Skip to main content

Posts

Get-ADInfo Powershell Module

With the competition season mostly over, I've been able to spend some time catching up on write-ups, classwork, and projects. I'm also able to start releasing the materials I created for my team this year. Starting with Get-ADInfo, the first (sort of) Powershell module I've created. You can find it here  https://www.powershellgallery.com/packages/Get-ADInfo/1.0.0 . Additionally, you can also find it on my GitHub . Module Information Get-ADInfo is a module that was created to help facilitate Active Directory object enumeration. I spent a lot of time last year developing security tools for Windows servers, but I hadn't really done anything neat with basic enumeration stuff. So I wanted to create some enumeration tools for our Windows people this year. Get-ADInfo was the first tool I started working on, and probably the one that turned out the best, as I was quickly overwhelmed with relearning bash and some of the more advanced Linux skills I had forgotten after focusing o
Recent posts

Vynae

Vynae is now fully released and will likely not be receiving major feature updates to the CLI version. There is a GUI that is still catching up to the CLI version, but new features are not likely to be added (never say never though). This post will go through the original idea behind Vynae, as well as the challenges and process of its development. Vynae can be found here  and is completely open source and available for anyone to use.  Origin and CLI version Vynae has a somewhat interesting history. It started as a small script that traced Parent Process IDs and pulled network information from processes. I needed a solution that was quick and dirty to help me document a CobaltStrike beacon I had found during the CCDC regional competition. Originally, Vynae looked something like this and was called PIDHUNTER, because it only found information on given processes.  After the competition, I wrote it into something a little nicer than the mess I used in the competition, and I created the ver

CCDC 2022-23 Log #1

We've recently had our first CCDC meeting for the year. A small informational for interested students. It went well, we seem to have some good candidates already popping up. It's still too early to tell if they'll stick it out, but I'm hopeful we'll have a good team this year.  I'm planning on doing semi-regular updates on our team this year, mainly covering my perspective as co-captain and as a mentor. I'm also planning on dropping some of the tools and labs I'm creating for our team and my masters capstone. The first set of labs covers active directory configuration and object management. After finishing those, I'll work on labs for Linux incident response and systems hardening. I'm lucky to be in a position where my university has allowed me to use these labs to meet the capstone requirement, so long as I allow them to use the labs in undergrad courses. I'll also be releasing and updating my CCDC toolset for Windows servers and doing some

PowerShell TCP Port scanner in one line

If you ever need a TCP port scanner that takes years to run, and you want to do it all in one line, PowerShell has you covered.  1..254 | % {if(Test-Connection 192.168.10.$_ -count 1 -quiet){foreach($x in 1..65535){if(Test-NetConnection -Port $x -ComputerName 192.168.10.$_ -InformationLevel Quiet){Write-Host "Found 192.168.10.$_`:$x"}}}} This one-liner pings every address in the specified network and if it receives a response, it then does a TCP port scan on the address. Keep in mind, it scans the address for all 65,535 ports. The addressing scheme and port ranges can change though, and if you only need to scan a network for all servers with port 80 open, it will be considerably faster. I still recommend using Nmap though. 

Remote VPS file share server

 Recently, I've *allegedly* received some documents on torrent clients on my network. Of course, I wholeheartedly respect copyright laws and do my utmost to ensure that files on my systems are 100% legal. Regardless, I thought creating an offsite file download/share server might be an exciting project.  I already had a VPS I was renting from a VPS provider, so I spun up another one with them. Relatively low specs, 4 CPUs, 4GB RAM, but it has unlimited network usage which is good for my purposes. I went with the most recent version of Ubuntu, but any OS would work with this.  To start off, I had an idea for a setup that used a management IP that I could access to download files and communicate with the torrent client, and a download IP that ran a VPN at all times and was only used for downloading files. Luckily enough, my VPS provider had options for adding extra IPv4 addresses to the server, so I bought an extra address and got that working. OpenVPN also has an option to bind to a

Vynae - process exploration in PowerShell

Vynae can be found on my GitHub . Vynae is a fleshed-out version of the original project, PidHunter. PidHunter was written for use in the Collegiate Cyber Defense Competition for tracing process IDs and gathering simple information about processes running in Windows Server environments. It started as a lightweight script that could be deployed on multiple servers and return consistent results. Mainly, it was used to detect Crowd Strike beacons after we discovered one of our servers had a beacon running on it. I wanted a way to pull up process and network information on the fly without needing to run multiple commands or tools. As such, it was hyper-specific to the situation I was in. While I originally tried to expand PidHunter to be useful in normal operations, it never really took off and was abandoned. Cue summer semester 2022 where I found I had a good amount of extra time before classes started in earnest. I needed to take a break from some other projects, and as I'm takin

Automated firewall manager for multiple windows devices

Code can be found here . For the upcoming CCDC regionals, I'll need to manage multiple different windows machines and servers. In the state competition, I had made a simple script that created some basic firewall rules mostly targetting Active Directory services. I then applied these to both the Windows server 2012 DC and the Windows server 2016 Hyper-V/Docker machine. The rules worked fine for both, especially considering that I decided to 'reduce my threat surface' by removing the net adapters from the Docker box. However, for regionals, I'll be managing multiple Active Directories, Exchange servers, and Docker at the very least.  Having a rigid script that applies the same firewall rules to every box won't work as well as it did in state, and creating a new script for each machine is too time-consuming. So I decided to create something that could detect what services and roles were installed on a given machine and then install the necessary firewall rules based o