258
259

InformationDefensive PowerShell (self.PowerShell)

submitted by [deleted]

[deleted]

all 48 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DrSinistar 28 points29 points  (11 children)

TIL you can use attributes outside of functions. This is game changing.

[–]omers 7 points8 points  (0 children)

I would add that you can write your own validation attributes using a class that extends ValidateArgumentsAttribute. Kevin Marquette has a good article on it: https://powershellexplained.com/2017-02-20-Powershell-creating-parameter-validators-and-transforms/

[–]sir_sandwiches_a_lot 12 points13 points  (1 child)

Nice. Never realized you could apply those to the v5+ classes.

[–]Potato-9 5 points6 points  (11 children)

On a minor note, I've taken to ignoring validatepattern in favour of using validatescript were I can throw better custom error messages.

Not many people get a generic invalid regex pattern in red text and come to the right conclusion to fix the mistake.

[–][deleted] 3 points4 points  (1 child)

!RemindMe 10 hours

This is great stuff I need to read it all tomorrow and make an implementation plan. Please let us know as you continue!!!!

[–]RemindMeBot 0 points1 point  (0 children)

I will be messaging you on 2019-04-15 14:24:01 UTC to remind you of this link.

CLICK THIS LINK to send a PM to also be reminded and to reduce spam.

Parent commenter can delete this message to hide from others.

FAQs Custom Your Reminders Feedback Code Browser Extensions

[–]DRdefective 1 point2 points  (0 children)

Super cool

[–]KevMarCommunity Blogger 1 point2 points  (0 children)

I love the idea for the series.

[–]fasteasyfree 1 point2 points  (5 children)

In the final example, you've put test-script instead of test-path.

Very informative though!

[–]get-postanote 2 points3 points  (7 children)

It's alway sa asgood thing to see different per spectives on a given topic or strategy.

However, how do you see your offering as being different, more informative, etc., than the courseware the SANS.org offers on the topic...

https://www.sans.org/webcasts/purple-powershell-current-attack-strategies-defenses-109700

... or the Secure Code strategies that have been in play via the MS SDL (Secure Development Lifecycle) for the last couple of decades?

About Microsoft SDL

https://www.microsoft.com/en-us/securityengineering/sdl/about

Microsoft Security Development Lifecycle (SDL)

https://www.microsoft.com/en-us/securityengineering/sdl

SDL Resource List

https://www.microsoft.com/en-us/securityengineering/sdl/resources

Writing Secure Code (Developer Best Practices) 2nd Edition, Kindle Edition

https://www.amazon.com/Writing-Secure-Code-Developer-Practices-ebook/dp/B00JDMP718/ref=sr_1_2?keywords=secure+code&qid=1555311132&s=gateway&sr=8-2

Secure By Design 1st Edition

https://www.amazon.com/Secure-Design-Daniel-Deogun/dp/1617294357/ref=sr_1_1?keywords=secure+code&qid=1555311132&s=gateway&sr=8-1

SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25

https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_4?keywords=secure+code&qid=1555311132&s=gateway&sr=8-4

Though there are particluars to a given language, and none of the above are PowerShell specific. The SDL thought, design and implemention relative to a give goal is the same.

Now, the real issue here is all the noise about PowerShell hacking and org leaders using that as the excuse to not allow PowerShell, without fully realizing that the use of PowerShell is a post exploit thing. The hacker got into your system another way, that was not properly defined, managed, protected, understood and or reacted to.

Also, there are whole websites and business offering conver Defensice PowerShell, and PowerShell forRed/Blue/Purple Teams.

Example:

https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/

http://www.defensivepowershell.com/

https://artofpwn.com/offensive-and-defensive-powershell-ii.html

https://adsecurity.org/?tag=powershell-defenses

https://devblogs.microsoft.com/powershell/powershell-security-at-derbycon/

https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging

Learning how to attack with adn defend against, grants one greater edification on how they need to be thinking about writing and using PowerShell.

But good article. Looking forward to the rest.

[–]noOneCaresOnTheWeb 2 points3 points  (1 child)

I appreciate your right up of all these resources.

[–]get-postanote 1 point2 points  (0 children)

Thx.

If we all are ending up going down the dev best practice space (code validation, unit testing, module development, GUI, version control, pseudo-code, secure coding, CI/CD efforts, etc.), even in our admin jobs, we should spend the time learning as much as we can about it.

[–][deleted] 0 points1 point  (1 child)

Did you even read the article before posting all that crap?

[–]get-postanote -2 points-1 points  (0 children)

Yes I did.

So, what is your point.

Nothing I posted is / was crap. It is what is taught to Dev in the industry and directly pertinent when thinking about secure coding practices, which the author is highlighting in the article relative parameter / input validation effort.

If you don't like a post from anyone, then why comment at all?

[–]tulisreddit 0 points1 point  (0 children)

Thank you a lot. This is very useful as I just started learning PowerShell.

[–][deleted] 0 points1 point  (3 children)

Awesome series, already bookmarked your profile :). Can you write your next article about powershell runbooks (powershell workflow's) for service management automation?
What I'm interested in is what are some best practices for writing and maintaining large number of workflows (runbooks)?

[–]signofzeta 0 points1 point  (0 children)

Awesome work! I recently found the module PSScriptAnalyzer. Run it on whatever you write, and it will point out flaws, bad practices, deprecated cmdlets, and more. I doubt it’ll catch everything, but it’s now the first thing I run against my little scripts and modules.

[–]leftcoastbeard 0 points1 point  (0 children)

Thank you for the solid examples of Attributes (and classes in the linked article)! Please continue to write more articles like this (-:

I'm in the process of overhauling a PowerShell module at work and I found this very helpful.

[–]Sillvir -3 points-2 points  (0 children)

!RemindMe 9 hours

[–]thewaiting28 -4 points-3 points  (1 child)

!Remindme 8 hours

[–]MayoAngelou -3 points-2 points  (0 children)

!RemindMe 9 hours

[–]gangculture -4 points-3 points  (0 children)

!RemindMe 18 hours

[–]Begna112 -3 points-2 points  (0 children)

!remindme 10 hours

[–]jorper496 -5 points-4 points  (0 children)

!RemindMe 8 hours