• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact

Blue Team Starter Kit - PDQ Deploy for patch management

December 22, 2015

Patch management is one of the hardest initiatives to solve for an organization. Setting up a Microsoft Windows Server Update Services can help with Windows updates. Third-party software patching is a bit trickier. Secunia and other options are available for those with the financial resources. For everyone else I recommend PDQ Deploy.

What is PDQ Deploy

PDQ Deploy is an Admin Arsenal offering. It’s free to download and use. The free version is limited, but can give you an idea of what to expect with the program. The enterprise version costs $500 and well worth it.

The program helps to solve patch management, but it can also function as a general software deployment solution. In my previous post, I talked about EMET. PDQ Deploy is the tool I used to easily deploy EMET to my environment. Packages come pre-configured. No parameters or variables need to be set. Just download, select your target computers, and fire. If the need arises, packages are modifiable, however.

Why patch management is important

Patch management helps keep systems from getting exploited. PDQ Deploy provides a simple way of downloading third-party updates and pushing them. Yet another Adobe Flash update? PDQ Deploy it. I have so much confidence in the tool that I would deploy Adobe Flash updates during the day. Maybe not something you want to do with everything (and not something I would recommend doing the first time), but Flash deployed without issue.

PDQ Inventory ($500 enterprise version) another Admin Arsenal offering, will help with automating the process. FULL DISCLOSURE: I did not get an opportunity to try out PDQ Inventory. We ended up integrating PDQ Deploy with a different inventory software (another plus). Below is a video that walks through how to use PDQ Deploy and Inventory to setup automated patching for Adobe Flash. These guys have a great YouTube channel, by the way, that walks through several different features and functions of the PDQ products.

PDQ Deploy by itself is a software pusher. It does not check for version on the current machine. It won’t care if the software is on the machine or even needs the update. The problem with that is that it increases the attack surface on the machine. PDQ Inventory combined with PDQ Deploy will work to determine version or if it’s installed on the machine, in the first place. As mentioned earlier, PDQ Deploy has the potential to work with other inventory software. Which is beneficial if there is something already in place. If not, check out PDQ Inventory. If it's as half as good as PDQ Deploy, it's a win for you.

How to use PDQ Deploy

Open PDQ Deploy (or go to Admin Arsenal's YouTube channel).

The left pane is for navigation. The Package Library is where software packages are downloaded. Packages is where all the downloaded packages can be viewed.

To download a new package, search for the software package by Categories or Vendors. I typically searched Vendors, because I knew what I wanted (Adobe Flash gets updated a lot). For this example we’ll use Adobe to grab the Flash package. Go to Package Library -> Vendors -> Adobe. Highlight Flash and then click the Import Selected button in the top right corner. The package will download and appear under Packages. Highlight the package and then click the Deploy button and Deploy Once in the top right corner. This is also where packages can be edited or scheduled to run if necessary.

Click the Choose Targets button and select how to deploy the package. Packages can be deployed via:

  • Active Directory

  • PDQ Inventory

  • Spiceworks

  • Target List

  • Text File

For my test group I usually put all my IP Addresses in a text file and then pushed using the text file option. Use what is best for your specific environment. The selected machines will appear in the target window. The program will run a communications check on all the machines. Once that finishes click the Deploy Now button.

The window will close and the deployment begins. Progress can be viewed in the package view. Click on the deployment to show the progress of the deployment, and that’s pretty much it.

One final note. Credentials will probably need to be setup. To set this up, click on FILE in the top left and then click Preferences. Click Credentials in the left pane and then the Add Credentials button.

Conclusion

Patch management is a big challenge for organizations. Thankfully, PDQ Deploy can meet that challenge and may even exceed it. The program is intuitive, easy-to-use, and fits nicely in a small budget. On it's own PDQ Deploy is a powerful tool that helps get patch management under control. Combined with PDQ Inventory patch management will be a piece of cake.

This post wraps up my Blue Team Starter Kit series. Feedback is welcome. Any correct or clarification requests can be sent to timothy.deblock[at]gmail[dot]com. The introductory post can be found here.

This post first appeared on Exploring Information Security.

In Technology Tags infosec, patch management, PDQ Deploy, software deployment
Comment

Blue Team Starter Kit - Introduction

November 5, 2015

I recently gave this talk at BSides Augusta and DerbyCon this past September. BSides Augusta is a longer version where I demonstrate each tool. DerbyCon is a shorter version where I talk about each tool. After presenting at IT-ology Trends 2015, I decided to document the talk here on my site as a reference for people interested in the content.

My talk Blue Team Starter Kit presents several security challenges with low cost solutions. It is for security professionals with limited resources including time, money, and people.

LIMITED RESOURCES IS ONLY AN EXCUSE

Limited resources can be it’s own challenge.

“If only we could buy this appliance, all our problems would be solve.”

Except that when that appliance come in, it takes time to configure and train. Oh, and that function that the salesmen says would solve all our problems, ya, that doesn’t work. Some appliances work great. Other times not so great. Unfortunately, when the not so great happens we lose money and time. Look in house before even beginning to research solutions that can solve problems.

Often, I’ve found that appliances are not configured correctly or fully implemented. A little tender, love, and care (TLC) can get appliances running more efficiently and potentially help solve certain challenges. After looking in-house, if the problem still isn't solved, fire up the browser and start researching solutions.

Here are some of the challenges I've had to deal with in the past and the low cost solutions that helped meet those challenges.

CHALLENGE #1 - Research

Google is a fantastic tool for doing research. It is the first stop to begin solving difficult challenges. Understanding Google’s search techniques is a vital in becoming a proficient IT professional. COST: Behavioural data

CHALLENGE #2 - Threat Intelligence

So, how do I keep up with information security and it’s every changing ways? How do I keep my thumb on the pulse of the industry? Might I suggest social media and more precisely Twitter. The platform is a wonderful tool for the latest news and tools in information security. It also acts as a forum to interact with people to ask questions and make connections. Sure there is drama, but that can be tuned out (like any appliance). Don’t overlook this as a tool for your security team. I have found a lot of benefit using this in my day-to-day job. COST: Behavioural data

CHALLENGE #3 - Application Security

Management approached me with the challenge of doing security assessments on all new applications. With the help of Google, I found a non-profit organization called the Open Web Application Security Project (OWASP). OWASP is an open source community. Within the community is a vast amount of resources to help with application security.  This is where I discovered a wonderful tool called the Zed Attack Proxy (ZAP). Setup as a proxy ZAP can be a powerful tool to help security professionals and developers find vulnerabilities in applications. COST: Free

An alternative to this tool is Burp Suite which has a community version and a paid version. COST: $300 year (Professional version)

CHALLENGE #4 - Forensics

As part of my job I respond to alerts from the state's Security Operations Center (SOC). Initially, we were just re-imaging the machines. At some point we decided we wanted to get a better understanding of how machines were being infected. I can't remember exactly where I found Redline from Mandiant (now FireEye), but it's helped with meeting this challenge. The tool (largely memory based) collects browsing history, registry and file changes and much more. It then puts it all in one location for automatic and manual analysis. COST:Free

An alternative to this tool is Volatility. COST: Free

CHALLENGES #5 - Endpoint Security

Microsoft’s Enhanced Mitigation Experienced Toolkit (EMET) adds an extra layer of protection to machines with Adobe Flash, Java, and Microsoft products involved. Sure, all the Windows XP machines should be off the network, but damn those legacy applications. Worried about that latest Internet Explorer vulnerability? Articles reporting on new vulnerabilities often times have the sentence "EMET mitigates this vulnerability." Like this one.  COST: Free

CHALLENGE #6 - Patch Management

This is a big one and one that might be the most difficult of all the challenges. I tried a couple internal applications (it's amazing how many solutions have a deploy software function), with frustrating results. That is until the sysadmin I worked with suggested Admin Arsenal’s PDQ Deploy. It is a software deployment application that just works. Combined with PDQ Inventory it has the potential to help patch third-party software. COST: $500 (Enterprise version)

CONCLUSION

The challenges and tools above I plan to dive deeper into over the coming weeks. Working with limited resources can be tough and frustrating, but there are solutions. Look internally at existing solutions, first. Then look at external options. There are plenty of expensive appliances out there that will solve the problem. When those are determined to be outside of the budget, start looking at some of the inexpensive options. Often there are simpler and cheaper solutions to challenges. It might take a little more research, but they have the potential to do just as good of a job.

Feedback and suggestions are welcome in the comment section or by email: timothy.deblock[at]gmail[dot]com.

This post first appeared on Exploring Information Security.

In Technology Tags infosec, Blue Team, Google, Twitter, OWASP, Zed Attack Proxy, Microsoft, EMET, Redline, Patch management, PDQ Deploy
Comment

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace