Microsoft – Reminders of Good Information Sources

Microsoft Security Response Center: Protection, detection, and response. Malware Protection Center: The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft’s range of security products and services. With laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new malicious andContinue reading “Microsoft – Reminders of Good Information Sources”

AD: Be protected against “Pass the Hash” attacks

Resources materials: AD Security: Preventing mimikatz attacks: https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5 https://adsecurity.org/?p=1684 https://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory Mimikatz and Active Directory Kerberos Attacks: https://adsecurity.org/?p=556 https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf http://www.gentilkiwi.com/mimikatz    /   http://blog.gentilkiwi.com/ Scripts: https://github.com/iadgov/Pass-the-Hash-Guidance https://github.com/iadgov/Event-Forwarding-Guidance Domain lockdown: https://github.com/curi0usJack/activedirectory Microsoft resources: http://www.microsoft.com/pth http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf http://blogs.technet.com/b/security/archive/2014/07/08/new-strategies-and-features-to-help-organizations-better-protect-against-pass-the-hash-attacks.aspx   Pass the Hash – isolation technique: Implementing Tier-zones model on Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material Mitigate Credential theft with Administrative Tier Model      Continue reading “AD: Be protected against “Pass the Hash” attacks”

Free Tools for System and Network or DB Administrators

Free tools for Windows sysadmin   – Find string if files on Windows: using findstr /s /i findstr /s /i /C:”provider=sqloledb” d:\dir\*.* Find and replace string in file (Find and Replace == fnr) : http://findandreplace.io/download other tool requiring also JAVE: FAR https://sourceforge.net/projects/findandreplace/ – Test SSL and TLS: https://www.qualys.com/sslchecker _Well-known online tools for network engineers: https://dnschecker.org https://www.whois.net/ https://mxtoolbox.com/ https://whatismyipaddress.com/ http://ping-test.org/ https://www.portcheckers.com/Continue reading “Free Tools for System and Network or DB Administrators”

How to access the disks mapped through RDP?

Windows XP/2003/2012 and greater support drive mapping back to the client workstation during a Terminal Services (Remote Desktop) session. This means you can copy files from the server to the client and vice versa. Each volume (removable, fixed or network) available on the client workstation is mapped (A for drive A:, C for drive C:,Continue reading “How to access the disks mapped through RDP?”

Converting .cer to .pem etc…

How to create and deploy a client certificate for MAC: http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/how-to-create-and-deploy-a-client-cert-for-mac-independently-from-configmgr.aspx Transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html using openssl to convert a certificate format to another format: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them Exporting a private key: https://technet.microsoft.com/en-us/library/cc754329.aspx    

Advanced XML filtering in the Windows Event Viewer

http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx http://blog.oneboredadmin.com/2013/05/filtering-windows-event-log-using-xpath.html        

GPO troubleshooting using Log files

GPO troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx https://technet.microsoft.com/en-us/magazine/ccba8171-2b4a-4437-ab45-bbdee8323ee2 In Windows 7 or Windows 2008 R2 or above, one good way of looking at all aspects of Group Policy is via the client’s event log. Open the event log (eventvwr.exe from the search/command box). Open Event Viewer (Local) Open Applications and Services Logs Open Microsoft Open Windows Open GroupPolicy andContinue reading “GPO troubleshooting using Log files”

How to backup and restore IIS 7

First Method Using GUI: Unfortunately, by default GUI mode is not enable, to enable it follow the instructions in the below article http://www.iis.net/downloads/community/2009/07/iis7-backup-restore-ui Second Method Using command line: To list IIS backups: %windir%\system32\inetsrv\appcmd.exe list backup To backup IIS: %windir%\system32\inetsrv\appcmd.exe add backup “Backup-date” Once the backup command is successful, the files can be verified in theContinue reading “How to backup and restore IIS 7”