PowerShell for Fun and Profit – Paul’s Security Weekly #590

January 18, 2019



Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes.

  • Derbycon
  • Upcoming technical segments

To learn more about Black Hills Information Security, go to: https://securityweekly.com/bhis

Paul's Stories

  1. Two charged with hacking company filings out of SECs EDGAR system - Wow: According to the indictments, Radchenko, Ieremenko and others conspired to pry open the SEC’s EDGAR system, which is used by publicly traded companies to file required financial disclosures, such as annual and quarterly earnings reports. Those reports are full of information that can lead to profit for those who get their hands on them, including details about companies’ financial health, operations and earnings. Such information can and often does affect companies’ stock prices when it’s publicly disclosed.
  2. Two Code Execution Flaws Patched in Drupal | SecurityWeek.Com - One of the flaws has been described as a weakness that allows remote execution of arbitrary PHP code. The issue is related to the phar stream wrapper built into PHP and how it handles untrusted phar:// URIs. “Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability,” Drupal developers explained in an advisory. “This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.”
  3. 773M Password Megabreach is Years Old Krebs on Security - Is it illegal to sell password dumps if you did not perform the actual attacks? Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his “freshest” offering. Rather, he sort of steered me away from that archive, suggested that — unlike most of his other wares — Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.
  4. 773 million records exposed in massive data breach - Help Net Security
  5. Prices for Zero-Day Exploits Are Rising - Schneier on Security - I don't buy this from Geer, I don't trust the Government and expect they would skim exploits off the top, well, the good ones anyhow: "There is no doubt that the U.S. Government could openly corner the world vulnerability market," said Geer, "that is, we buy them all and we make them all public. Simply announce 'Show us a competing bid, and we'll give you [10 times more].' Sure, there are some who will say 'I hate Americans; I sell only to Ukrainians,' but because vulnerability finding is increasingly automation-assisted, the seller who won't sell to the Americans knows that his vulns can be rediscovered in due course by someone who will sell to the Americans who will tell everybody, thus his need to sell his product before it outdates is irresistible."
  6. Quantum-embedded chips could secure IoT - Not-so-sure this fixes the IoT security problem, Quantum Crypto fixes everything though, right? “The world's first quantum-driven secure chip (QDSC), on silicon, which, when combined with cryptographic APIs, provides highly scalable, integratable, easy-to-implement and seamless end-to-end security for any connected device,” the company claims. The chips generate large quantities of unique cryptographic keys using quantum processes, Crypto Quantique explains.
  7. The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter - This is all I have, discuss: The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter: The network no longer provides an air gap against external threats, but access devices can take up the slack.
  8. New Attacks Target Recent PHP Framework Vulnerability - Great point: One of the payloads Cashdollar has seen delivered is a Mirai variant – a development he has worried about, he says. "I had been waiting for Mirai botnet kits to include Web app code in their arsenal," he says, "and this was an indicator that it's happening." The code being executed through the PHP framework calls can skip a series of steps long considered essential for malware. "Back in the 1990s, people were always trying to get root access," Cashdollar says. "Now it doesn't matter. They just want to execute code on the system as any user so they can share malware or mine coin. They want to execute code on as many systems as possible."
  9. Microsoft Launches New Azure DevOps Bug Bounty Program - Nice to see MS supporting Devops, a little late to the party, but the technology was not mature enough until recently anyhow (and still has a ways to go): Microsoft has announced the launch of a new bug bounty program, this one aimed at Azure DevOps services and applications. The program will offer bounties of up to $20,000 for new bugs and vulnerabilities discovered in the company's Azure DevOps online services and the latest release of Azure DevOps server.

Doug's Stories

  1. Decrypted Telegram bot chatter revealed as new Windows malware

Lee's Stories

  1. 5 Popular web hosting companies easily hacked The security of your hosting provider matters right?
  2. GoDaddy disables javascript injection tracking What else is your hosting provider doing as value add, and can you manage/disable?
  3. Iowa and 5 other states trying Digital Drivers Licenses Real-time verification of traditional and electronic licenses, no need to carry physical license, but not all retailers informed, and no reciprocity outside your state.
  4. Cops told: no you can't have a warrant to force people to unlock their phones by fingerprint, face scan Warrants have to have basis and be of specific scope

Full Show Notes

Follow us on Twitter: https://www.twitter.com/securityweekly


[caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst, Black Hills Information Security.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor, Roger Williams University.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst , Lawrence Livermore National Laboratory.[/caption]








  • RSA Conference 2019 is the place to be for the latest in cybersecurity data, innovation and thought leadership. From March 4-8, San Francisco will come alive with cybersecurity's brightest minds as they gather together to discuss the industry's new
  • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals


[audio src="http://traffic.libsyn.com/sw-all/PowerShell_for_Fun_and_Profit_-_Pauls_Security_Weekly_590_converted.mp3" ]

prestitial ad