- Видео 18
- Просмотров 52 163
Atomic Hacking
США
Добавлен 1 янв 2019
This channel is to share knowledge and opinions on infosec-related topics. Both defense and offense as well as other technology subjects. One of the meanings of "Atomic" is the forming a single irreducible unit or component in a more extensive system. My goal in this channel is to share information that can form part of your knowledge system as it relates to infosec.
Enumerating Advanced Audit Settings
In this video, security researcher Carlos Perez demonstrates how to enumerate advanced audit policy settings in Windows environments for situational awareness. He covers two scenarios: enumerating applied audit settings on the local host and enumerating all Group Policy Objects (GPOs) with advanced audit settings enabled in Active Directory.
Carlos explains how Windows aggregates advanced audit settings from local security policies and GPOs, and where this information is stored in the registry and file system. He then walks through PowerShell scripts to enumerate audit settings for both local and domain-joined systems.
The video also showcases how to integrate this enumeration logic into of...
Carlos explains how Windows aggregates advanced audit settings from local security policies and GPOs, and where this information is stored in the registry and file system. He then walks through PowerShell scripts to enumerate audit settings for both local and domain-joined systems.
The video also showcases how to integrate this enumeration logic into of...
Просмотров: 164
Видео
Invoking Commands with Posh-SSH
Просмотров 22628 дней назад
One of the main tasks of automation leveraging SSH is the running of commands. In ths video I go over the basics on how to do that using Posh-SSH PowerShell module.
Posh-SSH Managing Known Hosts
Просмотров 3074 месяца назад
In this video I go over the cmdlets and functions on how to manage Posh-SSH known Hosts. 00:00 Intro 01:08 Listing KnowHosts 01:24 KnownHosts on Disk 02:22 Removing Trusted Host 03:23 Getting a Remote Host Fingerprint 06:17 KnownHosts in Memory 07:45 Closing
Posh-SSH Creating and Managing Sessions
Просмотров 8804 месяца назад
In this video I go over the cmdlets and functions for creating SSH Sessions,, what make up a SSHSession and how to manage them. 00:00 Intro 01:09 New-SSHSession cmdlet 02:36 Connection and Fingerprint Handling 04:30 Handling Sessions 05:16 Session Object 07:00 Authenticating with Keys 08:53 Closing
Posh-SSH 3.X Installation
Просмотров 1,2 тыс.5 месяцев назад
In this video Carlos goes over what is Posh-SSH 3.X and how to install it from the PowerShell Gallery and manually. github.com/darkoperator/Posh-SSH www.powershellgallery.com/packages/Posh-SSH/3.2.0 00:00 - Intro 00:36 - GitHub Information 01:00 - Powershell Gallery 01:14 - Installing from the Gallery 01:57 - Help Information 02:18 - Manual Installation
Parsing STIX JSON with PowerShell
Просмотров 25110 месяцев назад
In this video I show you how to quickly parse a STIX JSON file from CISA using PowerShell to get Attack Patterns and IOCs for planning a response.
Sysmon for Linux PowerShell Module - SysmonLinux.Util
Просмотров 6962 года назад
SysmonLinux.Util is a PowerShell module for working with the Syslog events generated by Microsofts Sysmon for Linux. This is a brief intro to the module and how it can be leverage for working with the logs and easier Sysmon configuration rule creation. The module source code can be found at: github.com/Sysinternals/SysmonForLinux The module can be installed from the PowerShell Gallery: www.powe...
Mimikatz as a RAT
Просмотров 1,2 тыс.2 года назад
In this video I go over on how to leverage the Mimikatz RPC module so it can be used as a Remote Access Tool. I will go from setup, issuing of command and IOCs so defenders can detect its presence in their networks.
Kerberos Pass-The-Ticket Basics
Просмотров 8 тыс.4 года назад
This is a recording of a free webcast/Training I did on the basics of the Pass-The-Ticket technique and some of the IOCs associated with it.
PowerShell Basics for Security Professionals Part 6 - Pipeline
Просмотров 1 тыс.5 лет назад
In this video, in the series, I cover how the pipeline in PowerShell works and how it decides to what parameters to bind the objects it gets.
Posh-SSH: Install and New SSH Session
Просмотров 21 тыс.5 лет назад
This video is the start of series to aid with users getting started with the Posh-SSH module for automating tasks via SSH and its protocols. The video covers the install of Posh-SSH from the PowerShell gallery and the creation of a new SSHSession. Also covered is the connection via a key file with a passphrase and how to convert keys to the proper format for use in the module. github.com/darkop...
PowerShell Basics for Security Professionals Part 5 - Get-Member Cmdlet
Просмотров 2,9 тыс.5 лет назад
This video covers the use of the Get-Member cmdlet to see the type, properties, methods and other information on a given object inside of PowerShell. This cmdlet is one of the key cmdlets in mastering PowerShell and the Pipeline inside PowerShell.
PowerShell Basics for Security Professionals Part 4 - Extending the Shell
Просмотров 9755 лет назад
In this video, we will look at extending our current PowerShell session. We will learn: * What are the cmlets and functions for managing modules. * What are the different types of modules. * Loading, unloading and getting information from modules. * Dot sourcing. * Installing modules from the PowerShell Gallery.
PowerShell Basics for Security Professionals Part 3 - Get-Command
Просмотров 1,4 тыс.5 лет назад
In this video, we are looking at the second basic command we must master. Get-Command is what I call one of the trifecta of initial command one must master. We started with GetpHelp in video 2 and now we are looking at Get-Command, the second one of the 3. On the next video, we will look at Get-Member, each cmdlet builds on the other so as to allow us to understand not only how to properly work...
Interview with Oddvar Moe - LOLBins
Просмотров 6745 лет назад
Interview with Microsoft MVP Oddvar Moe Oddvarmoe where we talk about his LOLbas project lolbas-project.github.io and about Hackcon www.hackcon.org in Oslo
PowerShell Basics for Security Professionals Part 2 - Help Subsystem
Просмотров 1,9 тыс.5 лет назад
PowerShell Basics for Security Professionals Part 2 - Help Subsystem
PowerShell Basics for Security Professionals Part 1 - Fixed audio
Просмотров 7 тыс.5 лет назад
PowerShell Basics for Security Professionals Part 1 - Fixed audio
Hi. We need to remove all 2,000 hostkeys from the Post-ssh knownhosts file. Can I just delete the hosts.json and restart our software that uses it?
Yes
I'm wondering if this can be used on an Azure runbook to take regular copies of a folder from an SSH host.
Dont use Azure but I think it could
Very nice implementation. I'm planning to use for some SFTP jobs I need to do, and having only watched your vids for a few mins, it was instantly obvious how to use this module, so thank you so much for your efforts!!!
Thanks :)
Eva Ways
I will tell you what Posh-SSH is.... AMAZING.. I use it for making bulk changes to my Network switches. I have 100 switches, and with this module. I can login, determine if it is IOS, IOS-XE, or NXOS then run the appropriate commands for the model. This has changed my SysAdmin LIFE! Thank you Carlos! This is an amazing project and the work you and the other contributors is well appreciated!
Super Helpful!
you are the best!
Thank you!
Thank you!
you are welcomed :)
Very inspiring content here, was thinking about making something on this too.
great minds think alike :)
@@atomichacking absolutely, you’re smart/bright/talented and I admire that! :) encore, more content always
@@noirth-security Thanks, have a list of more security centric videos already planned once I'm done with all the Posh-SSH videos. Should be a cool learning experience.
Thanks for those very detailed explanations !
Thankyou very much, this was helpful
Sharing this video everywhere! Thank you Carlos!
Going to have to try this out in the lab.
Very enlighting overview and good intro of the demo, minute 27:30 the screen freezes untill the end of the video, so we can't see what you are doing. could hear but hard to connect the dots of what you were saying and what you were doing
You are awesome Carlos !!
Hey Carlos, you did a really great job with this module. Let me ask you for help with a problem I am not able to handle. We're using the SSH connections to linux devices authenticated by ed25519 signed keys eg. "ssh.exe username@serverIP -i {userprofile}/.ssh/id_ed25519". The device has a public key of CA signing those ed25519 keys to evaluate the validity of the connected client. Is there a way to use your module for this type of auth? I have tried use the New-SSHSession, but no luck yet.
Sadly not, the SSH.Net project is not the most flexible when it comes to ciphers as OpenSSH is
Great introduction to PowerShell
Gran vídeo Carlos, gracias por compartirlo
Hi how can i isntall the posh ssh in windows 2012 r2 server
You weren't presenting the commands you were narrating
sadly the live stream video froze and I was not aware it did.
Great information, but next time would like for the notification sounds in the background to be muted, they are quite distracting.
Thanks for your time. Posh-ssh is amazing. But i have a problem with some remote devices, showed the error: MODO DETALHADO: Using SSH Username and Password authentication for connection. AVISO: Host key is not being verified since Force switch is used. New-SSHSession : Connection failed to establish within 10000 milliseconds. In putty the connection works normally
Marcelo Santos weird that error should only happen if there is no connection. Try the beta 1 to see if the updates in identification addresses the issue at the protocol level.
@@atomichacking Good mornig, thanks for your reply. I tried tried to use de beta version but the error is the same. When the verbose mode is ON, i can see the posh sending the user but there is no response. Putty works normaly.
another question, does posh works like pscp for download for only one file? I am trying to make fortigate config download, above is the fortigate sintaxe with pscp. pscp admin@<FortiGate_IP>:sys_config <location>
@@marcelo05111 is it the same type of device? could be an issue with Renci.SSH and those devices. I know SSH v1 is not supported and some embedded devices use that old version of SSH.
@@marcelo05111 there is get-scpitem in the module to donwload single files or folders. Github Issues is a better place for questions or problems with the module. Easier to reply there.
HELP! How can we run a ldapsearch and export the results to csv using this module?
C U use - -outputFormat csv on the ldapsearch binary on the target ? I have not used the tool so no clue if that option is on al distros
@@atomichacking not sure I'm following. Can this type of query be run using POSH-SSH: date; ldapsearch -1 -T -h HostName -p 1111 -D "uid=udump,ou=POSH,o=darknight.com" -wdumpu -b > Aliases.txt I just installed POSH yesterday and was curious to know how to run the above command
@@cu806 I would try invoke-sshcomand or create a shellstream with new-sshshellstream and then use invoke-sshstreamshellcommand. you will need to manipualate the object you get back to parse the output of the command like you want.
@@atomichacking thank you sir. Will try
@DarkOperator Thanks for creating Posh-ssh library. Is there any way to automatically accept SSH host keys-even when keys are changed-in posh-ssh? I am getting error in my script because the SFTP server host key is changed, and I don't want to use -Force parameter.
You can use the -Force parameter
This is great information, the question I have it can you show an operational example of gaining a session ticket and using it against a service with which you did not have prior privileges?
In posh-ssh whether we can execute list of command in text file. ++++++++++++++++++++++++++++++++ cat command.txt ls; uname -r; cpuinfo; df -h ++++++++++++++++++++++++++++++++ New-SSHSession -ComputerName Linux-VM -AcceptKey -Credential root Get-SSHSession Invoke-SSHCommand -Command "C:\command.txt" -SessionId 0 The above command is possible to execute ????? Could you please suggest me in what way i can invoke text file to execute list of commands
Yes!!!
Hi, I would like use New-SFTPSession with keyfile as password. I do not want the login dialog box to open. how can i write my command line? Tank for your work.
You would need to use a PSCredential object. There are multiple ways to create it since people have different takes on how to protect the cleartext password.
You can do something like this: New-SSHSession -ComputerName linux-docker -Credential $(New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'sshUsername', $( New-Object -TypeName System.Security.SecureString )) -keyfile "C:\Users\bob\Documents\ssh_rsa.key" -Verbose Though, I'm sure you figured this out sometime in the last 3 years...
Don't kill this course pretty awesome! Keep it up
Great work. Thank you for making a video about this module.
after starting a session via `New-SSHSession` is it possible to have every command thereafter sent to the remote server? i.e. the PowerShell prompt becomes the remote shell effectively. also using `Invoke-SSHCommand -Index 0 -Command "pwd"` is a bit clunky - having to specify the Index and Command seems unnecessary; it should just use the first session automatically if you omit the `Index` param. then you can shorten things to Invoke-SSHCommand <your_command>
Sadly not. For a shell Windows 10 includes ssh.exe client and it is a better interactive shell than anything I could code
Can you use posh-ssh to connect to a server with username@xx.xxx.xxx.xxx and a password?
You need to specify the info as computername and credential object
waiting for new video !!
Awesome!!
Keep it up!! Please!!
Will do :)
Awesome work!!
Awesome!
Any more videos in the near future?
David G planning on recording the Get-command one today for release and next week Get-member
Hey I know that guy 😉
Demetrios Mustakas Jr. need to plan what I will say about Sean for the next one 🤔😜
Awesome man incredible videos please do keep this going!!
Hey very good video! Just wanted to let you know that around minute 27:30 the screen freezes untill the end of the video, so we can't see what you are doing.
Tomas Avila will post the locally recorded video