PSConfAsia I spoke on Automation and how to secure your environment. This is a story of how I used some low-level techniques to investigate, re mediate and patch vulnerabilities of a mixed infrastructure environment.

The code has been shared on GitHub in my Events repository:
Secure your environment by automation

I also shared the slides I used and my other presentations on SlideShare:

Share

Decipher obfuscated URLs with PowerShell

I recently received a message on Skype from a friend I had not talked to for a while, I was happy to see it was spam. Not because it was spam, but because it was using an encoded Url. After taking a quick look at the structure I thought, this is definitely something I can decode.

To me this looked like hexadecimal code, and I quickly threw together a PowerShell one-liners to decode to decode this, note that I skip the first six character because:

1
2
3
-join [char[]](
'%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%' |
Where-Object {$_} | ForEach-Object {[Convert]::ToInt32($_,16)})

This provides us with the following output:

jaapbrasser.com

Because this is a little bit hard to read, let’s break it up into chunks:

1
2
3
4
5
$Split      = '%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%'
$Split      = $Split | Where-Object {$_}
$Integers   = $Split | ForEach-Object {[Convert]::ToInt32($_,16)})
$Characters = [char[]]$Integers
-join $Characters

So let’s go line-by-line through what the code does:

  1. Split the code on the %-character
  2. Skip the first entry, because we split on %, the first result will be empty and can cause errors later
  3. Convert the hexadecimal number to integers using the Convert type accelerator
  4. Convert the integers to Char by strong typing them to a Char array
  5. Use the join operator to turn it into a string

So now that we have this complete, we no longer have to guess where the encoded link is going to lead us. In my case, the link of my friend happened to take me a Russian website trying to get me involved in binary option trading:

For more information about percent encoding as a concept, have a look at the Wikipedia page over here:

Wikipedia – Percent-Encoding

I have created a function for to be able to perform this this conversion in the future, I made it available on GitHub, TechNet Gallery and the PowerShell Gallery:

Share

Wrapup of BSides Amsterdam 2017

Last Friday I had the pleasure to speak at BSides Amsterdam, a security centered conference that hosted its first iteration in Amsterdam. I could not pass up on the opportunity to attend this event. Here is an excerpt about the BSides concept from their site at bsidesams.nl:

Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides-Approved event in Amsterdam, for the Netherlands.

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum. I have attached some pictures to give you an impression of the day at BSides Amsterdam:

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum.

At the event I spoke about using PowerShell to Automate security and specifically about how to detect malicious activity. All the code and slides are as always available in my Events GitHub repository:

Automating security with PowerShell

I also shared this slidedeck and my others on SlideShare:

Share

PowerShell and Security – Presentation at iSense

As mentioned in the previous blog post I was invited to speak at iSense to talk about PowerShell and Security. This event was fully by sponsored by iSense who provided the attendees with a great experience. Before my session I was briefly interviewed and the interview, in Dutch, will be available soon.

Security is a topic that continues to make headlines around the world and as a result, PowerShell is mentioned more often either as an method to exploit or to prevent and secure your system. In this presentation I showed how PowerShell can be configured to provide insights in what scripts and tools are running in your environment and how to secure your PowerShell endpoints using Just Enough Administration, JEA.

The audience after 90 minutes of PowerShell and Security

The audience after 90 minutes of PowerShell and Security

After the presentation I received a lot of questions about PowerShell in general and the Dutch PowerShell User Group, we will soon be holding another PowerShell User Group meeting, for more information visit the following link: 10th DuPSUG Meeting, there are at the time of writing still a few tickets available for this event on the 9th of March.

Furthermore, at the Dutch PowerShell User Group we are working on putting out some events that are a bit more beginner oriented. For anyone who is interested in learning more about PowerShell stay tuned as we have a lot of good interesting stuff in the works.

The presentation deck and the slides are as always available on GitHub:
GitHub – Jaap Brasser – Events – iSense2017

For more information I have provided an overview of all the links in this article:

PowerShell and Security @ iSense
GitHub – Slides and code
iSense
Dutch PowerShell User Group
IT Future Lab – PowerShell and Security

Share