2012-02-10T19:57:59Z http://blog.securitywhole.com/comments/atom.aspx Quick Blogcast tag:blog.securitywhole.com,2012-02-10:15903994 Tim Medin 2012-02-10T14:27:37Z 2012-02-10T14:27:37Z That is the easiest part. You simple pipe the command into Export-CSV and you have the file. <div> <br /> </div> <div>myscriptname.ps1 | export-csv myfile.csv</div> tag:blog.securitywhole.com,2012-02-10:15903991 Tim Medin 2012-02-10T14:26:26Z 2012-02-10T14:26:26Z In my case, the embedded device allowed the image to be unlocked and we could modify the firewall and block all services. Since it was a terminal we didn't need to allow any services to be accessible. Why it was enabled in the first place, I just don't know. <div><br /> </div> <div>In your case, I'm guessing you'll either have to upgrade or update the firmware. Lacking that ability, you'll have to firewall that segment of the network and hope nothing malicious gets on that segment.<br /> </div> tag:blog.securitywhole.com,2012-02-09:15893599 Marc 2012-02-09T08:35:30Z 2012-02-09T08:35:30Z Hi Tim,<br /> <br /> Very good script. Took indeed just a couple of seconds to execute. But now I'm wondering how I can export this to a csv file so I can import it in Excel?<br /> <br /> Kind regards,<br /> Marc tag:blog.securitywhole.com,2011-10-19:12264485 NA 2011-10-19T19:56:38Z 2011-10-19T19:56:38Z Did you identify the root cause? I haven't run into this scenario specifically, but I have friend who is fighting this issue on XP embedded. At a glance, I thought he had overlooked something obvious - but the symptoms he reported are the same. Did you identify a path-forward? tag:blog.securitywhole.com,2010-11-15:3956341 bill 2010-11-15T22:18:42Z 2010-11-15T22:18:42Z Nice but I'm looking for a script that will recursively walk the registry, showing the last write time on every key. This is for live forensics data collection. tag:blog.securitywhole.com,2010-10-30:3877199 Tim Medin 2010-10-30T21:17:35Z 2010-10-30T21:17:35Z I don't think you can. If the site is using and MD5 HMAC to sign the viewstate this attack doesn't work. tag:blog.securitywhole.com,2010-10-28:3867072 JM 2010-10-29T02:23:10Z 2010-10-29T02:23:10Z We have a Dreamhost account and it's awesome. (I have a referral code if you want to go that way.)<br /> <br /> Right now, I don't want to mess with keeping web content up to date, so my blog is over at Posterous, which is dead easy to use, but I don't do much formatting of the content. Pretty much all plain text or pictures there. tag:blog.securitywhole.com,2010-10-27:3858603 gamble 2010-10-27T14:39:46Z 2010-10-27T14:39:46Z I would like to use the padding oracle on encrypted viewstate that using MD5. May I know how I can do on tat ? Thanks tag:blog.securitywhole.com,2010-10-02:3699128 Mike Summers 2010-10-02T07:45:15Z 2010-10-02T07:45:15Z Great post and its a really nice tag:blog.securitywhole.com,2010-07-20:3338057 Ryan M. Ferris http://www.rmfnetworksecurity.com 2010-07-21T01:37:06Z 2010-07-21T01:37:06Z Thanks for this post. I extended your post some. I found this PS code of interest:<br />$findMM=foreach ($id in ( Get-Process | ? { $_.Modules -like "*(rsaenh.dll)*" -and $_.Modules -like "*(iphlpapi.dll)*"} )) {write $id.MainModule}<br />$findMM | Select Modulename,FileName,ModuleMemorySize,Size,EntryPointAddress,BaseAddress,Description,Company | ft -auto