If you’ve deployed multifactor authentication (MFA) at an enterprise scale, you’ll know it can be fraught with challenges. You may need to deploy to individual departments, or perhaps take a phased approach and deploy in traches. However you end up deciding to do your MFA rollout, you will likely need to specify a target group,…
Category: InfoSec
Posts pertaining to information security
OSINT – Find Similar Images on the Web
I recently had a unique challenge present itself. A local had shared a screenshot of an image in a social media group I am in. I had the suspicion that this screenshot might have been the entrance to some local caves that I had been to previously. However, since that photo was taken, these caves…
PowerShell – Execute Scriptblock as Current User
Here’s a script I’ve put together that will retrieve the current user sessions from a remote host using psexec.exe. Then, it executes a scriptblock using the current user session context. Simple, but very powerful. I would suggest not running this in an enterprise environment if you would like to stay in your security team’s good…
Cloud – Search and Destroy Malicious Emails From End Users’ G-Suite Mailboxes
If you are using managing an enterprise, you will undoubtedly encounter malicious emails targeting your end users. Ideally, you could delete these messages from within your end users’ mailboxes. Normally, this is a premium feature, but if you have configured your G-Suite environment to use PSGSuite, it can be accomplished with some pretty basic scripting….
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
PowerShell – Get AD User’s Last Logon Time
Here’s a simple little function I put together that will accept a user’s name in First Last format, and then return their last logon time information from AD. Here is the GitHub link: https://github.com/p8nflnt/SysAdmin-Toolbox/blob/main/Get-AdUserLogonTime.ps1
PowerShell – Get Windows Host Info with PsExec
Over the past several days, I have been exploring the idea of retrieving information for diagnostic purposes from Windows hosts using PsExec of the Sysinternals suite. This is something that might make sense for a small environment, as it is clientless, and there is really no overhead besides the lightweight PsExec tool, and the ThreadJob…
PowerShell – Convert PsExec-run Cmdlet Output Strings Back to Objects, Properties, & Values
I have been experimenting with using PsExec of the Sysinternals suite to gather information from remote Windows systems for diagnostic use. I’ve found it to be a powerful tool, especially when integrated with PowerShell scripts. It is able to execute a script or command on a remote machine and return the output back to the…
Thoughts on Obfuscation of Botnet C2 Communications
This afternoon, while mountain biking, I was listening to a cybersecurity podcast about botnets. The gentleman on the episode was discussing detection of unknown botnets by looking at recurring patterns from the level of a dynamic DNS provider. A provider like this has incredible insight into web traffic on a global scale. The man described…
JavaScript – Bot Repellant – Obfuscation
For obvious reasons, it is not a good idea to have your contact information displayed in plaintext on the web. Webcrawlers and bots do exist, and will use RegEx to pick emails and phone numbers out of client-side-source like it’s a cakewalk. Now, ideally, your implementation of what I am dubbing “bot-repellant”, would include server-side…