All too often an interesting item is discovered on a system and everyone wants to know if the item exists on any other system. This could be a daunting task but this can be accomplished using PowerShell. With the location and name of the file in hand, the following can
powershell
Reducing the Attack Surface for BlueKeep
It’s been a few months since the BlueKeep vulnerability was brought to light. This discovery shouldn’t be taken lightly as it allows a malicious user to gain unauthenticated access and the ability to perform remote code execution on Windows systems. The documentation on the vulnerability depicts that the following operating
Invoke-Fail2Ban
Anyone who has a system that is accessible on the Internet has likely had their fair share of brute force attempts. Utilizing something like Fail2ban is great because it blocks those type of attacks, providing some level of security. The downfall about Fail2ban is that it was developed for *nix
Finding Services Tied to Processes
When looking at a process list, you will undoubtedly see a number of svchost processes. The overall number of them really depends on the system and what services are running. Each svchost has at least one service running within it. If you are seeking a better understanding of which service
Fileless Malware Storage: Group Policy Objects- 4 of 4
Up to this point, we’ve discussed using the Registry, Active Directory, and Event Logs for storing stagers in Windows. In our last installment of this series, we will discuss the use of Group Policy Objects to achieve the same goal. Group Policy is designed to be a hierarchal infrastructure to
Fileless Malware Storage: Event Logs– 3 of 4
Up to this point, we’ve touched on using Active Directory and the Registry to store code for later use. To add on to the topic, we can also use Event Logs. The effectiveness of this technique is based on the environment in which one looks to use it. I say
Fileless Malware Storage: Active Directory– 2 of 4
In my last post, I spoke on the use of the Registry to store malicious code to call upon at a later time. In this post, I’ll discuss using Active Directory to store code. Essentially, Active Directory is a hierarchical structure that stores information about objects on the network, particularly
Fileless Malware Storage: Registry – 1 of 4
Malware delivery methods have changed over the years and in some cases, repeated themselves. Within the last couple of years, fileless malware has become prevalent and more widely seen. How this malware is stored on disk varies. Frankly speaking, anywhere that can store data, be it hex or ascii, serves
PowerShell Cheat Sheet
I recall when I started out in PowerShell coming from Python. Some aspects of the language I was able to pick up on rather quickly while other aspects took some take. I found myself writing down notes until I was able to remember them on my own. Reminiscing on that