Encrypting and decrypting strings using PowerShell

-
One of the challenges that I overcame when I was creating a Server 2008 hardening script was how to securely encrypt AD password changes that were made on the fly. Once that was accomplished how do I store only ciphertext to be read as a password of a user by an authorized user if necessary?
Windows PowerShell comes with a cryptography framework that for example allows the programmer to read an input string from the user as a secure object. The secure string can be used by the PowerShell program however the means to read that object back to the user in plaintext was, I found, expectedly, not as well documented.
A topic that I found interesting and that I first came across as I researched how to access plaintext from a secure object is a concept in computer science called marshaling. Briefly from Wikipidia "marshaling is the process of transforming the memory representation of an object to a data format suitable for storage or transmission".
So to read plaintext from a secure object PowerShell uses the Marshal class and I found that fascinating.
Below is a URL to a great read on this.
https://docs.microsoft.com/en-us/archive/blogs/besidethepoint/decrypt-secure-strings-in-powershell

Comments

  1. Zero Day SecurityJanuary 18, 2020 at 12:00 AM

    I'm not too well versed with writing scripts but I will definitely keep this handy if I every run into a similar issue. -Toufue

    ReplyDelete
  2. SecurityDadJanuary 18, 2020 at 11:30 AM

    Nice post Caleb! I love Powershell it is such a power full tool, I use it all the time at work. I especially enjoyed the discussion of Powershell as a security tool. I never heard of Marshalling and found this to be quite interesting. This is something I will definitely be investigating more. I wonder if this technique can be integrated in Exchange online powershell for 0365 environment configured with dirsync? - Josh S

    ReplyDelete
  3. Ryan SaundersJanuary 18, 2020 at 5:36 PM

    This looks like it could be helpful in the future, thanks Caleb

    ReplyDelete

Post a Comment

Popular posts from this blog

Malware Reverse Engineering

-
Image
I recently analyzed and submitted some malware to Microsoft Security Intelligence that I found on a YouTube video.  The video has since been reported so it may not be available.  https://www.youtube.com/watch?v=uQG6Xwxdb2A This YouTube video promoted downloading a program that claimed to "generate" keys for copyrighted software. Windows Defender identified it as Trojan:Win32/Wacatac.C!ml .  Here below is the Virus Total entry: https://www.virustotal.com/gui/file/509e1b4447cd7f0c448b31d88a41dbca6ceca5a029caabfa2bd10b7c965bbe51/detection The first thing I did was analyze for malicious registry changes with a program from Nir Soft called  RegistryChangesView v1.26 . I did not find malicious registry changes. The few changes to the registry were normal Windows behavior, for example here was one registry change: ================================================== Registry Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-...
Read more

Should you hide your SSID on your Wi-Fi?

-
Some of us may not realize the kind of control we have over our home wi-fi. There are a pros and cons to all of the features that wi-fi offers. I will do my best to explained some of them below. I won't drag on before saying that to have secure Wi-Fi you should have the settings in bullet points here functioning: Enable Wi-Fi Protected Access 2 ( WPA2 ). Use Advanced Encryption Standard ( AES ). If it does not say AES it is probably using AES. Pre-shared Key (PSK) With this enabled your data is encrypted behind a password using AES which is the most modern and trusted encryption standard in use today. However if you're curious (like me) about some of the other features I will do my best to explain a few of the more interesting ones below. The first question is about hiding the SSID using the settings in your wireless access point (AP) or router. Does that make your wi-fi more secure? The accurate answer is 'no' but the friendlier answer is 'that...
Read more

Open Whisper Systems: Signal Messaging App

-
There are a number of factors that set Signal by Open Whisper Systems apart from any other encrypted messaging platform. The first being that it is open source. https://github.com/signalapp/Signal-Android Signal uses e-to-e encryption or end-to-end. Next, given that it is open source anyone can analyse the code for back-doors and the strength of the encryption. The celebrity whistle blower Edward Snowden  https://twitter.com/Snowden  endorses Signal and so do many IT professionals who report on controversial subjects. Even if the company is subpoenaed Signal retains nearly nothing on the user.  https://www.theverge.com/2016/10/4/13161026/signal-subpoena-court-order-encryption-police-open-whisper Signal is showing up in mainstream more all the time. https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ Security can even be improved upon the default settings with a few tweaks of the app settings. https://theintercept.com/2016/07/02/s...
Read more