Monthly Archives: June 2013

PowerShell 4.0 preview available for download

Microsoft has released the Windows Management Framework 4.0 Preview. This Framework includes the latest version of PowerShell, version 4.0 and also PowerShell ISE 4.0 and other upgrades to the framework.

It is however important to note that PowerShell 4.0 is not compatible with the same range of systems as PowerShell 3.0 was. Here is the list of supported operating systems:

    • Windows 7 with Service Pack 1
    • Windows Server 2008 R2 with Service Pack 1
    • Windows Server 2012

The download, documentation and more information on the Microsoft site:


New article on PowerShell Magazine: Query MSDN from PowerShell

Recently I have been querying MSDN quite frequently to find out the details of certain Active Directory attributes and the available properties and methods on ComObjects and .Net Classes. In my quest to automate everything I created a PowerShell function that opens up a search query on the MSDN website. This function accepts different cultures as an argument of the -Culture parameter, so it is possible to get search results in the language you are comfortable in. For more information about this function have a look at the article on PowerShell Magazine:

The function is available for download in the Technet Scripting Gallery:


My day at TechEd Pre-conference

Yesterday I attended the TechEd Europe 2013 Pre-conference. I had signed up for the ‘Lessons from the Field: Useful Hacker Techniques for Administrators’ session by Hasain Alshakarti, Paula Januszkiewicz and Marcus Murray. They were quite knowledgeable on the subject matter and presented their information in an interesting way.

To give a short overview of the topics that were covered:

  • Use a vulnerable .aspx page on an IIS server in combination with several methods of escalation of privilege to compromise a Active Directory domain.
  • Managed Service Accounts as a method to harden application servers
  • Abusing Direct Memory Access used by Firewire/Thunderbolt to compromise a fully patched Windows 8 machine using the Inception tool
  • Using offline registry to compromise a machine
  • Using Aerodump to snif and hack networks
  • is a website that cracks WPA2 passwords in twenty minutes
  • Using mimikatz to grab username and password from memory
  • Using findstr.exe to grab plain text passwords / hashed passwords from virtual machine memory snapshots
  • Core Impact Professional, a hacking / administrative tool that can useful in both scenarios. Either as a emergency response tool or as a malicious tool to take control of computers.
  • Rubberducky: A usb key that acts as a keyboard which can be used to bypass UAC and other security features to quickly install malware on a sytem.
  • Volitility a memory analysis tool which can be used to gather a variety of information from a dump file. Including passwords and credential hashes

Downloads for this session are available at:



What is new in Windows 8.1

Together with Server 2012R2, Windows 8.1 has also been released. Some of the notable changes are as follows:

  • Workplace join – Useful for BYOD scenarios, to offer an alternative to domain join a personal device
  • Internet Explorer 11 – Faster and better IE
  • NFC Tap-to-Pair printing – Wonder how that will work with a desktop 😉
  • Boot to Desktop – A lot of people have been asking for this and it is here
  • Improvements to Desktop and Start Screen – Another good one for anyone using Windows 8 on a non-touch device

For the full list of changes, fixes and new features have a look at the Technet article which is available here:

What’s New in Windows 8.1


What is new in PowerShell 4.0

Now that Server 2012R2 has been released, PowerShell 4.0 has also become available. Unfortunately it is not yet available as a standalone download, older operating systems will have to wait for the Windows Management Framework to become available as an optional download.

Some notable features that are available for PowerShell 4.0 are as follows:

  • Desired State Configuration – This allows for configuration of a computer in a way that was previously not possible with PowerShell.
  • Remote debugging – In PowerShell 4.0 it is now possible to set breakpoints for PSSessions, which allows for easier debugging of scripts that are running remotely
  • Get-Process now supports User names – No more Get-WmiObject -Class Win32_Process!!
  • Several language improvements and bug fixes.

For a full list of all changes have a look a the corrosponding TechNet Article which is available here:

What’s New in Windows PowerShell

And here are the direct links to some of the sections features in this article: