All posts by Frank Contreras

Creating and Using PowerShell Functions with Input Parameters

PowerShell is a powerful scripting language that enables IT professionals to automate complex systems and manage configurations efficiently. One of the core features of PowerShell is the ability to define functions with input parameters, which enhances script modularity and reusability. This blog post will walk you through how to create a PowerShell function with input parameters, discuss parameter data types, and demonstrate how to call your custom functions.

Defining a Function with Parameters

A function in PowerShell encapsulates a block of code with a specific task. To define a function, you use the function keyword followed by the function’s name and a code block. Input parameters are defined within a param block inside the function. Here’s a basic example:

function Get-Multiplication {
    param (
        [int]$Number1,
        [int]$Number2
    )
    $Product = $Number1 * $Number2
    return $Product
}

Understanding Parameter Data Types

In the Get-Multiplication function, the parameters $Number1 and $Number2 are typed as [int], which means they accept integers. PowerShell supports various data types for parameters to ensure input data is validated. Common data types include:

  • [string]: Textual data
  • [bool]: Boolean (True/False) values
  • [double]: Floating-point numbers
  • [datetime]: Date and time values

Specifying data types is not mandatory but is a good practice to avoid data type errors in your scripts.

Calling Functions with Parameters

After defining your function, you can invoke it by passing values to its parameters. Here’s how to call the Get-Multiplication function with two numbers:

$result = Get-Multiplication -Number1 10 -Number2 20
Write-Output $result

This script will output 200, the product of 10 and 20.

Using Advanced Parameter Attributes

PowerShell also allows for advanced parameter behaviors using attributes, which can define a parameter as mandatory, accept input from the pipeline, or validate input ranges. For example:

function Get-Addition {
    param (
        [Parameter(Mandatory=$true)]
        [int]$Number1,

        [Parameter(Mandatory=$true)]
        [int]$Number2
    )
    return $Number1 + $Number2
}

Setting Default Values for Parameters

You can also set default values for parameters to be used when no value is provided:

function Get-FullName {
    param (
        [string]$FirstName,
        [string]$LastName = 'Doe'
    )
    return "$FirstName $LastName"
}

If Get-FullName is called with only the first name, it will use ‘Doe’ as the last name by default.

BeyondTrust Password Safe SQL query to get Managed Account access for a Managed System

Navigating through BeyondTrust Password Safe to gauge the security exposure of Managed Systems can often feel a bit cumbersome. Typically, users must click through multiple pages to access information related to Managed Accounts, SmartRules, Groups, and Application Users. This process not only takes time but can sometimes make it difficult to get a clear, comprehensive view of the security landscape.

Fortunately, there is a more efficient method available to get a quick snapshot of Application Users, which can serve as a starting point for deeper analysis. By executing a specific SQL query, users can generate a concise report that brings all the crucial data into one view. This approach significantly cuts down the time spent navigating through various interfaces.

Moreover, the query can be easily modified to enhance its utility. By adjusting the WHERE clause, users can expand the report to include details about specific types of access, such as RDP (Remote Desktop Protocol) and SSH (Secure Shell). This customization allows for targeted insights into how these access types are managed within the system, providing a clearer picture of potential vulnerabilities or misconfigurations.

To make the most out of this streamlined reporting technique, it’s essential to familiarize oneself with the basic structure of the SQL query and understand how minor tweaks can tailor the output to meet various security assessment needs. This proactive approach not only saves time but also enhances the overall efficiency of security management within BeyondTrust Password Safe environments.

SELECT
a.SystemName
, a.AccountName
, c.Title AS SmartRule
, e.Name AS [Group]
, f.UserName
, f.FirstName
, f.LastName
FROM pmm.vw_MA_System AS a INNER JOIN
SmartRuleManagedAccountCache AS b ON a.ManagedAccountID = b.ManagedAccountId INNER JOIN
SmartRule AS c ON b.SmartRuleId = c.SmartRuleId INNER JOIN
UserGroup_SmartRule AS d ON c.SmartRuleId = d.SmartRuleId INNER JOIN
UserGroup AS e ON d.GroupID = e.GroupID INNER JOIN
AppUser_UserGroup ON e.GroupID = AppUser_UserGroup.GroupID INNER JOIN
AppUser AS f ON AppUser_UserGroup.UserID = f.UserID
WHERE
---- Put scope of servers here
(a.SystemName LIKE 'MyManagedSystemName')
---- Filter out unwanted SmartRules
AND
c.SmartRuleId NOT IN (2001,2002)
---- Only Groups with connections to SmartRules and the built-in Administrators group
AND
(d.Permission = 1 or e.GroupID = 1) AND c.IsActive = 1
ORDER BY e.Name, c.Title, f.UserName

How to Encode and Decode Strings with Base64 in PowerShell

When dealing with data that needs to be safely transmitted or stored, encoding the information into a format that is safe for such transmissions is essential. PowerShell provides a straightforward method to encode and decode strings using Base64. Here’s a step-by-step guide on how to use Base64 encoding in PowerShell:

The Encode Function

The Encode function converts a string into a Base64 encoded string. Here’s how it’s defined:

function Encode {
    param([string]$Text)
    $Encoded = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($Text))
    return $Encoded
}

Explanation:

  • Input Parameter: The function accepts a string input $Text.
  • Encoding Process: It converts the input text into a byte array using Unicode encoding and then transforms these bytes into a Base64 string.

The Decode Function

Similarly, the Decode function reverses the process, converting a Base64 encoded string back into readable text:

function Decode {
    param([string]$Encoded)
    $Decoded = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Encoded))
    return $Decoded
}

Explanation:

  • Input Parameter: This function takes a Base64 encoded string $Encoded.
  • Decoding Process: It converts the Base64 string back into a byte array and then transforms these bytes back into the original string using Unicode decoding.

Using the Functions

To see these functions in action, let’s encode and decode a sample string:

  1. Original String:
$NotEncoded = "This is some text I'd like to encode."
$NotEncoded
  1. Encoding the String:
$EncodedText = Encode -Text $NotEncoded
$EncodedText
  1. Decoding the String:
$Decoded = Decode -Encoded $EncodedText
$Decoded

Output

After running the script, you will observe the following:

  • The original string is displayed.
  • The string is encoded into a Base64 format.
  • The encoded string is then decoded back to its original form.

By using these PowerShell functions, you can easily handle the encoding and decoding of strings in your scripts, ensuring that data can be transmitted safely and securely over environments that might not handle binary data correctly.


Integrating Python with Trading Platforms and Developing REST APIs with Flask

Let’s enhance the clarity and coherence of the content you provided. The text will be organized into a structured blog post format, combining the information from the links about integrating Python with MetaTrader 5, installing Flask on Windows, and setting up a Flask REST API, along with the command to install Flask-RESTful.


Title: Integrating Python with Trading Platforms and Developing REST APIs with Flask

Introduction
In this blog post, we explore how to leverage Python for financial trading by integrating it with MetaTrader 5. Additionally, we cover the basics of setting up a Flask application and creating a REST API on a Windows platform. This guide is designed for both novice and intermediate Python developers interested in financial trading applications and web services development.

1. Integrating Python with MetaTrader 5
MetaTrader 5 (MT5) is a popular trading platform used by traders for analyzing financial markets and using automated trading strategies. Python, with its extensive libraries and simplicity, complements MT5 by allowing for more customizable and sophisticated trading algorithms.

  • Installation: To begin, install the MetaTrader 5 Python package using the following command:
  pip install MetaTrader5
  • Connection Setup: After installation, import the package and establish a connection to your MT5 account:
  import MetaTrader5 as mt5
  if not mt5.initialize():
      print("initialize() failed")
      mt5.shutdown()
  • Data Retrieval: You can retrieve price data and execute trades directly from Python:
  rates = mt5.copy_rates_from_pos("EURUSD", mt5.TIMEFRAME_H1, 0, 10)

2. Setting Up Flask on Windows
Flask is a lightweight WSGI web application framework in Python, ideal for building web apps and microservices. Here’s how to install and run a basic Flask application on Windows:

  • Installation: Open your command prompt as an administrator and install Flask using pip:
  pip install flask
  • Hello World Application: Create a new Python file and add the following code to start your Flask application:
  from flask import Flask
  app = Flask(__name__)

  @app.route('/')
  def hello_world():
      return 'Hello, World!'

  if __name__ == '__main__':
      app.run(debug=True)

3. Creating a Flask REST API
REST APIs are crucial for enabling applications to communicate with each other. Flask simplifies the development of RESTful services.

  • Install Flask-RESTful: First, ensure Flask-RESTful is installed:
  sudo pip3 install flask-restful
  • API Setup: Integrate Flask-RESTful into your Flask application:
  from flask import Flask
  from flask_restful import Resource, Api

  app = Flask(__name__)
  api = Api(app)

  class HelloWorld(Resource):
      def get(self):
          return {'hello': 'world'}

  api.add_resource(HelloWorld, '/')

  if __name__ == '__main__':
      app.run(debug=True)

Further Reading and Resources
For more detailed documentation, visit the official Python, MetaTrader 5, and Flask documentation pages. Engage with community forums on Stack Overflow and other platforms to learn from experienced developers and discuss any challenges you encounter.

https://www.mql5.com/en/docs/integration/python_metatrader5

https://stackoverflow.com/questions/17917254/how-to-install-flask-on-windows

https://pythonbasics.org/flask-rest-api/

sudo pip3 install flask-restful

Enhancing Legacy VBScript Methods with Modern Alternatives: Right$ and Left$

In the realm of programming, evolution is constant, and embracing modern methodologies can significantly enhance code efficiency and readability. In this blog post, we explore simple replacements for traditional VBScript methods, offering improved alternatives that leverage the power of modern programming paradigms.

Left$: A Modern Twist

In VBScript, the Left$ function extracts a specified number of characters from the left side of a string. However, with the advent of more sophisticated programming languages like C#, we can achieve the same result using the Substring method.

' VBScript
Dim string
string = "Frank!"
Left$, left most 2 characters: Left(string, 2)

Now, let’s introduce a more elegant and efficient alternative using C# syntax:

// C#
string str = "Frank!";
string leftSubstring = str.Substring(0, 2);

By employing the Substring method in C#, we achieve the same outcome with concise syntax, enhancing code readability and maintainability.

Right$: A Modern Approach

Similarly, the Right$ function in VBScript retrieves a specified number of characters from the right side of a string. Embracing modern programming principles, we can replace this functionality using C# array indexing.

' VBScript
Dim string
string = "Frank!"
Right$, right most 1 character: Mid(string, Len(string) - 1, 1)

Let’s transition to a more efficient and intuitive approach utilizing C#:

// C#
string str = "Frank!";
char rightChar = str[str.Length - 1];

By leveraging array indexing in C#, we elegantly obtain the last character of the string, simplifying code structure and enhancing performance.

MQL5: Using Keyword ‘this’

In MQL5, the keyword ‘this’ refers to the current instance of an object within a class. It allows you to access members and methods of the current object. When you’re working with object-oriented programming in MQL5, you often need to differentiate between the current instance and other instances of the same class. Here’s a brief overview of how ‘this’ is used:

  1. Accessing Object Members: You can use ‘this’ to access member variables and methods within the current object. For example:
class MyClass {
    int myVariable;

    void SetVariable(int value) {
        this.myVariable = value;
    }

    int GetVariable() {
        return this.myVariable;
    }
}

In the above example, ‘this.myVariable’ refers to the member variable ‘myVariable’ of the current instance of MyClass.

  1. Passing Object References: ‘this’ can also be used to pass a reference to the current object as a parameter to methods or functions. This is useful when you need to pass the current object to another function or method. For example:
class MyClass {
    void SomeMethod() {
        AnotherMethod(this);
    }

    void AnotherMethod(MyClass& obj) {
        // Do something with obj
    }
}

Here, ‘this’ is passed as a reference to the AnotherMethod function, allowing it to operate on the current object.

  1. Constructor Initialization: In constructors, ‘this’ is used to differentiate between parameters with the same name as member variables. For example:
class MyClass {
    int myVariable;

    MyClass(int myVariable) {
        this.myVariable = myVariable;
    }
}

In this case, ‘this.myVariable’ refers to the member variable ‘myVariable’, while ‘myVariable’ refers to the parameter passed to the constructor.

Overall, ‘this’ is a crucial keyword in MQL5 for working with object-oriented programming, allowing you to interact with the current instance of a class effectively.

How to Implement Microsoft Graph for PowerShell

Implementing Microsoft Graph in PowerShell allows you to automate tasks and access a wide range of data across Microsoft 365 services. Here’s a streamlined guide to get you started:

1. Install the Microsoft Graph PowerShell SDK

First, open your PowerShell console with administrative privileges. Install the Microsoft Graph PowerShell SDK by running:

Install-Module -Name Microsoft.Graph -Scope CurrentUser

2. Authenticate and Connect

To use the Microsoft Graph module, you’ll need to authenticate with Azure Active Directory (AAD). Run the following command and follow the prompts to sign in:

Connect-MgGraph -Scopes "User.Read.All"

The -Scopes parameter specifies the permissions you’re requesting. Adjust it based on the data you need to access.

3. Explore and Use Cmdlets

Once connected, you can start exploring available cmdlets and use them to interact with Microsoft Graph. For example, to get a list of users in your organization:

Get-MgUser

To find a specific cmdlet or explore the cmdlets available for a specific service:

Get-Command -Module Microsoft.Graph.*

4. Disconnect

After you’re done, remember to disconnect your PowerShell session from Microsoft Graph to ensure security:

Disconnect-MgGraph

5. Scripting and Automation

You can script repetitive tasks. For instance, a script to report on user sign-ins might involve fetching data with Get-MgSignIns, processing it, and outputting a report.

Tips for Effective Use:

  • Explore Graph Explorer: Before scripting, use the Microsoft Graph Explorer to test queries and understand the JSON responses.
  • Manage Permissions Carefully: Start with minimum necessary permissions and expand as needed. Use admin consent for permissions that require it.
  • Use Paged Results for Large Queries: Some cmdlets return paged results. Use the -All parameter or handle paging in your scripts to manage this.

Is Zero Trust Architecture (ZTA) just another buzzword to sell products?

I had a discussion with some colleagues are just a bit jaded by the bombardment of sales efforts that appears to be a repackage of existing products and presented as the new panacea to compromised identities. Some comments were, “…it’s the same as trust but verify, just rebranded…” and “… same as RBAC and ‘deny all’ and lease privilege, etc.”

Unfortunately, it seems like all presenters speaking to the merits of ZTA are often sponsored by vendors looking to promote a product that fits into it. To be honest, I wanted to just jump on that band wagon having been jaded by all the sales hype, but then I remembered some presenters explaining why ZTA was coined and in response to the evolution of threats. I had to lay aside confirmation bias and challenge my thinking. What is the difference between ZTA and RBAC and “Deny All” policy?

Zero Trust Architecture (ZTA) and Role-Based Access Control (RBAC) combined with a “Deny All” policy share some similarities, but they are not the same thing. Here’s a breakdown of how they differ:

Zero Trust Architecture (ZTA)

  1. Core Principle: Assumes no trust by default, whether inside or outside the network. Trust must be continuously verified.
  2. Access Control: Access is granted based on strict identity verification, device health checks, and context (like user location, time of access, etc.).
  3. Continuous Monitoring: Constantly monitors and authenticates users and devices, dynamically adjusting access as needed.
  4. Layered Defense: Implements multiple security layers, such as encryption, multi-factor authentication, and micro-segmentation.
  5. Dynamic Policy Adjustment: Policies and access privileges are adjusted in real-time based on ongoing risk assessments.

Role-Based Access Control (RBAC)

  1. Core Principle: Access rights are assigned to roles rather than individuals, simplifying the management of user permissions.
  2. Static Roles and Permissions: Once roles are defined and assigned, they typically remain static until manually changed.
  3. Less Emphasis on Continuous Verification: Does not inherently include continuous verification of trust once access is granted.
  4. Simpler Implementation: Easier to implement and manage in smaller or less complex environments.
  5. Limited Context Awareness: Generally lacks the context-aware, dynamic adjustment capabilities found in Zero Trust models.

“Deny All” Policy

  1. Basic Rule: Initially blocks all access requests, requiring explicit permission to allow access.
  2. Initial Security Stance: Starts from a highly secure stance, but doesn’t specify how trust is established or verified.
  3. Lacks Dynamic Adjustment: This approach is static and doesn’t adapt to changing situations or contextual factors.
  4. Common in Firewalls and Network Security: Often used in network security to block unauthorized access unless specifically permitted.

Key Differences

  • Complexity and Dynamic Nature: ZTA is more complex and dynamic, continuously verifying trust, while RBAC is more static and straightforward.
  • Contextual Awareness: ZTA considers the context of access requests, whereas RBAC typically does not.
  • “Deny All” is a policy stance that can be part of both ZTA and RBAC but doesn’t define how trust is established or verified.

While there are overlaps, especially in the principle of least privilege and cautious access control, ZTA, RBAC, and “Deny All” policies have distinct characteristics and are used differently within an organization’s security framework.

In response to “trust but verify”, RBAC and default “Deny All” – It appears the key is “continuously.”

The industry is responding to the exponential growth in ransomware attacks. Threat actors living off the land take advantage of the gap that is not “continuously.”

The paradigm associated with RBAC, and “Deny All” concepts were intended to prevent identity compromise. Whereas ZTA starts with the assumption of compromise but intended to quickly detect and contain through continually validating.

ZTA through XDR strategies forces a threat actor, living off the land, to make noise before the ransomware attack comes to fruition.

Almost inversely, service accounts (non-human) have a highly regulated usage pattern.  Deviation from the path is the closest we have to MFA for these identities.

When the most common entry point for ransomware has been through the identity perimeter, it makes sense to adjust strategies to address the identity vulnerabilities.

ZTA is like creating a sea of glass around threat actors, so you hear them go crunch in the night. Conversely, use prescriptive detections to define “normal”. Use this to detect activity when a non-human identity deviates from the path or established patterns to identify indicators of compromise.

MQL5: Passing Parameters by Reference

In MQL5, passing parameters by reference means that you are passing the address of a variable rather than its value. This allows functions to modify the original variable’s value directly. This is done using the & symbol in the function definition. When a parameter is passed by reference, any changes made to that parameter in the function will affect the original variable.

Here’s an example to illustrate this:

  1. Function Definition
   void ModifyValue(int &x) {
       x = x * 2;  // Modify the original variable's value
   }

In this function, ModifyValue, the parameter x is passed by reference. Any changes made to x will directly affect the variable that was passed to the function.

  1. Usage
   void OnStart() {
     int a = 5;
     Print("Before ModifyValue: ", a);  // Output: 5
     ModifyValue(a);
     Print("After ModifyValue: ", a);   // Output: 10
   }

Here, a is passed to ModifyValue. The function modifies a‘s value by doubling it. Since a is passed by reference, the change is reflected in the original variable a outside the function.

MQL5: Object Pointers


https://www.mql5.com/en/docs/basis/types/object_pointers

The article on “Object Pointers” in the MQL5 documentation explains how object pointers are used in the MQL5 programming language, which is designed for developing trading strategies in the MetaTrader 5 trading platform. Here’s a detailed explanation:

  1. Dynamic Creation of Objects: MQL5 allows for the dynamic creation of objects of complex types. This is achieved using the new operator, which returns an 8-byte descriptor of the created object. In MQL5, these descriptors function similarly to pointers in C++.
  2. Object Descriptors: Unlike C++, the variables that store these descriptors (e.g., hobject in the example) are not actual memory pointers but object descriptors.
  3. Passing Objects in Functions: All objects in MQL5 must be passed by reference when used as function parameters. The documentation provides examples of different ways objects can be passed to functions, including:
  • Directly passing an object by reference.
  • Passing a pointer to an object by reference.
  • Passing an array of objects.
  • Passing an array of object pointers.
  1. Checking Pointers: Before using a pointer, it is essential to check its validity to avoid critical program shutdowns. An invalid pointer can occur if it is set to NULL or if the object it points to is destroyed using the delete operator. The CheckPointer function is used to validate pointers in MQL5. Additionally, the “!” operator (logical NOT) can be used for a quick check, implicitly calling CheckPointer.
  2. Examples and Use Cases: The article provides examples to illustrate these concepts, including creating objects with and without the new operator, passing objects and arrays to functions, and checking pointers for validity.

In summary, object pointers in MQL5 are descriptors that represent dynamically created objects. They are crucial for managing objects, especially when passing them to functions or checking their validity, and they differ from traditional pointers in languages like C++.