Bash Bunny Payload: Garfield steals passwords with LaZagne
· β˜• 4 min read
The Bash Bunny is a USB attack platform developed by Hak5 a security research group. It’s aΒ device that looks like a USB memory stick, except it is a small computer running a Debian based Linux OS with a desktop class SSD and a quad core ARM processor. It can be configured to be a HID (Human Interface Device), storage device, serial device and USB based network adaptor in order to carry out automated tasks on a computer.

Elevating Permissions To Disable Windows Defender
· β˜• 2 min read
I’ve been developing a new payload for the Bash Bunny using external tools but a lot of them get flagged by Windows Defender - so I turned my attention to disabling Windows Defender and found some interesting information. I wanted to disable Windows Defender temporarily, just enough time to run the attack and then re-enable it. At most it would be disabled for a few seconds - my aim was to leave as few traces as possible.

Updating "Weird Al" Yankovic's track It's All About The Pentiums
· β˜• 7 min read
I’m a big Weird Al fan, and going through some of his work I came across ‘It’s All About The Pentiums’. If you’re not aware Weird Al Yankovic is a musician and comedian. He writes parodies of popular songs and has been for the last few decades. I thought I could update this track in particular to 2019’s technology without changing the song completely. Just for fun, also I had a lot of coffee this morning.

Bash Bunny Primer
· β˜• 7 min read
The Bash Bunny is a USB attack platform developed by Hak5 a security research group specialising in the development of network/system penetration testing tools and educational content. If you’d like to find out more information, you can find them here: Twitter | YouTube | Hak5.org The Bash Bunny is an excellent pentesting tool. It looks like a chunky USB memory stick, however it’s really a SoC running a quad-core ARM processor running a Debian based Linux OS with a desktop class SSD for storage.

Deploying A Windows 10 1909 November 2019 Update (19H2) Reference Image with MDT
· β˜• 15 min read
2019-11-12: Microsoft have confirmed on Twitter that there will be no updated ADK for Windows 10 1909, so keep using ADK 1903 with the fix as noted below. 2019-10-05: At the time of writing there is no ADK for Windows 10 1909 November 2019 Update (19H2), so I’ve tested this walkthrough using the ADK for Windows 10 1903 with the hotfix for Windows System Image Manager. I’ll keep these pages up to date when Windows 10 1909 is officially released.

Building A Windows 10 1909 November 2019 Update (19H2) Reference Image with MDT
· β˜• 11 min read
2019-11-12: Microsoft have confirmed on Twitter that there will be no updated ADK for Windows 10 1909, so keep using ADK 1903 with the fix as noted below. 2019-10-05: At the time of writing there is no ADK for Windows 10 1909 November 2019 Update (19H2), so I’ve tested this walkthrough using the ADK for Windows 10 1903 with the hotfix for Windows System Image Manager. I’ll keep these pages up to date when Windows 10 1909 is officially released.

Microsoft Teams, Webhooks and You
· β˜• 4 min read
If you use Microsoft Teams you may want to be able to send information from external services. There are many apps that can be added to teams to accomplish this but what if you have an internal system or custom script and you want it’s output to be sent to Teams? Well, there’s an app for that too. You can add the Incoming Webhook app to your Teams instance and configure where and who it should deposit information as.

Network Device Status Monitor (NDSM) Update v2.0
· β˜• 1 min read
Download it from GitHub, the MicrosoftΒ TechNet Gallery and the PowerShell Gallery. Big update to Network Device Status Monitor (NDSM) utility. Changes in 2.0: Added Microsoft Teams as an output location using a webhook. Here’s a walkthrough on how to create a webhook for your Teams instance. MS teams is limited to 10 devices. Not sure if it’s a Teams/webhook limit, or my code. Will investigate. Fixed bug where all devices are offline, a phantom device is added to the bottom of the offline list.

Quick PoSH: User Logon Auditing
· β˜• 1 min read
Here’s a quick and dirty user logon/logoff auditing script that has been helpful in educational institutions. The script is available to download from GitHub. Usage Open the Group Policy Object at the top most level of your domain(s) and add the script to the PowerShell scripts area. On log on, add the -logon parameter, and on log off add the -logoff parameter. Create a hidden share somewhere on your network, and give ‘Authenticated Users’ Full Control share and file permissions.

Managing Windows Updates with Group Policy
· β˜• 12 min read
In this post I’ll walk through how I manage and test the delivery of Windows Updates to all my clients and servers. I’ll also go through how I manage essential servers like Domain Controllers, Hyper-V hosts and I’ll touch on getting started with Cluster-Aware Updating. We’re going to group our machines into Clients and Servers, and then group each of those groups into Ring 1 and Ring 2. If you want, you can create more rings for more control, but generally I find two rings are sufficient.

App Spotlight: Windows Admin Center
· β˜• 2 min read
At the time of writing Windows Admin Center has been around for almost 18 months, in those 18 months it’s come a long way and is still being actively developed and updated. It’s a simple install, can be installed on either Windows 10 or Server 2016/2019, doesn’t require an internet connection or Azure, and will work with your existing on-prem servers. It’s also free. Windows Admin Center (WAC) is a much needed tool for modernising the management of servers in the Microsoft ecosystem.

It's time to update.
· β˜• 1 min read
As you may be able to tell I’ve updated the site design and structure to assist in finding the most relevant information. I’ve also recently updated all my PowerShell utilities to support custom subject lines in the email output, along with a few other improvements and fixes. The best place to get my most up to date utilities and see other scripts I’m working on is on my GitHub. I still update the scripts on TechNet and PowerShell Gallery, but GitHub is where I focus my work.

Windows Deployment
· β˜• 2 min read
I began deploying Windows 10 at scale with version 1607, and over the years I’ve learned a lot and developed a good and proven system for building and deploying reference images using Task Sequences and Microsoft Deployment Toolkit. Please consider supporting my work: Patreon | PayPal |Β Kofi Resources Microsoft Deployment Toolkit | Download | Current version: Build 8456 January 25th 2019 Windows Assessment and Deployment Kit | Download | Current version: 2004 Building and Deploying Windows 10 Images 21H1 May 2021 Update | Build and Capture | Deploy Reference Image 20H2 October 2020 Update (20H2) | Build and Capture | Deploy Reference Image 2004 May 2020 Update (20H1) | Build and Capture | Deploy Reference Image 1909 November 2019 Update (19H2) | Build | Deploy | In-Place Upgrade 1903 May 2019 Update (19H1) | Build | Deploy 1809 October 2018 Update | Build | Deploy 1803 April 2018 Update | Build | Deploy 1709 Fall Creators Update | Build 1703 Creators Update | Build 1607 Anniversary Update | Build | Deploy Customising Windows 10 Resurrecting Windows Photo Viewer Removing UWP apps Customising the Start Menu and Taskbar Disabling OneDrive Windows Server Deployment I’ve deployed hundreds over servers for a variety of services over the years, below are some posts I’ve written documenting the server’s I’ve had to deploy the most both professionally and running my home lab.