For those stepping into the dynamic field of information security, staying abreast of new tools and methodologies is crucial. One such tool gaining traction, particularly for professionals working within Microsoft Azure environments, is “BlackCat.” Developed by ‘azurekid,’ BlackCat is a PowerShell module designed to help validate and enhance the security posture of Azure deployments. What Read More …
Tag: powershell
AZ 900 – Part II – Architecture & Security I
Microsoft Azure is a comprehensive cloud computing platform that provides a wide range of services, including computing power, storage, networking, databases, analytics, and more. Understanding its global infrastructure involves several key concepts: Regions and Availability Zones Regions: Azure is divided into geographic regions, which are clusters of data centers located in specific areas around the Read More …
Conference Video – Defending Against Power Shell Attacks
Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Conference Video – Invoke-Obfuscation: PowerShell obFUsk8tion
Power Shell has increasingly become the de facto standard for penetration testers and hackers alike. It enables attackers to “live off the land” by using a Microsoft-signed binary that can execute remote code entirely in memory while bypassing both A/V and application whitelisting solutions. Today’s detection techniques monitor for certain strings in powershell.exe’s command-line arguments. Read More …
powershell code – Find computers
To find a single machine and the date it last logged on Get-ADComputer -identity SRV-DB01 -Properties * | FT Name, LastLogonDate -Autosize Find all the machines Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize
Notes :: Getting around some Defenses
Trying to read up on this for some work things. Dropping a few links here. Will add more notes as I go on. —————————————————————— bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis “”” It’s worth noting that not all the functions get hijacked by AVs/EDRs. Usually only those functions that are known to be abused over and over again in the wiled that Read More …