Presentation: Exploiting MS15-034 In PowerShell

Last night I had the opportunity to present at the first Melbourne PowerShell Meetup. I want to thank those who attended and in particular, thank David O’Brien for his work in organising such a great event, thanks also go to Versent and Level 3 for providing the food and the event space.

My presentation, Exploiting MS15-034 and working with TCP connections in PowerShell was first up for the night and extremely well received.

As promised, you can find the PowerPoint slides here, or up on SlideShare. You can find the code from the demonstrations up here on GitHub.

Content From Vic .Net Presentation

Last week I had the wonderful pleasure of presenting to the Victorian .Net User Group. I want to thank Mahesh, the other organizers and SportsBet for the wonderful facilities.

I have been extremely lucky to present to a wide range of audiences on the security challenges that PowerShell brings to our organisations. From security groups to architecture to infrastructure and now development focused groups.

As promised, here is the content, code and links to more information.

You can download the PowerPoint slides here, or find them on SlideShare here.

If you want to take a look at the "malware" script that I created, you can find that up GitHub here. The repository includes two files, an example of the Excel spreadsheet which contains a macro that would infect a system, and then the SystemInformation.ps1, which is the actual "malware" that is the basis for all of my demonstrations.

I mentioned Matt Graeber's write up on PowerWorm, and this can be found here at his site, www.exploit-monday.com. Matt has rewritten the code to be more safe, as well as provide some tools to detect and remove PowerWorm infections and this can be found on his GitHub.

Another important set of resources are the 5 part series from the Microsoft's Hey Scripting Guy.

I recommend reading the final two parts, I have made use of the code from these within SystemInformation.ps1.

 

Kieran

Upcoming Presentation at Victorian .Net User Group

I am excited to announce that I will be presenting PowerShell Shenanigans – Lateral Movement with PowerShell, to the Victorian .Net User Group.

This presentation will be an updated version of the one from CrikeyCon 2014, BIG and OWASP Brisbane.

Information about the session is listed below, and you can register here at Eventbrite.

PowerShell Shenanigans (Lateral Movement with PowerShell)

PowerShell, the must have tool and the long overlooked security challenge. Learn how PowerShell’s deep integration with the Microsoft platform can be utilized as a powerful attack platform within the enterprise space. Watch as a malicious actor moves from a compromised end user PC to the domain controllers and learn how we can begin to defend these types of attacks

About the Speaker

Specialising the automation of Windows Server environments, and with 10 years’ experience in the managed services and financial services sectors, Kieran Jacobson recently moved from sunny Brisbane to Melbourne to pursue a role as a Technical Lead with Readify. Kieran has always been a passionate member of the technical community, beginning as a Microsoft Student Ambassador and then as a presenter at a number of conferences including Infrastructure Saturday, CrikeyCon and Risky Business. Kieran maintains the Posh Security website, http://poshsecurity.com, with content ranging from automation, architecture, troubleshooting and software development.

Event Details

Hacking with a rubber duck

On the weekend I had the pleasure to present at CrikeyCon 2015. I want to thank everyone involved including the organizers; the other speakers; our wonderful MC, Patrick Gray from Risky Business; and of course the attendees!

This year I chose something a bit different to present on, the Hak5 Rubber Ducky. I started with two (and one failed,) demonstrations in the morning before setting up in the events area to show off some more advanced demonstrations.

As promised, I am posting up my content for everyone to make use of it.

Firstly, the PowerPoint slides can be downloaded here, or viewed on SlideShare here (and below).

I have setup a separate page on this side, Rubber Ducky, where you can find the scripts/payloads and a description with each.

There are a number of links which I found to be extremely useful.

If you have any questions, comments, or feedback please feel free to leave a comment, contact me via this site or send a message to me on Twitter.

Kieran