Development Partners Needed

English Forums > Development and Code Review

(1/1)

mcc85:
https://github.com/secure-digits-plus-llc/Hybrid-DesiredStateController

https://www.youtube.com/watch?v=zVsviPCg4Vk

I'm rebuilding the Microsoft Deployment Toolkit in addition to other various Microsoft technologies and software, in order to provide a rapid and dynamically expandable and deployable software/firmware [network of any size] architecture that would include the distribution of OPNSense, Linux, OSX, Windows Server/10, Android, iOS, etc.

Basically, a concat of Intune and SCCM, but doesn't suck or is slow or costs a fortune.

I have too much on my plate at the moment, but I have done a bit of research into getting OPNsense working natively with Powershell so that it can be remotely controlled or configured using a Powershell template.

I have a root variable generator that I would like to use in order to 1) modify an existing OPNSense configuration file (xml), and 2) interact with the router out of the box/after a fresh installation. I already know how to do these things, as well as generate SSC's to deploy to a domain. The certificates you'll see in the video were generated with your firmware, and it will inject those certificates as needed to every customer or client I service.

There are many other avenues I would like to explore, but so far, everything in my network uses freely distributable tools and firmware that is based on a mixture of FreeBSD, Windows, and Linux in some form or another.

Simply put, there are expensive alternatives out there that do these things, and I'm... looking to develop a way to rub my nose at all of them. That doesn't mean I'm looking to violate or reverse engineer the firmware provided by companies that charge money for licensing or usage, it just means that I have an axe to grind against Microsoft for making this contradiction of a project called 'Windows'... you're supposed to be able to see through Windows but Microsoft isn't very transparent after all. I could use any assistance whatsoever in order to provide an end result that you can see in either the script I've posted above, or in the video.

I've been constantly changing/amending/upgrading and replacing my script process, but ultimately, the goal is to establish a heightened sense of security that revolves around dynamically changeable root variables such as passwords, templates, applications, plugins, drivers, etc - and the total end result I am looking to achieve, is to establish a way to combat cybercriminal activities that have become so advanced, that even security software such as Norton, McAfee, Malwarebytes, Kaspersky... All of this software is missing threats. Some of the newest and most advanced scripts and programs hide in legitimate paths, or names, or even clone GUID's of running programs or drivers on a machine... Then they change firewall entries in order to remain in plain sight...

Sometimes these malicious codes remain on a system for a number of days, weeks, or months before a trigger condition is met and as such, the victims are then scammed out of their money or account information... which ultimately leads them into the business I run which services all end users.

https://www.securedigitsplus.com

I am looking to create dynamically executable instructions which would seek to mitigate even the most intelligently written scripts and methods which use any combination of the cyber-criminal countermeasures that I list on my site. I make no reservation about what I know. I could indeed perform black hat activities and cause anarchy? But I am a white hat with a firm understanding of the gray. When people come to me looking for help and the police can't help them, or the NSA can't even get back to them, or when identity theft or everything else continues to happen on a daily basis, I realized one thing.

No one is going to help these people, because few people understand HOW to help these people. As far as I'm concerned, if a customer of mine pays for security software and then gets hacked, then in my opinion, the security software that they paid for should 1) be reimbursed in entirety, and 2) that business should probably stop pretending to know how to do their jobs, and maybe go retire in the Bahamas or something dumb, IDFK.

I realize that's a strong statement, but you know what? I'm starting to see way too many people brush it off and not care about the fact that their grandmother got swindled out of 20,000 and nobody could stop it from happening a 2nd time even after she went to the proper authorities who were supposed to handle it. Basically what I'm suggesting here, is that people you're paying a lot of money to service you 1) suck at their jobs, and 2) aren't being held liable for it continuing to happen on a daily basis.

Does it fall onto the responsibility of the end user when they're of the age that they barely have the capability of even using the internet to begin with? Easy victims to black hats, I'm sure they don't care about who they hurt. I don't think that it's the end user's responsibility when all they do is play 'Pogo' or 'check out facebook posts' or 'check their email'. There will be a day where some of you who read this will be too old to understand how the internet works in the future, and it may happen to you. I aim to do better than everyone else cares to, because it's just not f'ing acceptable to me anymore.

I do. And I aim to put a stop to it from the ground up, and not one person has helped me sculpt this process, I've corresponded with Michael Neihaus from Microsoft and basically called him an idiot and/or shill for starting a project he obviously didn't know how to finish, and this script is a large part of that intention... to finish that project. While I don't intend to pay a dime for the necessary software to ensure that it is built to the standards I'm looking to provide, I do often have to make compromises where I either think about just doing things an easier and faster way, or, let a company or individual who thinks they're good at programming decide to give me advice. I could give you a list of people I've called out... it won't help. At this point, I am actively engaged in getting people's f'ing attention because frankly, no one cares about what I'm after until I insult their intelligence, capabilities, or revenue stream.

I started programming this script in November, it was a batch file script, it became clear to me that Powershell was the way to go, and since this past Christmas, I have learned everything in this script. I had little prior programming experience and that's not to say I couldn't learn more? It's just saying that I was relentless about it and put the entire world on hold to catch up to the most advanced programmers out there. Probably because when you sample enough testing methodology, you learn how to use tools that nobody else even thought of.

Sort of the same sentiment these black hats are after.

At some point, I will get the necessary business licenses to offload some of the responsibilities and modules, but so far, my research has told me that what I am to do is not only possible? It's inevitable.

Should anyone wish to participate either to beta test what I'm building or to help me sculpt the process even more? I'm more than happy to take on people that actually know what they're doing. I'm not an expert in your software. I'm not a millionaire and I have spent the last 3 months barely surviving and being basically flat broke studying and researching ways to make the video and scripts that I've posted above. Why? I don't know, probably because most people want to see results before they believe it's not a complete waste of time.

- Michael Cook

Navigation

[0] Message Index

Go to full version