57 min listen
Unavailable
Currently unavailable
2019-038- Ethical dilemmas with offensive tools, powershell discussion with Lee Holmes - Part2
Currently unavailable
2019-038- Ethical dilemmas with offensive tools, powershell discussion with Lee Holmes - Part2
ratings:
Length:
53 minutes
Released:
Oct 22, 2019
Format:
Podcast episode
Description
Derbycon9 talk - PowerShell Security Looking Back from the Inside - https://www.youtube.com/watch?v=DYWPtt7qszY&list=PLNhlcxQZJSm_ZDJBksg97I5q1XsdQcyN5&index=27&t=0s Encarta - https://en.wikipedia.org/wiki/Encarta Scott Hanselman’s twitter thread about Encarta: https://twitter.com/shanselman/status/1158780839464849409 Congrats on the black badge :) I like that you bring up execution policies. That it was never created to become a security control I started alerting on it anyway at least from non-admin devices https://www.mssqltips.com/sqlservertip/2702/setting-the-powershell-execution-policy/ Want to learn Powershell? UnderTheWire wargame: https://underthewire.tech/ Jeffrey Snover “The Cultural battle to remove Windows from Windows Server”: https://www.youtube.com/watch?v=3Uvq38XOark You talk about “why would anyone want to remove powershell” as it came as a standalone download and part of the windows sdk. - I was taught when I was just getting into tech, that I should fear powershell and didn’t realize how powerful it could be as an admin because of it. Powershell slime trail <3 (powershell transparency) “You can’t force a powerful tool only to be used how you want it to be used, you can tilt the playing field on behalf of defenders” If an attacker is going to use powershell, let’s make them regret it Powershell has had quite an impact and history. My own sorry logging/alerting attempts You mentioned the amount of attacks listed in MITRE that use powershell, is that *the* recommended resource for blue teamers, are there any others? Revoke-Obfuscation white paper (blackhat2017): https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science-wp.pdf https://github.com/danielbohannon/Invoke-Obfuscation https://github.com/danielbohannon/Revoke-Obfuscation https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-now-uses-windows-powershell/ https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TROJ_POSHCODER.A Ever thought of writing a powershell security sentric book? Bill Pollock was looking for someone to write a book for NoStarch… Derbycon keynote with Lee Holmes and Jeffrey Snover - http://www.irongeek.com/i.php?page=videos/derbycon6/101-key-note-jeffrey-snover-lee-holmes AMSI - Antimalware Scan Interface: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal https://www.amazon.com/dp/B00ARN9MEK/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1 - Windows Powershell cookbook Eric conrad: https://www.ericconrad.com/2016/09/deepbluecli-powershell-module-for-hunt.html https://github.com/sans-blue-team/DeepBlueCLI Daniel Bohannon - DevSec Defense - https://www.youtube.com/watch?v=QJe8xikf-iE https://github.com/psconfeu/2018/tree/master/Daniel%20Bohannon/DevSec%20Defense Constrained language mode: https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/ Maslow’s security Hierarchy: https://www.leeholmes.com/blog/2014/12/08/maslows-hierarchy-of-security-controls/ Just Enough Administration: https://docs.microsoft.com/en-us/previous-versions//dn896648(v=technet.10)?redirectedfrom=MSDN https://github.com/infosecn1nja/AD-Attack-Defense - Also - DrawOnMyBadge.com - Super cool idea, loved the mona lisa @Lee_Holmes @hackershealth @log-md @infosecCampout @seasecEast @brakesec @bryanbrake @boettcherpwned @Infosystir @packscott @dpcybuck @megan_roddie @consultingCSO
Released:
Oct 22, 2019
Format:
Podcast episode
Titles in the series (100)
2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation: Github actions - How are these written? It looks like a marketplace format? How do they maintain code quality? What does it take setup the actions? It looks like IFTTT for DevOps? What kind of integrations does it allow for? Will it handle... by BrakeSec Education Podcast