Archives de catégorie : Security

SID

Voici comment récupérer le SID d’un utilisateur très rapidement.

Si on regarde cette commande d’un peu plus près:

On crée un objet NT account a partir d’un nom d’utilisateur:

Et ensuite on utilise la méthode Translate qui permet de récupérer un objet Security Indentifier

On peut également trouver le nom d’un Security Principal à partir d’un SID.

Pour ceci on commence par:

Le résultat sera:

 

 

Partager ce contenu

Detecting REGIN with Powershell V3

Regin is a spyware that is making quite a bit of buzz, and Jeffrey Snover nicely gave a solution to detect it with Powershell:

Knowing that sig.txt was previously created from the MD5s from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

Issue is, this solution requires PS V4 due to

and we don’t all have it.

Here is a solution, not the best, but works with the provided MD5s and Powershell V3:

This solution is not a one liner, but hey, if you need it, means you don’t have Powershell V4 either.

PS. this solution is limited to files less than 2 gigabytes in size, and won’t be able to verify opened files.

Disclaimer: This code does not replace professional virus and spyware detection software and should be used as instructional only.

Partager ce contenu