Do your certificate management in Powershell

I do a lot of security work, and that means lots of time poking at certificates. Tooling for certificates was never something I was happy with until I stumbled upon powershell. Let me give you a demo:

PS C:\> cd cert:

PS cert:\> cd .\LocalMachine\My
PS cert:\LocalMachine\My> dir

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My


Thumbprint                                Subject
----------                                -------
4EE3FDE4FFF422935CAA0CA2783EF2CA601D6DE5  CN=NonSecretGlobalEncryptKey
272BDAC53C26CC5A8067FE6076D2F74797F69AF7  CN=igordm1, OU=Workstations, OU=Machines, DC=redmond, DC=corp, DC=microsof...


PS cert:\LocalMachine\My> cd\
PS cert:> cd .\CurrentUser\Root
PS cert:\CurrentUser\Root> dir | where {$_.Subject -like "*Veri*"}


    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root


Thumbprint                                Subject
----------                                -------
18F7C1FCC3090203FD5BAA2F861A754976C8DD25  OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stampin...
85371CA6E550143DCE2803471BDE3A09E8F8770F  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized us...
742C3192E607E424EB4549542BE1BBC53E6174E2  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
4F65566336DB6598581D584A596C87934D5F2AB4  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2...
24A40A1F573643A67F0A4B0749F6A22BF28ABB6B  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet


PS cert:\CurrentUser\Root> $cert = gi 24A40A1F573643A67F0A4B0749F6A22BF28ABB6B

PS cert:\CurrentUser\Root> $cert.ToString()
[Subject]
  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

[Issuer]
  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

[Serial Number]
  03C78F37DB9228DF3CBB1AAD82FA6710

[Not Before]
  4/8/1996 5:00:00 PM

[Not After]
  1/7/2004 3:59:59 PM

[Thumbprint]
  24A40A1F573643A67F0A4B0749F6A22BF28ABB6B

PS cert:\CurrentUser\Root>

Does the output of $cert.ToString() look familiar? It's actually the ToString() on X509Certificate2. This means as well as having a great certificate store browser, you also get to access the CLR certificate classes interactively - Yeehaw!

Read More

Need another monitor? Try a USB Video Card.

I use 3 monitors at work and it is awesome. My laptop only drives two monitors so for the 3rd monitor I picked up a USB video card,  the  EVGA 100-US-UV16A1 . This thing works (*). The device installs drivers automatically and works like a charm on Windows 7. It only supports upto 1600x1200.  Also, I don't play games so I can't tell you how well that works, but for reading email and viewing OneNote  I can't tell this is a USB video card.



(*) If you're not impressed this thing works, you should be. A back of the envelope bandwidth analysis:



Required Bandwidth:



= 1600pixels x 1200pixels x 24 bits per pixel x 30 frames/second

= 1.38 Gbps



Actual USB 2.0 bandwidth:

= 480Mbps

Read More

Using TShark

Today I realized this blog lost its google analytics (GA) tracking. Ooops, I accidentally erased the javascript that talks to Google Analytics in my blog template. I fixed the template on my blog, and wanted to verify my browser was sending data to GA. It takes the GA UI a while to show you data is coming in, so I decided to use tshark to see if my tracker code is working.

Tshark is the command line version of Wireshark, an Ethernet level packet sniffer. Lets see what HTTP GETs occur when I connect to one of my posts:

C:\Program Files\Wireshark>tshark.exe | findstr GET
Capturing on Microsoft
1) 67.936320 192.168.1.100 -> 64.233.169.191 HTTP GET  /2009/07/finding-clr-exceptions-with-visual.html HTTP/1.1 
2) 68.211983 192.168.1.100 -> 64.233.169.191 HTTP GET /dyn-css/authorization.css?targetBlogID=7821316&zx=defa99ec-5585-4463-a42d-a32bf4868482 HTTP/1.1
3) 68.393167 192.168.1.100 -> 64.233.169.139 HTTP GET  /__utm.gif?utmwv=4.5.8&utmn=1895005015&utmhn=ig2600.blogspot.com&utmcs=UTF-8&utmsr=1600x1200&utmsc=32-bit&ut
mul=en-us&utmje=1&utmfl=10.0%20r32&utmdt=Igor%27s%20Computer%20Blog%3A%20Finding%20CLR%20exceptions%20without%20visual%20studio&utmhid=396081822&utmr=0&utmp=%2F
2009%2F07%2Ffinding-clr-exceptions-with-visual.html&utmac=UA-6806517-1&utmcc=__utma%3D91978370.809539203.1241314101.1255744665.1255763228.10%3B%2B__utmz%3D91978
370.1255744665.9.3.utmcsr%3Dblogger.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fhtml%3B HTTP/1.1 
4) 68.393325 192.168.1.100 -> 64.233.169.191 HTTP GET /navbar.g?targetBlogID=7821316&blogName=Igor%27s+Computer+Blog&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=
BLUE&layoutType=LAYOUTS&searchRoot=http%3A%2F%2Fig2600.blogspot.com%2Fsearch&blogLocale=en_US&homepageUrl=http%3A%2F%2Fig2600.blogspot.com%2F&targetPostID=61412
67244510925043 HTTP/1.1
5) 68.517559 192.168.1.100 -> 64.233.169.191 HTTP GET /2009/07/finding-clr-exceptions-with-visual.html?action=backlinks&widgetId=Blog1&widgetType=Blog&responseTyp
e=js&postID=6141267244510925043 HTTP/1.1
6) 68.601057 192.168.1.100 -> 64.233.169.118 HTTP GET /gadgets/ifr?url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fmembers.xml&container=peoplesense&p
arent=http%3A%2F%2Fig2600.blogspot.com%2F&mid=0&view=profile&libs=opensocial-0.8%3Askins%3Adynamic-height%3Agoogle.blog&v=0.463.3〈=en&country=US&communityId
=02722510552710003866&caller=http%3A%2F%2Fig2600.blogspot.com%2F2009%2F07%2Ffinding-clr-exceptions-with-visual.html HTTP/1.1
7) 68.807944 192.168.1.100 -> 64.233.169.118 HTTP GET /gadgets/deps.js HTTP/1.1

What is that __utm.gif we GET in frame 3? How strange that it includes my screen resolution. A quick bing search finds this is indeed the connection to GA. So, my tracking code is good, and you should go learn how to use tshark.

Read More