Security Can’t Just be “No.”

March 17, 2017

Don Jones

There’s an enormous problem inside some organizations where, whether this is just perceived or actually true, the InfoSec team “maintains” security by “just saying no to everything.”

Obviously, no business can survive if one component of itself is simply shutting down all initiatives willy-nilly. “No” isn’t a security position; it’s a death knell. And, if you work for a company where this is really, really true, you should maybe evaluate your career choices. It doesn’t make sense for good IT people to work at that kind of organization, and if the answer is always “no” anyway, they don’t actually need you. InfoSec should say, “yes – but.” Meaning, they should be taking the time to understand why something is necessary to the business, understand how it works and what its vulnerabilities are, and understand how to safely and securely introduce it to the business.

However.

Just as many IT Ops…

View original post 365 more words


Stop Looking Forward

January 12, 2017

Don Jones

I talk, and write, a lot about how important it is to think about your career. To feed your career. To keep your career foremost in your vision.

However.

There comes a time when your career is doing pretty well, and you’re comfortable resting for a moment and enjoying what it’s brought you. There may also come a time when you’ve gotten pretty far along in your career, and you start to think, “what’s next?”

Let me propose something.

View original post 369 more words


Comparing Objects using JSON in PowerShell for Pester Tests

November 3, 2016

Recently I spent the good part of a weekend putting together Pester Tests (click here if you aren’t familiar with Pester) for my LabBuilder PowerShell module- a module to build a set of Virtu…

Source: Comparing Objects using JSON in PowerShell for Pester Tests


Comparing Objects using JSON in PowerShell for Pester Tests

November 3, 2016

PowerShell, Programming and DevOps

Recently I spent the good part of a weekend putting together Pester Tests (click here if you aren’t familiar with Pester) for my LabBuilder PowerShell module- a module to build a set of Virtual Machines based on an XML configuration file. In the module I have several cmdlets that take an XML configuration file (sample below) and return an array of hash tables as well as some hash table properties containing other arrays – basically a fairly complex object structure.

A Pester Test config file for the LabBuilder module A Pester Test config file for the LabBuilder module

In the Pester Tests for these cmdlets I wanted to ensure the object that was returned exactly matched what I expected. So in the Pester Test I programmatically created an object that matched what the Pester Test should expect the output of the cmdlets would be:

What I needed to do was try and make sure the objects were the same…

View original post 569 more words


Server Uptime

October 19, 2016

Richard Siddaway's Blog

Its easy to get the last boot time of a Windows machine but how do you get the uptime

function Get-Uptime {
[CmdletBinding()]
param (
[string]$ComputerName = $env:COMPUTERNAME
)

$os = Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName $ComputerName

$uptime = (Get-Date) – $os.LastBootUpTime

$uptime

}

Use Get-CimInstance to get the Win32_OperatingSystem class. To calculate the uptime subtract the value of LastBootTime from the current time and date.

You’ll get a Timespan object returned.

PS> Get-Uptime

Days : 1
Hours : 10
Minutes : 32
Seconds : 26
Milliseconds : 838
Ticks : 1243468385381
TotalDays : 1.4391995201169
TotalHours : 34.5407884828056
TotalMinutes : 2072.44730896833
TotalSeconds : 124346.8385381
TotalMilliseconds : 124346838.5381

Pick out whichever properties you need for your report

View original post


First release of AutoRuns module

September 22, 2016

>_

You may remember the excellent PowerShell Security series from PowerShell Magazine where I presented a Get-PSAutoRun function to investigate malware persistence ala “Sysinternals autoruns”.

I’ve actually revised its content during the last Christmas holidays and transformed it as a module.

I’ve updated the launch points the original Sysinternals autoruns utility checks and tried to do my best to keep track of what new launch points were added or removed between versions:
AutoRunsHistory
You may have noticed that there’s a new category for Office plugins.
I’ve also added some code about the PoweLiks malware although I hadn’t had yet a sample to fully test my detection code:
Powelik

The code has also undergone a major “quality review” to reduce the number of warnings or issues reported by the PSScriptAnalyzer module.
Test-Code-with-Invoke-ScriptAnalyzer
As you can see, it still complains about using the Get-WmiObject cmdlet and the fact that I sometimes use an empty catch…

View original post 50 more words


First release of AutoRuns module

September 22, 2016

You may remember the excellent PowerShell Security series from PowerShell Magazine where I presented a Get-PSAutoRun function to investigate malware persistence ala “Sysinternals autorunsR…

Source: First release of AutoRuns module