Call of Community - ShowMeCon 2014



Slides from my talk at ShowMeCon STL 2014

Transcript of Call of Community - ShowMeCon 2014

Page 1: Call of Community - ShowMeCon 2014
Page 2: Call of Community - ShowMeCon 2014

About Ben

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014


●13+ years experience in Health CareInformation Systems

●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer

Page 3: Call of Community - ShowMeCon 2014

About Ben

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014


●It's hard being an executive when you look like you are a teenager.

●For serious!

●Thanks to @jaysonstreet

Page 4: Call of Community - ShowMeCon 2014


Our thanks to all of the websites we ripped off to use

images for this deck.

Full attribution on last slide!

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 5: Call of Community - ShowMeCon 2014

Why Us?

●We are geeks●We are gamers●We love this community●We both wanted to be like our gaming heroes!

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 6: Call of Community - ShowMeCon 2014

Why Us?

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 7: Call of Community - ShowMeCon 2014

Why Us?

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 8: Call of Community - ShowMeCon 2014

The Call of Community

What is this call?

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 9: Call of Community - ShowMeCon 2014

The Call of Community

Our hopes & dreams

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 10: Call of Community - ShowMeCon 2014

The Call of Community

Strategic Defense Execution Standard

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 11: Call of Community - ShowMeCon 2014

What is PoshSec?

• PoshSec is a framework to enable information security pros, system

administrators, analysts and others to effectively help manage a systems or

a networks security.

• PoshSec consists of

• PoshSec PowerShell Module

• PoshSec Framework


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 12: Call of Community - ShowMeCon 2014

How PoshSec Got Started

• Started by Matt Johnson and Will Steele

•Originally saw a lack of Security Related PowerShell modules

• Planned out the project as Will was battling cancer.


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 13: Call of Community - ShowMeCon 2014

Assembling the team

• Need a team of ninja’s to help make PoshSec grow

• Partnered with Wolfgang Goerlich, Nick Jacob and Rich Cassara and

Michael Ortega

• All seasoned infosec pros and brilliant minds.


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 14: Call of Community - ShowMeCon 2014


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 15: Call of Community - ShowMeCon 2014

PoshSec Goals

• The initial PoshSec release focused on the Top 20 controls.

• While maintaining our expertise in the area Top20 controls, we are

branching out to cover:

• Server Hardening

• Forensics

• Many more areas


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 16: Call of Community - ShowMeCon 2014

Account Management

• Created to satisfy Top Twenty Control #16 for the Account Monitoring and

Control section.

• Allows people to verify:

• User accounts

• Accounts that don’t expire

• Admin accounts

• Accounts that expire

• Accounts pass expiration date


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 17: Call of Community - ShowMeCon 2014


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 18: Call of Community - ShowMeCon 2014

Log Management

• Allows for querying of a few log types



• Allows you to set all of your Security Event logs to PoshSec recommended



The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 19: Call of Community - ShowMeCon 2014


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 20: Call of Community - ShowMeCon 2014

Network Baselining

• Several Baselining Scripts

•Open Ports

•Wireless Networks

• Configure Windows Firewall


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 21: Call of Community - ShowMeCon 2014

PoshSec 1.0

• PoshSec is officially releasing 1.0 of the PowerShell module


• Cleaner code base, a few new additions

• First of many regular releases.

• Currently twice a year



The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 22: Call of Community - ShowMeCon 2014

PoshSec Framework

My original plan....

●Create an open source SIEM●Bake everything inside●Release it to the community●Profit... wait... it's free●Continue my day job!

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 23: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 24: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 25: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 26: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 27: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 28: Call of Community - ShowMeCon 2014

PoshSec Framework

It's not the sum of it's code!

Select your player...

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 29: Call of Community - ShowMeCon 2014

PoshSec Framework

Green Ninja

●System Administration●Basic Networking Functions●Scan / Audit Domains●Use Information in Scripts●Patch Management

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 30: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 31: Call of Community - ShowMeCon 2014

PoshSec Framework

Blue Ninja

●Defensive Team●Live Port Monitoring●Application Integrity●Live File Monitoring●Log Analysis

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 32: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 33: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014


Page 34: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 35: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

OneGet – PowerShell 5.0


Page 36: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 37: Call of Community - ShowMeCon 2014

PoshSec Framework

Red Ninja

●Offensive Team●Powersploit Modules●Enumeration Tool●Leverage PSRemoting

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 38: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 39: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014


Own a box, now you need to download a 3rd party tool like


PowerShell is already there!!!

Page 40: Call of Community - ShowMeCon 2014

PoshSec Framework

Black Ninja

●Penetration Testing●Vulnerability Analysis●Posh-Sec Modules●Export Systems to Assets

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 41: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 42: Call of Community - ShowMeCon 2014

PoshSec Framework

White Ninja

●Forensics●Incident Response●The limit is only based on us

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 43: Call of Community - ShowMeCon 2014

PoshSec Framework


●Exposed Interface Elements●Github Integration●Custom Error Reporting●Create Tabs for Individual Objects●Seamless Integration with Scripts

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 44: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 45: Call of Community - ShowMeCon 2014

PoshSec Framework

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014


Live Demo!

Page 46: Call of Community - ShowMeCon 2014

PoshSec Framework 1.0

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

PoshSec Framework

Page 47: Call of Community - ShowMeCon 2014

PoshSec Developers●@mwjcomputing●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@sukotto_san●@PoshSec

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

PoshSec Framework

Page 48: Call of Community - ShowMeCon 2014

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

PoshSec Framework

Page 49: Call of Community - ShowMeCon 2014

I Am The Cavalry

The Cavalry is a global grassroots organization that is focused on issues where

computer security intersects public safety and human life.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 50: Call of Community - ShowMeCon 2014

I Am The Cavalry

Our areas of focus are medical devices, automobiles, home electronics and public


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 51: Call of Community - ShowMeCon 2014

I Am The Cavalry

●Content Management●Project Management●Administrative Assistance●Technical Systems Assistance●Sponsorship


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 52: Call of Community - ShowMeCon 2014

I Am The Cavalry


I haz stickerz!

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 53: Call of Community - ShowMeCon 2014

I Am The Cavalry

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 54: Call of Community - ShowMeCon 2014

I Am The Cavalry

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 55: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

Simple method for planning cyber defenses based on

straightforward step-by-step instructions.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 56: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

Help you identify where attacks are likely to come from, where

they are likely to go to, how they are likely to get there, and

what the impact on your organization will be.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 57: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

The final goal is to implement a defense that will allow you to

maintain an acceptable information security posture.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 58: Call of Community - ShowMeCon 2014

●Organization Risk Tolerance●IT Basics●Critical Asset Planning●Threat Scoping●Strategic Network Mapping●Attack Vector Identification


Strategic Defense Execution Standard

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 59: Call of Community - ShowMeCon 2014

●Attack Path Identification●Defense Planning●Defense Testing●Attack Detection and Response

Focus (continued)

Strategic Defense Execution Standard

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 60: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

Current Contributors

James Arlen (@Myrcurial) Iftach Ian Amit (@Iamit) Zate (@Zate) Gabe Bassett (@gdbassett) Ben Ten (@Ben0xA)

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 61: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 62: Call of Community - ShowMeCon 2014

Strategic Defense Execution Standard

[email protected]

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 63: Call of Community - ShowMeCon 2014

The Call of Community

Where do you fit in?

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 64: Call of Community - ShowMeCon 2014

The Call of Community

I'm answering the call.... what do you need?

●Contribute Ideas●Contribute Powershell Modules●Share your scripts with the community

●Use the tools... give us feedback!The Call of Community: Modern Warfare

Ben0xA – ShowMeCon 2014

Page 65: Call of Community - ShowMeCon 2014

The Call of Community

I'm answering the call.... what do you need?

●Join a Project●Support a project (skills/financially)

●Discourage Negativity

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 66: Call of Community - ShowMeCon 2014

The Call of Community

This idea is only as strong as this community. It's time to

stand together as a team!

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 67: Call of Community - ShowMeCon 2014

The Call of Community

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 68: Call of Community - ShowMeCon 2014

The Call of Community

The more we work as a team the stronger this community

will become.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 69: Call of Community - ShowMeCon 2014

The Call of Community


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 70: Call of Community - ShowMeCon 2014


Contact Information●@Ben0xA●Ben0xA on Freenode (IRC)●[email protected]●●●

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 71: Call of Community - ShowMeCon 2014


Contact Information


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 72: Call of Community - ShowMeCon 2014



The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 73: Call of Community - ShowMeCon 2014


Thank you!

I have stickers if you want one.

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Page 74: Call of Community - ShowMeCon 2014


The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014