How I stole my colleague’s OneDrive content and WiFi passwords using a fake iPhone cable and PowerShell

October 9, 2023October 8, 2023 by Martin Bengtsson

Introduction

Big disclaimer: This is done for educational purposes. Do not steal anyone’s OneDrive content or WiFi passwords – actually don’t steal anything at all. 🙂

Endpoint management and endpoint security are 2 sides of the same coin, which means I’m heavily invested in both worlds. I run internal attack simulations several times a year, and recently came up with a new idea in educating our users.

How about I demo how a fake iPhone cable is enough to steal their OneDrive content and password for their home WiFi?

This post will walk you through the details of doing just that. This involves the use of the infamous O.MG cable and a custom payload launching my PowerShell script directly from GitHub – and ultimately uploading the stolen loot to Dropbox.

Digitally signing my Toast Notification Script to use with ConfigMgr, AppLocker and Constrained Language Mode

January 6, 2022January 5, 2022 by Martin Bengtsson

Introduction

My Toast Notification Script unfortunately only works in PowerShell Full Language Mode (for the time being. I have plans to look into this).

This requirement does not work well with AppLocker and having Constrained Language Mode enabled. My solution to this, is to digitally sign the New-ToastNotification.ps1 file. While working my way through the process myself, I realized that a few changes to the Toast Notification Script itself was needed.

The changes made to this “edition” of the script, are only targeted Configuration Manager. I’m not sure that moving between PowerShell Language Modes coming from Proactive Remediations in Intune, is something that’s possible (if anyone knows this, please let me know).

Additionally to the changes needed, I thought the process itself would make a decent and useful blog post. So here goes. 🙂

Remove desktop shortcuts for the current user and public profile using PowerShell and Proactive Remediations

October 11, 2021October 9, 2021 by Martin Bengtsson

Introduction

I think most IT-professionals who’s working with software delivery in some sort, has dealt with software and software installers in general, that puts a shortcut on the desktop by default. Annoying indeed.

Typically you’re in for a treat, when trying to figure out how to customize the installer, to prevent the shortcut on the desktop from being created. It’s not rare either, that the installer simply doesn’t support that.

And finally, we are all aware of the desktop-shortcut-mess, when using OneDrive PC folder backup (formerly known as ‘Known Folder Move’), where shortcuts are duplicated and synced between devices. Yikes.

Long story short, I was tired of spending time on desktop shortcuts, so I figured it was time to create my own solution to the problem.

Install the new Remote Desktop Connection Manager (RDCMan) with ConfigMgr and PowerShell

June 28, 2021 by Martin Bengtsson

Introduction

Another kickstarting blog post, getting into the swing of things again after a somewhat lacking period.

Now, RDCman has been revived and arrived last week in a new version 2.8.

For fun and giggles, I did a short PowerShell script which uninstalls the old version (2.7, registered with windows installer) and downloads the new version 2.8 directly from live.sysinternals.com.

This is a little something on the script itself and how to put that to use with ConfigMgr.

Windows 10 Toast Notification Script Update: Improved re-run behavior with ConfigMgr and allow running in SYSTEM context

April 20, 2021April 20, 2021 by Martin Bengtsson

Introduction

A new version of the Windows 10 Toast Notification Script is here. The script is now being on version 2.2.0.

This version brings the option to run the script and thus display toast notifications coming from SYSTEM context.

A requirement has been so far, that the script is being run with the logged on user’s credentials. This is still recommended, but for scenarios where this is not possible, like running this with a task sequence (task sequences always run as local system), this new ability will give you the option to display toast notification for the logged on user, even if coming from local system context.

The work done here, with running the script under SYSTEM, is entirely done by Andrew. Thank you!

Also, with a built-in prevention of having multiple toast notifications being displayed in a row, the script is now also better at handling the re-run behavior in ConfigMgr. Having multiple toast notification displayed in a row, is something that can happen, if a device misses a deployment schedule. The nature of ConfigMgr is to catch up on the missed schedule, and this can lead to multiple toast notifications being displayed.

Notify users when their device is running low on disk space using Toast Notifications and Endpoint Analytics Proactive Remediations

February 4, 2021February 3, 2021 by Martin Bengtsson

Introduction

This is a follow up, on the post I did a few weeks ago, on notifying users with devices being low on disk space, using Toast Notifications and Configuration Manager

Find the mentioned post here: Notify users when their device is running low on disk space using Toast Notifications and Configuration Manager

This time, I’m moving all of it, into the Endpoint Analytics Proactive Remediations feature of Microsoft Endpoint Manager Intune. This will actually simplify things a lot, as it removes the need for custom collections, Configuration Items and Baselines.

Windows 10 Toast Notification Script Update: Second action button and built-in prevention from disabling toast notifications

November 17, 2020November 16, 2020 by Martin Bengtsson

Introduction

A new version of the Windows 10 Toast Notification Script is here. The script is now being on version 2.1.0.

This version brings the option to add a second action button to the toast notification (displayed in the illustration below), as well as a built-in functionality to prevent users from disabling toast notifications in Windows 10 altogether.

A second action button is useful in many scenarios. One being with a Windows 10 upgrade, where you, besides the actual upgrade, also have some additional information for the user. In this example, Install Now will launch the actual upgrade, while Learn More will open a specific web page in the browser.

Prevention from disabling toast notifications is stolen with pride from Trevor Jones, and is incorporated into my script. More details down below. 🙂

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v20H2 using ConfigMgr and PowerShell

November 10, 2020November 10, 2020 by Martin Bengtsson

Introduction

This is becoming quite the tradition, and based on the count of views of my previous posts, a popular one indeed. 🙂

I’m a man of traditions, so I’m sticking true to that, and therefore updated my PowerShell script which will enable you to install RSAT for Windows 10 v20H2 automatically and unattended.

The script received some minor changes, and is now also capable of temporarily disabling WSUS, and re-enabling it again post installation.

Over the years and since I created the first script, I have received a lot of comments saying, that if a device is configured to use WSUS, installation of Features on Demand may fail if certain configuration is not in place. So this is another attempt to have the most success with the use of my script.

Windows 10 Toast Notification Script Update: Run ConfigMgr Software Updates directly from the action button

August 24, 2020August 22, 2020 by Martin Bengtsson

Introduction

It’s here! The new and delicious version of my Windows 10 Toast Notification Script. The script is now being on version 2.0.0.

First off, a huge thank you to Chad Brower for his incredible contributions to this new version. Most of the new functionality here, is a direct incorporation of Chad’s work (yet I end up spending 20 hours+ on deciphering and rewriting code, testing functionality, writing blog and updating documentation. I learned a ton!). 🙂

This new version, obviously brings the option to run Software (Feature) Updates directly from the action button in the toast notification, but also removes the need to manually, and outside of the script, to create the custom protocols and scripts (those enabling you, to run anything custom from the toast notification action button).

Find all the nifty details down below.

Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button

July 23, 2020March 18, 2020 by Martin Bengtsson

Introduction

Another update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.6.

The feedback and questions related to the Windows 10 Toast Notification Script keeps coming and that’s amazing!

In my last post and update of the script, I added the option to natively and with help of a custom protocol in Windows, to run task sequences directly from the action button.

Since then, I was asked if the script is able to launch application directly from the action button as well, and sure thing. I just added that capability to the script and the details are explained below.

Find the original page for the Windows 10 Toast Notification Script here: https://www.imab.dk/windows-10-toast-notification-script