More security testing options with sec-test

image

I’ve added three more security testing options to my free script here:

https://github.com/directorcia/Office365/blob/master/sec-test.ps1

The Word document Backdoor drop will download and open a Word document that contains a macro that will itself, download an EXE file to the desktop.

The PowerShell script fileless attack if successful will open Notepad.exe on the device.

The Dump credentials using SQLDumper.exe will download the SQL utility SQLDumper.exe and use that to try and dump the credentials from the the system LSASS.EXE process.

All the tests are benign and designed to firstly, test your environment again common breach techniques and secondly, to generate alerts in your environment to ensure your protection is correctly configured.

It is getting hard for me to determine all the outcomes of these tests, so I’d love to hear any feedback you have on your own results so I can improve the script. Also, if you have any suggestions for what tests you’d like to see included please let me know.

CIAOPS Tech Dojo–January 2022

pexels-pixabay-46253

In next month’s Tech Dojo, since it is still the holiday season, we take a look at doing a Crypto 101 session. You’ll learn about coins, storage, NFTs, smart contracts and more. All for information and not investment advice. Come learn about the exciting world of blockchain.

Costs:

Non CIAOPS Patrons = AU$99 inc GST

Date:

Wednesday January 12th 0930 – 1100 Sydney AU time

If you are interested in attending please complete the expression of interest here:

https://bit.ly/ciapatrondojo

and you’ll be sent more details of the event.

Adoption with fun

The majority of IT products and services are not actually used by IT people (amazing eh?). They are in fact, used by ordinary people (aka Muggels) in businesses, trying to do their job. For these people, changing the way that they work is frustrating because they need to adopt new approaches and tools. Helping with this adoption is a key to the success of modern approaches to IT I believe.

A handy technique that I have found to work well is make using new systems fun. In the distant past, when I was implementing SharePoint on premises, I used to implement the Daily Dilbert web part to post a Dilbert cartoon onto the front page of the SharePoint Intranet each day. The idea was to help drive adoption by getting people to visit the company Intranet to read the Dilbert comic and then, hopefully, dive into the other content that was there.

Today, the technology has changed but the adoption challenge hasn’t. I thought that I’d therefore share with you a way to get a Dilbert comic into your Teams channel daily using Power Automate.

This is all made possible via APIs and a suitable one I found is:

https://dilbert-api.glitch.me/json

which will produce an output that looks like this:

{"title":"Simulation TestingElbonia University Partial Win","image":"https://assets.amuniversal.com/4f2025a02e0d013a8769005056a9545d.png"}

In here you’ll see an image link to the Dilbert Cartoon.

Step one is to create a new Flow that is triggered at a recurring time.

image

Next, you want to add the HTTP action. In here, use the GET method and the URI set to the above API link as shown above.

The HTTP action is actually a ‘premium’ connector and may not be available to you by default. Thus, you may need an upgraded Power Platform license to have this available. Remember however, you’ll only need that license for the user creating and running that Flow.

image

You’ll then need to the Parse JSON action as shown above. The content here will be the Body from the HTTP action above and simply copy and paste the output of the API above into the option Generate from sample.

image

Now add Post message in a chat or channel action.

image

Enter option to post into the Team and Channel of your choice as shown above.

image

For the Message field select the </> option from the menu bar across the top, as shown. This will allow you to use raw HTML code here.

Type the following:

<img src = ”

then select the option to insert dynamic content like so:

image

(the lightning bolt icon)

image

In this list that appears you should be able to select image as shown above.

image

add the following text after the dynamic field

” width=”738″ height=”229″>

so the completed Message field looks like:

image

It is important that the HTML formatting is correct, otherwise the image will not display.

image

If you now test your Flow you should see the cartoon appear in your Teams channel as shown above. If you have scheduled your Flow daily then you should see a new comic every day. Remember, there is only one cartoon every 24 hours! Rerunning the Flow before then will simply display the same strip.

When the daily comic is more than three frames then it is cut off by default like so:

image

However, clicking on the comic will enlarge it for full viewing. This limitation is due to the height and wide parameters the HTML code used inside the Flow. Most strips are only three frames, that is why I used those height and width defaults for most readability most of the time, but you can vary those parameter if you wish.

So, the idea is to make visiting a Team a more fun place to visit regularly, hopefully with people engaging about the content to help drive adoption.

This Flow/API method can be utilised with just about anything that supports an API. Another I have found (although somewhat more risqué) is a Chuck Norris API here:

https://api.chucknorris.io/

which can be moulded to give a similar result (be it text only).

The only limitation of all of this is the need for the premium Flow HTTP action, but as I said, it is well worth the investment and is only really necessary for the user creating the Flow. Having a premium license for Flow opens up so many more capabilities, so it is highly recommended if you want to get serious about automation inside your environment.

Happily, Daily Dilbert is back baby! And now in Microsoft Teams.

Power Platform Community Monthly Webinar – December 2021

image

Join us for our monthly Power Platform webinar where we share the latest news and updates from the Microsoft Power Platform plus a deeper dive into Power BI.

You can register at:

https://bit.ly/ppc1221

If you wish to join our community and be part of the regular discussion and participation on the Microsoft Power Platform, you can join via:

https://www.ciaopspatron.com

(look for the Power Platform option to join us).

We look forward to seeing you on the webinar.

Need to Know podcast–Episode 279

In this episode I speak with Modern Workplace and Security Specialist from Dicker Data Darren Bennett. Darren has unique insight across the partner ecosystem and shares with me how partners are adopting the modern approach. What approaches work, what don’t and how successful partners approach the ever-changing Microsoft Cloud, as well as best practice takeaways.

I head this episode with an update from the important stuff that’s happening in the Microsoft Cloud to keep you right up to date.

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-279-darren-bennett/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Resources

Darren Bennet – Linkedin, Darren.Bennett@dickerdata.com.au

New Microsoft Teams Essentials is built for small businesses

How to defend against advanced attacks

Introducing the preview of Feedback for Microsoft 365

Advancing service resilience in Azure Active Directory with its backup authentication service

Several Microsoft Authenticator security features are now available!

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

Announcing Microsoft Defender for Cloud Apps

CIAOPS Business Dojo–December

pexels-oleg-magni-861233

In this month’s Business Dojo we take a look at create a security offering with Microsoft Sentinel. These are virtual events, hosted using Microsoft Teams, that will provide you with deep dive into a business topic from the Microsoft Cloud.

Costs:

Non CIAOPS Patrons = AU$99 inc GST

Date:

Wednesday December 22nd 0930 – 1100 Sydney AU time

If you are interested in attending please complete the expression of interest application here to be considered for the event:

https://bit.ly/patronbiz

and you’ll be sent more details.