Thwart your robot overlords? When man first etched a message into stone, I’m quite certain he never dreamt that one day the stone may try to read it. The surveillance and data collection within today’s information platforms would make Orwell shudder. Agentic AI is rapidly gaining traction, and it will need to “look over your…
Category: InfoSec
Posts pertaining to information security
Azure – Get Group MFA Registration Info
If you’ve deployed multifactor authentication (MFA) at an enterprise scale, you’ll know it can be fraught with challenges. You may need to deploy to individual departments, or perhaps take a phased approach and deploy in traches. However you end up deciding to do your MFA rollout, you will likely need to specify a target group,…
OSINT – Find Similar Images on the Web
I recently had a unique challenge present itself. A local had shared a screenshot of an image in a social media group I am in. I had the suspicion that this screenshot might have been the entrance to some local caves that I had been to previously. However, since that photo was taken, these caves…
PowerShell – Execute Scriptblock as Current User
Here’s a script I’ve put together that will retrieve the current user sessions from a remote host using psexec.exe. Then, it executes a scriptblock using the current user session context. Simple, but very powerful. I would suggest not running this in an enterprise environment if you would like to stay in your security team’s good…
Cloud – Search and Destroy Malicious Emails From End Users’ G-Suite Mailboxes
If you are using managing an enterprise, you will undoubtedly encounter malicious emails targeting your end users. Ideally, you could delete these messages from within your end users’ mailboxes. Normally, this is a premium feature, but if you have configured your G-Suite environment to use PSGSuite, it can be accomplished with some pretty basic scripting….
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
PowerShell – Get AD User’s Last Logon Time
Here’s a simple little function I put together that will accept a user’s name in First Last format, and then return their last logon time information from AD. Here is the GitHub link: https://github.com/p8nflnt/SysAdmin-Toolbox/blob/main/Get-AdUserLogonTime.ps1
PowerShell – Get Windows Host Info with PsExec
Over the past several days, I have been exploring the idea of retrieving information for diagnostic purposes from Windows hosts using PsExec of the Sysinternals suite. This is something that might make sense for a small environment, as it is clientless, and there is really no overhead besides the lightweight PsExec tool, and the ThreadJob…
PowerShell – Convert PsExec-run Cmdlet Output Strings Back to Objects, Properties, & Values
I have been experimenting with using PsExec of the Sysinternals suite to gather information from remote Windows systems for diagnostic use. I’ve found it to be a powerful tool, especially when integrated with PowerShell scripts. It is able to execute a script or command on a remote machine and return the output back to the…
Thoughts on Obfuscation of Botnet C2 Communications
This afternoon, while mountain biking, I was listening to a cybersecurity podcast about botnets. The gentleman on the episode was discussing detection of unknown botnets by looking at recurring patterns from the level of a dynamic DNS provider. A provider like this has incredible insight into web traffic on a global scale. The man described…