Windows Internals

Hello All. I wanted to thank the organizer for having me at the 2025 Atlantic Security Conference in Halifax, NS this past week. I would also like to thank all the attendees who came to hear me speak.

For those who are looking for the slides, they can be downloaded from the link below:

https://www.petermorin.com/wp-content/uploads/2025/04/AtlSecCon-Top-AD-Attacks-2025.pdf

Please fee free to contact me if you have any questions. See you at the next con!

Read more

Hello All. I recently posted details on how to enumerate Windows NTFS permissions. I mentioned that the post did not refer to Windows share permission enumeration, but specifically NTFS. So I wanted to provide some information on enumerating Windows share permissions in this post.

I am assuming you are enumerating these share permissions on the source file server – enumerating shares remotely is not as simple given access rights to enumerate the shares. Assuming when you are enumerating on the source server, you are running scripts, etc. as an administrator.

This PowerShell script will enumerate the shares on the target server:

[cmdletbinding()]

param([Parameter(ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True)]$Computer = ‘.’)

$shares = gwmi -Class win32_share -ComputerName $computer | select -ExpandProperty Name

foreach ($share in $shares) {
$acl = $null
Write-Host $share -ForegroundColor Green
Write-Host $(‘-‘ * $share.Length) -ForegroundColor Green
$objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter “name=’$Share'” -ComputerName $computer
try {
$SD = $objShareSec.GetSecurityDescriptor().Descriptor
foreach($ace in $SD.DACL){
$UserName = $ace.Trustee.Name
If ($ace.Trustee.Domain -ne $Null) {$UserName = “$($ace.Trustee.Domain)\$UserName”}
If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }
[Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType)
} #end foreach ACE
} # end try
catch
{ Write-Host “Unable to obtain permissions for $share” }
$ACL
Write-Host $(‘=’ * 50)
} # end foreach $share

This will produce an output like this:

Read more