It was a wonderful experience to present at the Azure Global Bootcamp in Melbourne this year. This year I spoke about possible methods or patterns for securing Azure resources. This is an extremely board topic, though I focused on App Services, Virtual Network Endpoints and ARM templates.
I have had a number of speaking opportunities over the last 2 months, and after each one, I have promised that I would post the slides up here. So, without further ado, you can find the slides for each of the following sessions:
- Melbourne Microsoft Cloud and Datacenter Meetup - Evolving your Automation with Hybrid Workers
- Readify Dev Breakfast WA - Level up to DevSecOps
- Microsoft Ignite Australia 2017 - DevSecOps in 10 minutes!
- Infrastructure Saturday 2017 – Level Up to DevSecOps & Evolving your Automation with Hybrid Workers
- CrikeyCon 2017 – Introducing DevSecOps (I will link to the video when it is available)
I want to thank all of those who attended, your interest and your questions make all of the challenging work worthwhile. I also want to thank all of the organisers, without your work there simply wouldn’t be any conference for me to present at.
My next presentation will be my Ransomware 0, Admins 1 at Experts Live Australia on the 6th of April.
Readify Dev Breakfast WA
Infrastructure Saturday 2017
I recently had the pleasure to present on Azure Automation and hybrid workers to the Melbourne Azure Group. I really want to thank all of those who attended, Chris Padgett for inviting me to present and Microsoft for the use of their facilities.
My presentation, Azure Automation invades your data centre, covered off the ins and outs of Azure Automation and extending its reach to your own data centre with hybrid workers. I also spoke about using web hooks and the Azure Automation Authoring Toolkit.
If you haven’t looked at Azure Automation or hybrid workers, I thoroughly recommend that go and take a look. There are a number of excellent resources out there for you to make a start, including:
- Azure Automaton - PluralSight: https://app.pluralsight.com/library/courses/microsoft-azure-automation/table-of-contents
- Azure Automation - Ignite Australia: https://channel9.msdn.com/Events/Ignite/Australia-2015/ARC311
- Hybrid Workers: https://azure.microsoft.com/en-us/documentation/articles/automation-hybrid-runbook-worker/#
- Web Hooks: http://blog.coretech.dk/jgs/azure-automation-using-webhooks-part-1-input-data/
- Azure Automation Authoring Toolkit: https://www.powershellgallery.com/packages/AzureAutomationAuthoringToolkit
You can find the runbooks I used in my presentation up on GitHub, https://github.com/poshsecurity/PoshSecurityAzureAutomation and you can download the slides or view them with SlideShare here.
Last night I had the opportunity to present at the first Melbourne PowerShell Meetup. I want to thank those who attended and in particular, thank David O’Brien for his work in organising such a great event, thanks also go to Versent and Level 3 for providing the food and the event space.
My presentation, Exploiting MS15-034 and working with TCP connections in PowerShell was first up for the night and extremely well received.
I have been extremely lucky to present to a wide range of audiences on the security challenges that PowerShell brings to our organisations. From security groups to architecture to infrastructure and now development focused groups.
As promised, here is the content, code and links to more information.
If you want to take a look at the "malware" script that I created, you can find that up GitHub here. The repository includes two files, an example of the Excel spreadsheet which contains a macro that would infect a system, and then the SystemInformation.ps1, which is the actual "malware" that is the basis for all of my demonstrations.
I mentioned Matt Graeber's write up on PowerWorm, and this can be found here at his site, www.exploit-monday.com. Matt has rewritten the code to be more safe, as well as provide some tools to detect and remove PowerWorm infections and this can be found on his GitHub.
Another important set of resources are the 5 part series from the Microsoft's Hey Scripting Guy.
- Use PowerShell for Network Host and Port Discovery Sweeps
- Use PowerShell to Security Test SQL Server and SharePoint
- Use PowerShell to Discover Network Information from Shares
- Use PowerShell to Duplicate Process Tokens via P/Invoke
- Use PowerShell to Decrypt LSA Secrets from the Registry
I recommend reading the final two parts, I have made use of the code from these within SystemInformation.ps1.