This past weekend I had the opportunity to speak at DerbyCon 3.0. During my talk I announced a new tool called the PoshSec Framework. I wanted to give everyone at least a little background on this framework for those that didn’t get to see my talk.
Back in March of this year, I realized that I wanted to give something back to the community. So I started to write an open sourced SIEM. Now originally I was going to bake all of the code into the SIEM. This past June, I had the privilege of speaking at BSides Detroit. During the time I was there I went to see Matt Johnson’s talk on powershell. He told us about a project called PoshSec which is short for Powershell Security. I immediately knew that his project and mine should come together. I chatted with Matt and he agreed that this would be a great union.
You see, I really wanted to give something back to the community. Something that could really strengthen the stance of defense. It was intended to be for those with low to no budget, or low to no resources. Yet, it can be used by large enterprises as well. I figured it was about time for defense to have a tool kit of their own that reflected the same tool kit provided by metasploit and others. This is in no way a competing tool to metasploit. This is a tool designed to be on a Windows system with a focus on defensive strategies and scripts.
Fast forward to this past weekend, and with several thousand of code additions, we were pleased to release the PoshSec Framework. Below is a sample video showing you some of the things you can do with the framework. The idea is to create a front end interface that houses all of the powershell modules, functions, and cmdlets while lowering the entry use bar. This way the community can contribute scripts, functions, modules, and cmdlets for anything.
The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool for powershell that isn’t just a command line. The roadmap is to add graphs, a dashboard, scheduling, reporting, etc. This is a very active project and I encourage you to download it and see what it can do for you. The sky is the limit. This project is not the sum of it’s code. It’s the sum of what the community wants to invest into it.
So, feel free to fork the repository, and start writing some scripts! Let’s start building this project for the community by the community!
It’s Okay to Touch Yourself – http://www.youtube.com/watch?v=h4e2kzWudRo