When talking about automation, you sometimes really need to use scripts to run your tasks. This is why I started using PowerShell after the release of Exchange Server 2007. It must be a really great kind of technology if it still lives 12 years later, isn’t it? And it also needed the same time for me to join my first PowerShell Saturday – and now that I know what people to meet there, it’s still not a mistake!
PowerShell Saturday in Hannover
— Holger Voges (@HolgerVoges) October 1, 2019
To be honest, originally I didn’t notice any plans about a PowerShell Saturday at all. You know, I typically join that group as I watched their User Groups live streams.
Luckily Holger Voges, PowerShell User Group Hannover Community owner, contacted me via Twitter and we discussed the option to run a session out there in Hannover. Said and done, and so I was booked for this years PowerShell Saturday to have a “Pentesters best friend” session with PowerShell.
And they had really great sessions in Hannover. Please get some impressions from the embedded Twitter posts. For me, maybe the two most impressive sessions where about PowerShell Framework by Fred Weinmann and Package Manager by Andreas Nick.
— Marvin Bangert (@marvinbangert) October 5, 2019
Why?- because I used that before, and you always get more ideas about how and where to use the tools you think you’re familiar with when others talk about it. Addiitonal ideas. Compare your ideas with their style. And all that quick side notes you cannot generate when you’re using the tools only in a way you and your own team are already used to do it. That’s what community stands for: widen your mind!
My session: PowerShell for Pentesters (Pentesting mit PowerShell)
Main goal of my session was about awareness: you are a great script developer, so please also always feel responsible for the security impact that comes with the system your script environment plays with. Take care for your systems security. Don’t use critical components inside your script.
The second part was a Demo Session. We discussed the question how easy it is to get information out of your systems. Most PowerShell developers I know still use Windows Servers, so I focussed on something practical, which every can try by their own once they return to their base.
And , if we had PowerShell, pentesting is possible without additional tools: the script is enough. So I did a short impression of what’s possible for a Port Scanner and a Brute force attach with out-of-the-box PowerShell.To do this, I re-used Nikhil Mittals module “Nishang”. This is a tiny little proof-of-concept module – you can use to learn simple PowerShell code to start scanning and gather information. While the code seems to be a lower level, it’s all about the idea.
See for yourself and download it from https://github.com/samratashok/nishang ; let me emphasize this because Nikhil Mittals video session at the pentester academy led me to the idea, to do something similar as a talk in German language to improve awareness at my customers and at the community people around me as well. But no, that does not lead to live haking sessions!- you still need to think by yourselves.
But from my personal experience when showing customers and friends what really happens under the hood, you start thinking of security – and you start removing security pitfalls. No additional requirements needed. And that’s what it’s all about for me!
Please find my slide deck for download, here.
Credits and final
A really big thank you goes to Holger Voges as the main organizer for the event! Also a big thank you goes to Elanity and especially Kamil Kosek for providing rooms and beverage! Food sponsoring by Microsoft, but also let’s not forget the great afternoon cake & coffee break.
— Holger Voges (@HolgerVoges) October 5, 2019
Last but not least, I also want to say “Thank you!” to all the attendees for joining an event like this. You make it valuable to run such an event and a high number of attendees is always a great motivation for the speakers and organizers to run it. I want to add a Thank you especially to all of you who came back with their own ideas and inspiration about how security could be improved when running your scripts. Your comments let me improve my session.
Hope to see you all soon either in the PowerShell User Groups in Hannover and/or in Hamburg!