The PowerShell Conference Europe 2019 took place last week in Hannover, and I had the pleasure to attend and speak for the second year in a row. I want to thank @TobiasPSP @Alexandair @sqldbawithbeard and the @PSConfEU crew for putting up this #PowerShell feast. From a RaspberryPi to the Clouds, from PowerShell internals to a dancing Lego robot, if you have anything to do with windows, PowerShell, or a computer, there was some content made for you… Continue reading “Back from PowerShell Conference Europe…”Continue reading
Some weeks ago, I tweeted about grabbing clipboard content from KeePass with some PowerShell. From some reactions to this tweet, and after reading it a couple of times again, I realize it was sending the wrong message, and I would like to take a bit more than 280 chars to clarify what I meant when I posted that tweet…
TLDR: Password managers are a must, not using one exposes you to far more risks than using one. Do it. Continue reading “A little KeePass Mea Culpa…”Continue reading
When I recently joined the Windows Security team at ERNW, Enno asked me if I wanted to write a ‘welcome’ blogpost on a topic of my choosing… Up for the challenge, and since I had been playing with BloodHound & Cypher for the last couple of months, I first thought I would do something on that topic.
However, after gathering my thoughts and some Cypher I had collected here and there, I realized that the topic of Bloodhound Cypher might actually require several blog posts… And so I changed my mind. I will keep the joys of Cypher for later, and in this post, I will talk about a tiny tool I wrote to query the Mitre ATT&CK™ knowledge base from the comfort of a PowerShell prompt. Continue reading “PoSh_ATTCK – ATT&CK Knowledge at your PowerShell Fingertips…”Continue reading
In his talk I have the Power(View): Offensive Active Directory with PowerShell Will Schroeder, a researcher and Red teamer in Veris Group´s Adaptive Thread Division, presented offensive Active Directory information gathering technics using his Tool PowerView.
PowerView does not use the built in AD cmdlets to be independent from the Remote Server Administration Tools (RSAT)-AD PowerShell Module which is only compatible with PowerShell 3.0+ and by default only installed on servers that have Active Directory services roles. PowerView, however, is compatible with PowerShell 2.0 and has no outer dependencies. Furthermore, it does not require any installation process.Continue reading