1. Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability – Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because of a design flaw in the browser’s cross-cite scripting filter. An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks. Internet Explorer 8 is vulnerable.
2. Mozilla Firefox Remote Memory Corruption Vulnerability – Mozilla Firefox is prone to a remote memory-corruption vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
3. Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability – Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability. Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files. Updates are available.
4. Mozilla Firefox ‘document.getSelect’ Cross Domain Information Disclosure Vulnerability – Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information that may aid in further attacks.
5. Microsoft Internet Explorer ‘Style’ Object Remote Code Execution Vulnerability – Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. Internet Explorer 6 and 7 on Windows XP and Vista are vulnerable; other versions may also be affected.
6. CA eTrust PestPatrol Anti-Spyware ‘ppctl.dl’ ActiveX Control Remote Buffer Overflow Vulnerability – CA eTrust PestPatrol Anti-Spyware ‘ppctl.dl’ ActiveX control is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
   

Tech Segment:
Hack from a Cave have released Katana which is a 5GB Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite security tools, you can keep them all conveniently in your pocket.

Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications, such as Wireshark, HiJackThis, Unstoppable Copier, Firefox, and OllyDBG. It also includes the following distributions:

* Backtrack 4 pre
* the Ultimate Boot CD
* Ophcrack Live
* Damn Small Linux
* the Ultimate Boot CD for Windows
* Got Root? Slax
* Organizational Systems Wireless Auditor (OSWA) Assistant
* Damn Vulnerable Linux

According to their website “Ultimate Boot CD is completely free for the download, or could be obtained for a small fee. If you had somehow paid a ridiculous amount of money for it, you have most likely been fleeced. The least you could do is to make as many copies of the offical UBCD and pass it to your friends, relatives, colleagues or even complete strangers to minimize the per unit cost of your loss”

BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

DSL was originally developed as an experiment to see how many usable desktop applications can fit inside a 50MB live CD. It was at first just a personal tool/toy. But over time Damn Small Linux grew into a community project with hundreds of development hours put into refinements including a fully automated remote and local application installation system and a very versatile backup and restore system which may be used with any writable media including a hard drive, a floppy drive, or a USB device.

UBCD4Win is a bootable recovery CD that contains software used for repairing, restoring, or diagnosing almost any computer problem. Our goal is to be the most complete and easy to use free computer diagnostic tool. Almost all software included in UBCD4Win are freeware utilities for Windows®. Some of the tools inlcuded are “free for personal use” copies so users need to respect these licenses. A few of the tools included in UBCD4Win are paid for and licensed software owned by UBCD4win.

Got Root? Slax – Developed to accompany Katana. All modules in the “slax/modules” directory were added to Slax 6 excluding those starting with numbers. The modules were obtained from the Slax official website here. The 3-003-desktop.lzm module was unpacked and modified to add the Got Root? Slax wallpaper.

The OSWA-Assistant™ is a freely-downloadable, self-contained, wireless-auditing toolkit for both IT-security professionals and End-users alike.

Damn Vulnerable Linux provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of Reverse Code Engineering and Hacking in various IT security relevant knowledge domains to address the many challenges of software protection, malware, or exploitation analysis.

Katana is also highly customizable. You can modify Katana by adding or removing distributions and portable apps with ease. You can add functionality to distributions like the Ultimate Boot CD, Got Root? Slax and UBCD4Win. You can also load your personal scripts and documents to keep them conveniently on your flash drive to use in concert with the provided tools. You can even use the install script to install Katana on a hard disk. The current boot loader for that disk will be replaced with the syslinux boot loader. The disk must be a FAT32 filesystem.

So what are the requirements for Katana?

1. Requires USB flash drive of size 8GB or larger with 6GB free space. (NOTE: You can install Katana on smaller drives by uninstalling some distributions. See step 4.)

2. Download katana-v1.rar to local disk. Full install requires 6 GB of free disk space on local downloading system. (NOTE: FAT16/FAT32 partitions cannot accommodate a 6GB file.)

3. Flash drive must be formatted FAT32. (OPTIONAL: Create “katana” directory on local disk.)

4. (Turn off your virus scanner before install) Extract katana-v1.rar to the “katana” directory and move to USB flash drive OR extract directly to the root of the flash drive. Now you can run the uninstall_tools.bat or uninstall_tools.sh script in “boot/uninstall/” directory if you wish to remove any distributions. This can also be done after installation.

5. Change directory to the freshly copied /boot directory on the USB device. Make sure you’re in the “boot” directory on the USB device!

6. For Linux/OSX run ./boostinst.sh, for Windows run ./boostinst.bat

7. Make sure computer BIOS allows USB boot. Boot from flash drive.

You want to add another distro to Katana? Adding an operating system to Katana can vary in difficulty. Many Live CD operating systems use isolinux as a bootloader. The USB version of this bootloader is syslinux. If these are the bootloader used for the distribution you wish to install, the following information should help in this task.

1) Extract or burn the operating system image.

2) Create the directory /boot/syslinux/”Distro Name” so that we have a folder for storing the Kon-boot. Make sure there are not spaces in the name.). Copy the content of the /boot directory from the extracted/burned ISO to this newly created directory.

3) Copy the config file (w/ the .cfg extension) from the /syslinux or /isolinux directory of the extracted/burned ISO to the /boot/menu directory in Katana. Change the name of the config file to “Distro Name”.cfg. Open the “Distro Name”.cfg file with a text editor.

Edit the text following KERNEL and APPEND in the config file. It should look something like the following. Change the path for the kernal and initrd to /boot/syslinux/”distro name”.

For example, change …

LABEL BT4
MENU LABEL FrameBuffer (1024×768)
KERNEL /boot/vmlinuz
APPEND vga=0×317 initrd=/boot/initrd.gz BOOT=casper boot=casper nopersistent rw quiet

to …

LABEL BT4
MENU LABEL FrameBuffer (1024×768)
KERNEL /boot/syslinux/”Distro Name”/vmlinuz

APPEND vga=0×317 initrd=/boot/syslinux/”Distro Name/initrd.gz BOOT=casper boot=casper nopersistent rw quiet

Also, add the following to the end of the config file.

MENU LABEL ..
KERNEL /boot/vesamenu.c32
APPEND /boot/menus/main.cfg
TEXT HELP
Back to Main Menu
ENDTEXT
4) Now copy the other folders in the root of the CD or extracted image folder to the root of the Katana Drive. (For Backtrack 4 that would be the bt4 directory).

5) Open the main.cfg file in the /boot/syslinux directory. Add the following text to this file. Edit the parts in bold with the appropriate date.

LABEL “Distro Name”
MENU LABEL “Distro Name”
KERNEL /boot/vesamenu.c32
APPEND /boot/menu/”Distro Name”.cfg

Reboot your system and see if it worked.

In addition, you can change the menu format of the distro boot screen to match that of the rest of Katana. The main.cfg controls the format of the menu. You can replace the “…” with the menu content.

DEFAULT /boot/vesamenu.c32
MENU BACKGROUND /boot/wallpaper.png
MENU WIDTH 30
MENU MARGIN 0
MENU ROWS 12
MENU HELPMSGROW 22
MENU TIMEOUTROW 26
MENU TABMSGROW 27
MENU CMDLINEROW 27
MENU HSHIFT 24
MENU VSHIFT 0

menu color screen 37;40 #00000000 #00000000 none
menu color border 30;44 #00000000 #00000000 none
menu color title 1;36;44 #aaaaaaaa #00000000 none
#menu color unsel 37;44 #ff60CA00 #00000000 none
menu color unsel 37;44 #aaaaaaaa #00000000 none
menu color hotkey 1;37;44 #ff60CA00 #00000000 none
#menu color sel 7;37;40 #ffffffff #00000000 none
menu color sel 7;37;40 #ffffffff #00000000 none
menu color hotsel 1;7;37;40 #ff808080 #ff60CA00 none
menu color scrollbar 30;44 #00000000 #00000000 none

menu color tabmsg 31;40 #aaaaaaaa #00000000 none
menu color cmdmark 1;36;40 #ffff0000 #00000000 none
menu color cmdline 37;40 #aaaaaaaa #00000000 none
menu color pwdborder 30;47 #ffff0000 #00000000 std
menu color pwdheader 31;47 #ffff0000 #00000000 std
menu color pwdentry 30;47 #ffff0000 #00000000 std
menu color timeout_msg 37;40 #aaaaaaaa #00000000 none
menu color timeout 1;37;40 #ffaaaaff #00000000 none
menu color help 37;40 #aaaaaa00 #00000000 none
menu color msg07 37;40 #90ffffff #00000000 std

…

LABEL back
MENU LABEL ..
KERNEL /boot/vesamenu.c32
APPEND /boot/menus/main.cfg
TEXT HELP
Back to Main Menu
ENDTEXT

The menu content generally looks something like:

LABEL …
MENU LABEL …
KERNEL …
APPEND …

Following the instructions provided by ronin, I was able to install Trinity Rescue Kit into Katana.
Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. TRK is a complete commandline based distribution, apart from a few tools like qtparted, links, partition image and midnight commander

1) Download Trinity Rescue Kit ISO from http://trinityhome.org

2) Extract the ISO into a local directory on your system.

3) On your Katana Drive, create the file trinity.cfg in the /boot/menu directory. (This is the menu for Trinity Rescue Kit.) Open trinity.cfg in a text editor and copy and past the following into it:

PROMPT 0
#TIMEOUT 90
DEFAULT /boot/vesamenu.c32
MENU BACKGROUND /boot/wallpaper.png

MENU WIDTH 60
MENU MARGIN 0
MENU ROWS 10
MENU HELPMSGROW 22
MENU TIMEOUTROW 26
MENU TABMSGROW 27
MENU CMDLINEROW 27
MENU HSHIFT 9
MENU VSHIFT 0

menu color screen 37;40 #00000000 #00000000 none
menu color border 30;44 #00000000 #00000000 none
menu color title 1;36;44 #aaaaaaaa #00000000 none
#menu color unsel 37;44 #ff60CA00 #00000000 none
menu color unsel 37;44 #aaaaaaaa #00000000 none
menu color hotkey 1;37;44 #ff60CA00 #00000000 none
#menu color sel 7;37;40 #ffffffff #00000000 none
menu color sel 7;37;40 #ffffffff #00000000 none
menu color hotsel 1;7;37;40 #ff808080 #ff60CA00 none
menu color scrollbar 30;44 #00000000 #00000000 none

menu color tabmsg 31;40 #aaaaaaaa #00000000 none
menu color cmdmark 1;36;40 #ffff0000 #00000000 none
menu color cmdline 37;40 #aaaaaaaa #00000000 none
menu color pwdborder 30;47 #ffff0000 #00000000 std
menu color pwdheader 31;47 #ffff0000 #00000000 std
menu color pwdentry 30;47 #ffff0000 #00000000 std
menu color timeout_msg 37;40 #aaaaaaaa #00000000 none
menu color timeout 1;37;40 #ffaaaaff #00000000 none
menu color help 37;40 #aaaaaa00 #00000000 none
menu color msg07 37;40 #90ffffff #00000000 std

MENU TITLE Trinity Rescue Disk

LABEL trk3
MENU label TRD – default
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1

LABEL 1
MENU label TRD – as bootserver to boot other TRK clients
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 trkbootnet

LABEL 2
MENU label TRD – running from RAM (best >= 512mb, 256mb min)
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 trkinmem

LABEL 3
MENU label TRD – with bigger screenfont
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 normalfont

LABEL 4
MENU label TRD – in simple VGA mode (debugging of kernel output)
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=1 pci=conf1 splash=off

LABEL 5
MENU label TRD – with Belgian keyboard (see docs for other)
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 keyb_be

LABEL 6
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Virusscan all drives (non interactive)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 virusscan

LABEL 7
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Try more pcmcia and usb nics (when not detected)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 pcmcia

LABEL 8
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Try more SCSI drivers (when disks not detected)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 scsidrv

LABEL 9
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – with a secure shell server enabled
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 sshd

LABEL 10
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Execute local scripts on harddrive of PC
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 locscr

LABEL 11
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Fileshare all drives, secured with user
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 smbsec

LABEL 12
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Fileshare all drives as guest, no security
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 smbguest

LABEL 0
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Single user mode
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 runlevel 1

LABEL noacpi
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Acpi=off, noapic PCI=bios (Alternate boot 1)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose acpi=off noapic pci=bios

LABEL pcinormal
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – Acpi=off, noapic PCI=any (Alternate boot 2)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose acpi=off noapic

LABEL pciconf1
KERNEL /boot/syslinux/trinity/kernel.trk
MENU label TRD – PCI=conf2 (Alternate boot 3)
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf2

LABEL debug
MENU label TRD – Verbose startup for debugging after initial bootfase
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 debugging

LABEL 18
MENU label TRD – SSH server and run from RAM
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 sshd trkinmem

LABEL 19
MENU label TRD – SSH server, run from RAM, act as a secure fileserver
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 sshd trkinmem smbsec

LABEL 20
MENU label TRD – proxyserver support enabled
KERNEL /boot/syslinux/trinity/kernel.trk
APPEND initrd=/boot/syslinux/trinity/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 proxy

LABEL back
MENU LABEL ..
KERNEL /boot/vesamenu.c32
APPEND /boot/menus/main.cfg
TEXT HELP
Back to Main Menu
ENDTEXT

4) Create the directory /boot/syslinux/trinity in Katana. Copy the kernel.trk and initrd.trk files into the newly created directory from the extracted ISO.

5) Copy the /trk3 directory from the extracted ISO to the root of Katana.

6) Finally, on the Katana Drive; open /boot/menus/main.cfg in a text editor and add the following to the end of the file. This will add Trinity Rescue Kit to the main boot menu.

LABEL trinity
MENU LABEL Trinity Rescue Kit
KERNEL /boot/vesamenu.c32
APPEND /boot/menus/trinity.cfg
TEXT HELP
More about currently selected:

Trinity Rescue Kit is a distribution
that aims specifically at recovery
and repair operations.
ENDTEXT

You should now be able to boot Trinity Rescue Kit from Katana.

You can download Katana v1 here:http://www.hackfromacave.com/katana.html

Welcome to the InfoSec Podcast Special Technical Segment on Power Shell Signing. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news and review useful tools that will hopefully provide you a few laughs and a little knowledge.

What is code signing? Code signing is the process of digitally signing files to confirm the author and guarantee that the file has not been altered or corrupted. It’s essentially the same as signing emails: it guarantees that they were actually authored by the person claiming to be the author, and that they weren’t changed after the author signed them. (For more information see Apple’s explanation and Microsoft’s).

How does digital signing work? A digital signature scheme typically consists of three algorithms:

• A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
• A signing algorithm which, given a message and a private key, produces a signature.
• A signature verifying algorithm which given a message, public key and a signature, either accepts or rejects the message’s claim to authenticity.

Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.

With public/private key encryption, data that is encrypted by the private key can be decrypted by the public key, so the encryption of the hash (and sometimes the public key, as well) is attached to the file so that the end user can re-calculate the hash and decrypt the signature to verify: a) that it was encrypted by the private key belonging to the author, and b) that the hash matches the hash that the author signed.

What’s all this about keys?

In a Pubkic Key Infrastructure (PKI), the “key” is actually included in an SSL certificate issued to you by a Certificate Authority (CA) who verifies your identity. Verisign introduced the idea of “classes” for certificates, and you can now get free, Class 1 certificates for email signing from most CA’s now (like Twarte), where the only thing they verify is that the person being issued the certificate can send/receive email at that address.

Of course, if you want to verify yourself as the author of code, we want to know more about you than your email address. So to sign code, you need at least a Class 2 certificate, for which proof of identity is required. This typically comes in the form of providing (photos of) your passport, driver’s license and/or other photo ID to verify that you are who you claim to be, and answering a few questions on the phone to validate that you own the phone number provided… or providing tax or other documents to prove the existence of an organization and that you’re qualified to speak for them. There are also additional classes: Class 3, 4, and 5 are extended validation certificates used for servers, software signing, b2b transactions and government security.

Why should I sign PowerShell scripts?

Reality is that you probably don’t need to do so unless you want to provide a mechanism that your code can be verified and was delivered unaltered.  Code-signing gives you a way to do just that by locking down and securing PowerShell scripts.

As an individual, signing doesn’t offer you much unless you share your computer with other administrator users. After all, what it protects you from is intentional or accidental altering of the script. If there’s no one else who has access to your computer, then nobody can alter your scripts.

Of course if you distribute your scripts signing them you (and your users) the assurance that you are the author, and that no one has altered your script.   The main items to take away are that code signing cannot guarantee that code is free of security vulnerabilities.  Doesn’t guarantee that a script doesn’t load unsafe code or perform unsafe actions during execution.

Assuming that you still want to try signing your scripts, you need a certificate. You can also get one from a public Certificate Authority or you can obtain one from an internal Certificate Authority.

The third option for obtaining a code-signing certificate is to make your own self-signed certificate using a tool like Makecert.exe. It ships with the Windows Platform SDK. The upside of a self-signed certificate is that it’s free and doesn’t require any infrastructure. The downside, however, is that it’s really only usable on your computer. But if you just need to enable script execution on your computer—for testing or general experimentation with code signing—Makecert.exe is a great option. Documentation about this tool is at go.microsoft.com/fwlink/?LinkId=108538. Just be aware that many versions of this tool have existed over the years, so it’s possible that your computer is running an older version that doesn’t work exactly as the documentation describes.  For example, for Windows 7 you’ll need the Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1.  http://www.microsoft.com/downloads/details.aspx?FamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505&displaylang=en

You will be prompted for the private key:

Next you’ll be prompted for the private key you entered above:

Now run the following from a Command Prompt.  It generates a personal certificate from the above certificate authority:

C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin>makecert -pe -n “CN=PowerShell
User” -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
Succeeded

You’ll be prompted for the private key you entered earlier:

This places the self-signed certificate into your personal store.

Now you need to verify from Powershell that the certificate was generated correctly:

PS C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin> Get-ChildItem cert:\Current
User\My -codesign

Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
———-                                ——-
55C746A509308332B66C9CFEE1011F9F64679671  CN=PowerShell User

You delete the two temporary files root.pvk and root.cer in your working directory.  The certificate info is stored with that of others, in “C:\Documents and Settings\[username]\Application Data\Microsoft\SystemCertificates\My\”.

[system.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() |
Where-Object { $_.GetIPProperties().GatewayAddresses } |
ForEach-Object {
$_.GetIPProperties().UnicastAddresses| ForEach-Object {
$_.Address.IPAddressToString
}
}
# SIG # Begin signature block
# MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUMMk7EB96aq7RuaYVZtINR/9P
# bz+gggI9MIICOTCCAaagAwIBAgIQ9GUKJXkjfrFHX4HNvUBqfTAJBgUrDgMCHQUA
# MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe
# Fw0wOTExMjEwMDQxNTZaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy
# U2hlbGwgVXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkb4oawAASvMB
# rQ9hLSqaIJMPplCJG8Xh+RYLKL867zEGKtk1M83A+s4+KqFyall9iD8wex9WaUjH
# CQE7K71lsuprJDnAYIwgaxEVoIhMDtXSt5BiKcZdwUFTMHkUppeage9Qx+uR+JXe
# FTPydvus663IEM7t8dROq921/e37KNsCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYB
# BQUHAwMwXQYDVR0BBFYwVIAQE43DypIlBMHL15nDtPUsuaEuMCwxKjAoBgNVBAMT
# IVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQk7Dn3ps5vaxAUlAJ
# +ZsNSDAJBgUrDgMCHQUAA4GBAFSWkZjKM5j2UyWVkt4egwEyCi9PfzMOU7H38OD9
# KmCdSPFdFwmAfnvTfRiYNJxfCtIy5cRE/tnTqAImXaHeBwMJNGKSHl0a8L2uACni
# mL4FKgL1C+AqBpDkxGmRc0WVTE6w1yQYzqTEpsQPEXWqH+nxTa3juleCw8A8l2+5
# 39uzMYIBYDCCAVwCAQEwQDAsMSowKAYDVQQDEyFQb3dlclNoZWxsIExvY2FsIENl
# cnRpZmljYXRlIFJvb3QCEPRlCiV5I36xR1+Bzb1Aan0wCQYFKw4DAhoFAKB4MBgG
# CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC
# AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYE
# FHE6mEEs43d776HA5FWueAQRh5arMA0GCSqGSIb3DQEBAQUABIGAVvKHltzyIKsG
# YqxATMTVlyh1yb2pRA8Ar8mmGaB7fSro/LONEjSr0uto11lnixbBNUQCF7bjpeYS
# CUxfNC5pynPhp6nF4XdHwPDb3u0aNNJ9bCtlTN6e3pi3+QP1Fi0aFNVBIGD2Bb4c
# BiY7HRQK/Sgj3N+m9s4xPkVJcKOajRg=
# SIG # End signature block

Execute the script once again:

PS C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin> .\script.ps1

Do you want to run software from this untrusted publisher?
File C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\script.ps1 is published
by CN=PowerShell User and is not trusted on your system. Only run scripts from
trusted publishers.
[V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help
(default is “D”):r
fe80::c89c:9d2c:15ac:1b87%11
10.25.0.99
fe80::681b:b2c1:bab0:70d5%18
192.168.193.1
fe80::d936:3768:d735:ab%20
192.168.85.1

We get prompted to [V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help (default is “D”).  I selected r and the script ran correctly providing me with the output of my interfaces.  It is important to note that if the certificate is missing from your store the script will fail.

To run signed scripts on another system you have to export the Powershell certificate that was used to sign the script from the Trusted Root Certification Authorities container.  As a side note, the Trusted Publishers can also be moved to prevent the first-time prompt.

From the Current User certificate store, go to the Trusted Root Certification Authorities container and locate the PowerShell Local Certificate Root certificate.  Right-click on it and click All Tasks, Export.

Leave the format at the default DER format and click Next.

Enter your desired path and name of the exported certificate, and click Next.  On the target machine, open certmgr.msc.  Locating the Trusted Root Certification Authorities container.

Expand the container to find the Certificates store.  Right-click on it and select All Tasks, choose import. Click Next to continue and then find the certificate that you just exported and click Next.  I usually choose the Automatically select the certificate store based on the type of certificate.  Read the security warning and click Yes to install the certificate. Your signed script should now run on the new computer.  Note that Powershell will prompt you the first time it’s run unless you also import the Trusted Publishers certificate.

Tonight we have a Part Two of our interview with special Guest Pieter Swanepoel. Pieter is the President of Swan Security which specializes in Mainframe Security.

Tonight we have a Part One of our interview with special Guest Pieter Swanepoel. Pieter is the President of Swan Security which specializes in Mainframe Security.