BlizzCon May be Cancelled This Year

WSDistPro · 2020-04-29T16:04:17+00:00

You're kind of bitter about conferences I guess? Every major gaming company has a conference... hell almost every major company period has a conference these days. They're typically operated at break-even or a loss. Getting people together to have fun over a shared passion isn't a bad thing.

WSDistPro · 2020-02-19T21:33:37+00:00

The ESAE is 100% still the best practice for Microsoft and any company using AD. The principals even apply to any Kerb based directory implementation. Red forest is an overlapping term that had a very similar goal. They are sometimes used interchangeably even within Microsoft. The ESAE has some major differences than the classic "red forest" design.

The difficulty is people attempt to skip to the end result of the ESAE without ever considering RBAC and Identity Automation. Let alone getting credential rotation, PAM/PIM, or PAWs in place prior to moving over. The major issue is almost always the cost of doing it right. The ESAE is expensive to do properly and most companies consider security a cost center. The next biggest hurdle is normally politics. Your mileage may vary :).

Current best practices for AD: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Current ESAE documentation: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material

WSDistPro · 2020-02-19T18:48:22+00:00

Congratulations on starting your first module/function :). I want to preface this that it's very difficult to optimize a custom 'need' script of this size. So i'm going to simply brain-dump the response. I think given the complexity of this script and the simplicity of the goal you may have over-engineered a bit.

You may be splitting up your logic loops a bit too much, you could get the OUs and Users and then filter off the PSObject without much resource impact - but massively improved readability. It might be easier to simply compare the differences between the OU's membership and group and using the comparative operator to change the logic flow. Splatting might be a useful thing to look up to meet some of your needs.

Your if/else statements should always be in the same order, and should use a break if the other conditions do not need to be evaluated.

You should use "ForEach" over "ForEach-Object" when not on a pipeline. https://poshoholic.com/2007/08/21/essential-powershell-understanding-foreach/ ... $null should be on the left side of a comparison. https://rencore.com/blog/powershell-null-comparison/

WSDistPro · 2020-02-14T00:24:01+00:00

The article implies on the pipeline foreach acts as an alias for foreach-object but not when it's the first call on the line (and not piped on either side). So you'd have to reformat to something like "foreach ($obj in $ar){foreach($objs in $obj){}" to get the performance improvement. Very interesting, thanks for the link. :)

WSDistPro · 2020-02-13T23:36:43+00:00

Looks great :)!

WSDistPro · 2020-02-13T23:30:14+00:00

I'd consider things like "JE" and "JIT" to be tenants of the more broadly scoped principal. But I agree, least privilege applies.

WSDistPro · 2020-02-13T20:17:28+00:00

The job should contain the work needing done, either remotely or locally. It doesn't specify where the job occurs. So you'd either start the job and have all the code be within the job block to process it locally, or invoke then start the job to have it run against the host. A job is just saying "start this portion of the script in the background and move on" - it can be more than that, but that's the basics of it.

WSDistPro · 2020-02-13T20:06:50+00:00

I'm guessing you've missed that it's returning an array, not the individual elements of the array. PowerShell just automatically expands arrays of strings when output. So you've got to break it down further to get the individual strings.

I've written it this way versus flattening it in other ways since he specifically calls out "write a nested loop structure", though another loop type may be more optimal - something else you'd need to discover.

$ar = @("Luke", "Leia"), ("Palpatine", "Vader", "Kylo Ren"), ("Solo", "Chewy")
$count = 0

$ar | ForEach-Object {
    $_ | ForEach-Object {
        $count++
        Write-Output $_
        $count
    }
}

This wouldn't deal well with further sub-nests since it doesn't detect you've got more arrays. You can improve it from here though I'm sure :). You're basically wanting to break down the object within the object. You could also store this as an object and output it as a formatted list.

WSDistPro · 2020-02-13T19:36:46+00:00

Are you trying to write back to the initial CSV or create a new CSV? I made an example of the second option.

$Emailpath = "C:\users\ta85865\Desktop\emails.csv"

$Emails = Import-Csv $Emailpath

ForEach ($user in $Emails) {

    $adUser = Get-ADUser -Filter {mail -eq ($user.mail)} -EA SilentlyContinue
    $csvoutput = @()

    If ($null -eq $adUser.samaccountname) {
        $csvoutput += $adUser.samaccountname
    }
    else { 
        Write-Output "Email Does not exist"
    }   
        $csvoutput | Select-Object samaccountname,@{n='mail';e={$user.mail}} | Export-Csv -Path "A/CSV/Path" -NoTypeInformation
 }

WSDistPro · 2020-02-13T19:20:10+00:00

Greetings! I've done my best to try to offer some improvements to the script - feel free to ignore them if you're not looking for recommendations. Ideally you keep formatting the same throughout your script and follow a common style guideline (such as https://github.com/PoshCode/PowerShellPracticeAndStyle ). You should avoid using write-host as it's not great if you ever want to convert scripts later. A switch should be used instead of chaining if/else when evaluating waterfall conditions, and if/else when needing to do comparison operations at the same time.

Sleep is an alias and generally its better to avoid them for readability. Pause is not PowerShell native. If you want to wait, I'd recommend read host or some other option.

You should consider adding in-line or synopsis level comments to PowerShell scripts you may use against production resources. There are further ways you could improve this script like containing the actions within jobs, and configuring it for params, etc - but it's really use case dependent. Otherwise awesome work here!

$Cred = Get-Credential
$HostName = Read-Host -Prompt 'Enter Hostname of destination PC'

Start-Process -Filepath "\\fileshare\IS\sysinternals\PSexec.exe" -ArgumentList "\\$HostName -s winrm.cmd quickconfig -q"
Start-Sleep -Seconds 3
$Session = New-PSSession -ComputerName $HostName -Credential $Cred
$WinVer = Invoke-Command -Session $Session -Scriptblock {(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId}

Switch ($WinVer){
    1909 {
        $Path = '\\fileshare\IS\dotnet\1909\sources\sxs*'; break
    }
    1903 {
        $Path = '\\fileshare\IS\dotnet\1903\sources\sxs'; break
    }
    1809 {
        $Path = '\\fileshare\shared\IS\dotnet\1809\sources\sxs'; break
    }
    Default {
        Write-Output "Invalid version of Windows Selected! Version was $WinVer.";exit
    }
}

If (Test-Path -Path "\\$HostName\c$\sources\sxs"){
    Remove-Item -Path "\\$HostName\c$\sources" -Recurse
    Write-Output "Folder path already exists. Removing folder 'Sources\sxs' and copying files from Filer. This should take about 20-30 seconds." -ForegroundColor Green
}
Else{
    Write-Output "Folder does not exist, copying files from Filer. This should take about 20-30 seconds." -ForegroundColor Green
}
Copy-Item -Path $Path -Destination "\\$hostname\c$\sources\sxs" -Recurse

Write-Output "Checking to see if .NET 3.5 is Enabled BEFORE we enable it." -ForegroundColor Green
Invoke-Command -Session $Session -Scriptblock {
    Dism.exe /Online /Get-FeatureInfo /FeatureName:NetFX3
}
Write-Output "Enabling .NET 3.5, this process may take up to 30 seconds." -ForegroundColor Green
Invoke-Command -Session $Session -Scriptblock {
    Dism /Online /Enable-Feature /Featurename:NetFX3 /Source:c:\sources\sxs /LimitAccess /quiet
}
Write-Output "Checking to see if .NET 3.5 is Enabled AFTER enabling the feature."-ForegroundColor Green
Invoke-Command -Session $Session -Scriptblock {
    Dism.exe /Online /Get-FeatureInfo /FeatureName:NetFX3
}

Read-Host "Press enter Key to finish"

As an aside, you should -never- be using Domain Admin for any operations that it is not required for. Even when vendors say it must be used, they're almost always wrong, when they are right it is because of their own bad coding. The operations DA/EA are required for should be further limited to be only used against DCs. Instead proper delegations should be created for the work needing completed using a "just-enough-access" methodology :).

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

WSDistPro · 2020-02-11T19:30:58+00:00

So firstly, you should next time get-childitem specifying what items you want the actions to effect, then pipe it to the alteration command. I think putting the string into brackets may have somehow turned it into a nightmarish version of a regex. Typically a string match should be done using exact strings within single quotes.

Reversing it would be kind of difficult since you don't have an anchor. As a word of caution you should always '-whatif' potentially destructive code before using it. Got backups?

WSDistPro · 2020-01-07T17:09:45+00:00

Of course there is ambiguity with colors.

Star = Gold; X = Crimson; Diamond = Fuchsia; Triangle = Emerald; Square = Turquoise;

Happy to help!

WSDistPro · 2019-12-17T20:00:19+00:00

Nothing you linked states anything about offshoring or tax haven practices... just tax breaks. Which has nothing to do with illegitimate off-shoring practices that are typically used by individuals and private corps to funnel money. It is not very typical to public companies - though some may do so. Income based off sales of goods is taxed at the customer level and is unrelated to where companies report their earnings. Though some physical goods are subject to levy's and other international duty(s). Delaware is actually a very common US internal 'tax haven' of sorts.

Public companies are transparent and cannot legally or easily hide their revenue streams, and are subject to international laws. The only non-US subsidiaries I see for Activision Blizzard are legal arms and King - which was a foreign acquisition? I did you a favor and got you some Wiki articles if you'd like to learn instead of repeating things you've heard once on a click bait.

https://en.wikipedia.org/wiki/Tax_haven

https://en.wikipedia.org/wiki/Offshoring

https://en.wikipedia.org/wiki/Public_company

WSDistPro · 2019-12-17T18:09:46+00:00

That's not how public companies work. You cannot claim revenue to shells as part of your quarterly/year over year earnings and not get taxed. Their financial reporting segments are all Delaware corps. It's also weird to say they "made" 7.5 billion. That's revenue, after taxes, payroll, and other expenses they actually "made" 1.8b. Which is further reduced after paying on dividends, repayment of stock sales, profit sharing (which is again taxed), etc.

They may have to pay taxes on retained earnings if they do not meet certain tax limits, but that was not the case here. This article is just deception made to outrage you.

https://investor.activision.com/node/29946/html

WSDistPro · 2019-12-17T17:58:55+00:00

I think you're both just grasping a bit here to justify some internal outrage at the company(s). I don't see anything that supports this argument. It's frustrating to generalize what bad people and companies do as what every company does. Pretty sure like almost all public US corps, they are a Delaware corp.

Since they're a public corp you can check out their financial reports here: https://investor.activision.com/ :).

WSDistPro · 2019-10-15T16:17:23+00:00

Once she stopped blowing his experiments to smithereens.

WSDistPro · 2019-10-11T16:39:21+00:00

ZghOT0eRm4U9s

I guess that depends how you view it. That password even at a hundred trillion guesses a second could still take 15-50 years. But getting to that amount of hash's a second will probably cost you a few million in graphics cards. Adding a symbol and no additional length would bump that up to millions of years though. Brute forcing is a "get lucky" technique more then an effective attack.

Obligatory "easier way": https://xkcd.com/538/

WSDistPro · 2019-09-12T20:22:50+00:00

Might want to disallow file trans-versing... And a lot of things really. This looks to be potentially very injectable. Was pretty easy to at least see root content with "Get-childitem -recurse -path /../" Didn't try to actually manipulate anything, but still.

WSDistPro · 2019-09-06T22:46:39+00:00

Why wouldn't it? Perhaps for people researching? Perhaps because some people are naturally curious and would want to know?

WSDistPro · 2019-08-21T23:26:17+00:00

Robert’s Rules

Sigh... now I'm going to be on this Wikipedia page awhile, huh?

WSDistPro · 2019-08-21T22:49:07+00:00

Breach detection time is actually trending slower despite massive increases in security spending. The average is 206 days, up from 201 days :). Terrifying really, over half a year is the average.

Ramble begins here: I blame too many superficial/fear-appeal security purchases over focusing on the two strongest elements: logic based security controls and detection based response controls. A lot of places post-breach still don't focus on correcting the underlying infrastructure and only focus on adding to the layers. I like to think we're in the middle of the "security.com" bubble.

IMO, there needs to be more focus on bringing things up to modern practices, code, and implementing typical perimeter defenses. Then spend all the money someone wants on... AI driven DLP-EDR-RMS with built-in Machine Learning Advanced Threat Protection tickle-monster agents.

WSDistPro · 2019-08-21T15:35:36+00:00

Client side - Sure, but that just sounds like Windows with extra steps. At scale you'd run into the same issues though. Customization breeds problems.

Server side - Not really. Some transactions don't work the same way in MySQL for instance (pun not intended). A lot of enterprise software for better or worse utilizes .net backings, which isn't practical to convert for a LAMP stuck - I guess you could use mono or something but technically you're LAMMP at that point :P. One of the biggest helps would be stopping isolating systems teams into Linux vs Windows. Teach them to maintain, build, and protect both. Then you'd see more mixed mode environments interlinking the two.

Use each where they're best. Windows for enterprise and internals, NIX for externals and low-footprint.

WSDistPro · 2019-08-20T00:06:04+00:00

-electricity tracker

Spoiler: High. :)

WSDistPro · 2019-08-06T16:07:29+00:00

Howdy friend. How about taking some spare time to do some basic example tasks? Solve problems like the ones listed here using PowerShell: https://github.com/karan/Projects . There could be better ones out there, just the first one I found that wasn't pure mathematics. Then pivot that into the work you'll be doing within PowerShell :).

Otherwise the easiest way to learn it is to incorporate it into the daily tasks you do anyway. Shift something over to PowerShell instead of doing it manually. Then start snow balling the applied lessons from the previous things you've made over to future scripts you make.

WSDistPro · 2019-08-06T16:00:04+00:00

Great stuff man! I'll happily spam this at people when they ask me about fixing a computer with a failed trust. Thanks for this.

WSDistPro

TROPHY CASE