For a week or two now, rvrsh3ll (@424f424f) has been working on creating a powershell client for Egress-Assess that would allow Windows users to simply load the script in memory and use it to test egress filters. As of yesterday evening, his script has been merged into Egress-Assess, and is now available in the Github repository.
@424f424f went one further and wanted to send some screenshots to demo any potential detections when sending data outside of his network. But first, let’s demo the powershell script.
Loading up the powershell script is easy, and doesn’t require any file to be placed on disk. To do this, the Windows machine will need to have internet access. Start powershell on the Windows machine you want to run Egress-Assess from, and use the following command to load it into memory:
IEX (New-Object Net.Webclient).DownloadString(‘https://raw.githubusercontent.com/ChrisTruncer/Egress-Assess/master/Invoke-EgressAssess.ps1‘)
Now the powershell script is in memory and ready for use! Usage is near identical with the python client. To send data over http to another system running Egress-Assess you can use the following command:
Invoke-EgressAssess -client https -datatype cc -Verbose -ip 192.168.63.149
Server side, we can see that the data is received.
@424f424f has a Snorby instance in use and ran Egress-Assess through it. The following were some of the alerts that were generated (you want to hope that similar results are generated for your clients!).
If anyone has any questions on the usage, be sure to hit me up. Otherwise, a big thanks again to Rvrsh3ll (@424f424f) for sending this awesome addition.