Monthly Archives: September 2017

Dutch PowerShell User Group – Basics part Deux

Leave a reply

It had already been well over a year since the first iteration of the DuPSUG Basics day, but yesterday we finally had the opportunity to host our second day of basic PowerShell training. This time we were hosted at the Sogeti office in Vianen.

BEGIN END SPEAKER TITLE
09:15 10:30 Mark van de Waarsenburg Powershell basics
10:40 11:25 Erik Heeres Powershell Remoting
11:30 12:15 Jaap Brasser [MVP] Manage your infrastructure with PowerShell
13:15 14:00 Robert Prust Improving your scripts
14:00 14:45 Ralph Eckhard Powershell for Office 365 Administrators
15:20 16:05 Jeff Wouters [MVP] Tips and tricks
16:10 16:45 DuPSUG Speakers Ask us (almost) anything

The Dutch PowerShell User Group has a GitHub repository where all the demos and slides of the presenters will be gathered:

Dutch PowerShell User Group – Basics Deux

To give you an impression of the event I have included the following photos:

DuPSUG Banner
Jaap Brasser
Ralph Eckhart
DuPSUG Registration
Robert Prust
Erik Heeres

The code and the presentation has been shared on GitHub in my Events repository:
Manage your Infrastructure with PowerShell

I also shared the slides I used and my other presentations on SlideShare:

Share

Austin PowerShell Users Group – Slides and Code

Leave a reply

Last week I had the pleasure of presenting for the Austin PowerShell UG, this is a group run by Ricc Babbitt. During this session I presented the following topic:

Reach the next level with PowerShell

During this presentation I walked the audience through the process of developing a short script to gather information from a system. I pinpointed a number of steps that you can take while developing a script and how to combine the output from different sources in order to get a complete picture of what is running in your environment.

Austin PowerShell UG Flyer
On the big screen

The code has been shared on GitHub in my Events repository:

Reach the next level with PowerShell

I also shared the slides I used and my other presentations on SlideShare:


Share

Updated Events GitHub repository – Convert pptx to pdf

2 Replies

As I have been speaking at a number of events recently I also have been updating my GitHub Events repository. Usually I include a markdown file with a short description, my demos and my slides. I had been uploading my files as .pptx and I noticed that the repository edged over 100 MB. This prompted me into reconsidering this approach, I felt I needed to address the following:

  • Use the most compatible format available, presentations should be viewable on any device
  • Fonts should be correctly represented
  • File size should be minimal

In an effort to more efficiently use the space I have available and to use a more compatible format I decided to convert my presentations to .pdf.

Because I do not like doing stuff manually I decided to use PowerShell in combination with a bit of bash scripting to get my repository updated. First lets take a look what kind of data we are dealing with:

1
2

Get-ChildItem C:\git\Events -File -Filter *pptx -Recurse |
Select-Object -Property FullName

In total 29 presentations uploaded in .pptx format, if I would have to convert these by hand it would take about 30 minutes. Taking a look at what is possible with the PowerPoint.Application Com-Object took about 5 minutes and an additional 5 to put together the following script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

Get-ChildItem C:\git\Events -File -Filter *pptx -Recurse |
ForEach-Object -Begin {
    $null = Add-Type -AssemblyName Microsoft.Office.Interop.PowerPoint
    $SaveOption = [Microsoft.Office.Interop.PowerPoint.PpSaveAsFileType]::ppSaveAsPDF
    $PowerPoint = New-Object -ComObject "PowerPoint.Application"
} -Process {
    $Presentation = $PowerPoint.Presentations.Open($_.FullName)
    $PdfNewName  = $_.FullName -replace '\.pptx$','.pdf'
    $Presentation.SaveAs($PdfNewName,$SaveOption)
    $Presentation.Close()
} -End {
    $PowerPoint.Quit()
    Stop-Process -Name POWERPNT -Force
}

This script will recursively look for all .pptx files in the Events repository and the run the following code:

  • In the begin block load the PowerPoint Com-Object and the required type for storing files as .pdf
  • For each presentation, open the presentation, generate a new name and convert it to .pdf
  • Finally at the end close the PowerPoint application and afterwards using Stop-Process to close the window, note that if you had any other PowerPoint windows open they will also be closed.

Now I have both the .pdf and the .pptx stored in the folder, let’s take a look what the difference in file size is:

1
2
3
4
5
6
7
8
9

foreach ($Extension in ('pptx','pdf')) {
    Get-ChildItem C:\git\Events -File -Filter "*$Extension" -Recurse |
    Measure-Object -Property Length -Sum | ForEach-Object {
        [pscustomobject]@{
            'SizeinMB'  = [math]::Round($_.Sum/1MB,2)
            'Extension' = $Extension
        }
    }
}

A nice decrease in size and a format that is more suitable for sharing, this is looking good. After verifying that the .pdf files are looking good we can remove the .pptx files with the following code:

1
2

Get-ChildItem C:\git\Events -File -Filter *pptx -Recurse |
Remove-Item -Force

The last step is to commit everything to GitHub and make it available to everyone. I found a nice Stack Overflow thread that explained how to mass remove files:

Removing multiple files from a Git repo that have already been deleted from disk

Which left me with the following commands to run to commit everything to the repository using bash:

1
2
3
4

git ls-files --deleted -z | xargs -0 git rm 
git add *
git commit -m "Removed pesky pptx and added glorious pdf"
git push origin master

And to view the result here is what is looks like on GitHub now and the commit:

GitHub – JaapBrasser – Events – Commits

Let me know what you think, is .pdf a more useful format over .pptx to share presentations or would you rather see it the other way around?

Share

Decipher obfuscated URLs with PowerShell

4 Replies

I recently received a message on Skype from a friend I had not talked to for a while, I was happy to see it was spam. Not because it was spam, but because it was using an encoded Url. After taking a quick look at the structure I thought, this is definitely something I can decode.

To me this looked like hexadecimal code, and I quickly threw together a PowerShell one-liners to decode to decode this, note that I skip the first six character because:

1
2
3

-join [char[]](
'%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%' |
Where-Object {$_} | ForEach-Object {[Convert]::ToInt32($_,16)})

This provides us with the following output:

jaapbrasser.com

Because this is a little bit hard to read, let’s break it up into chunks:

1
2
3
4
5

$Split      = '%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%'
$Split      = $Split | Where-Object {$_}
$Integers   = $Split | ForEach-Object {[Convert]::ToInt32($_,16)})
$Characters = [char[]]$Integers
-join $Characters

So let’s go line-by-line through what the code does:

  1. Split the code on the %-character
  2. Skip the first entry, because we split on %, the first result will be empty and can cause errors later
  3. Convert the hexadecimal number to integers using the Convert type accelerator
  4. Convert the integers to Char by strong typing them to a Char array
  5. Use the join operator to turn it into a string

So now that we have this complete, we no longer have to guess where the encoded link is going to lead us. In my case, the link of my friend happened to take me a Russian website trying to get me involved in binary option trading:

For more information about percent encoding as a concept, have a look at the Wikipedia page over here:

Wikipedia – Percent-Encoding

I have created a function for to be able to perform this this conversion in the future, I made it available on GitHub, TechNet Gallery and the PowerShell Gallery:

Share

Wrapup of BSides Amsterdam 2017

Leave a reply

Last Friday I had the pleasure to speak at BSides Amsterdam, a security centered conference that hosted its first iteration in Amsterdam. I could not pass up on the opportunity to attend this event. Here is an excerpt about the BSides concept from their site at bsidesams.nl:

Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides-Approved event in Amsterdam, for the Netherlands.

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum. I have attached some pictures to give you an impression of the day at BSides Amsterdam:

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum.

At the event I spoke about using PowerShell to Automate security and specifically about how to detect malicious activity. All the code and slides are as always available in my Events GitHub repository:

Automating security with PowerShell

I also shared this slidedeck and my others on SlideShare:

Share