Microsoft Roadmaps (office 365, Azure, Windows)

Microsoft Office 365 roadmap: For significant updates, Office customers are initially notified by the O365 roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap As an update gets closer to rolling out, it is communicated through your Office 365 Message center. Microsoft Azure roadmap: https://azure.microsoft.com/en-us/updates/ Microsoft cloud platform: https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security

Microsoft – Reminders of Good Information Sources

Microsoft Security Response Center: Protection, detection, and response. Malware Protection Center: The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft’s range of security products and services. With laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new malicious andContinue reading “Microsoft – Reminders of Good Information Sources”

Understanding and Troubleshooting MS RPC

Overview: A very brief summary of how the protocol works: There is an “endpoint mapper” that runs on TCP port 135. You can bind to that port on a remote computer anonymously and enumerate all the various RPC services available on that computer.  The services may be using named pipes or TCP/IP.  Named pipes willContinue reading “Understanding and Troubleshooting MS RPC”

Detecting hackers (or intrusions) using Windows event log monitoring

The NSA released a PDF entitled “Spotting the Adversary with Windows Event Log Monitoring” earlier this year. The good news is it’s probably one of the most detailed documents I’ve seen in a long time. Everything from setting up Event Subscriptions, to a hardened use of Windows Remote Management, including the use of authentication andContinue reading “Detecting hackers (or intrusions) using Windows event log monitoring”

AD/Win: Null Session Attacks and How to Avoid Them

A well-known vulnerability within Windows can map an anonymous connection (or null session) to a hidden share called IPC$ (which stands for interprocess communication). This hack method can be used to Gather Windows host configuration information, such as user IDs and share names. Edit parts of the remote computer’s registry. Although Windows Server 2008, WindowsContinue reading “AD/Win: Null Session Attacks and How to Avoid Them”

FIM and MIM resources

Web resources: Identity Manager Hybrid Reporting in Azure: https://technet.microsoft.com/en-us/library/mt134414.aspx Out-of-the-box FIM 2010 R2 Reports: https://technet.microsoft.com/en-us/library/jj133843(v=ws.10).aspx FIM/MIM connectors (free): https://msdn.microsoft.com/en-us/library/jj863241(v=ws.10).aspx Connectors: http://social.technet.microsoft.com/wiki/contents/articles/1589.fim-2010-management-agents-from-partners.aspx Powershell connector: https://msdn.microsoft.com/en-us/library/dn640417(v=ws.10).aspx          

Converting .cer to .pem etc…

How to create and deploy a client certificate for MAC: http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/how-to-create-and-deploy-a-client-cert-for-mac-independently-from-configmgr.aspx Transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html using openssl to convert a certificate format to another format: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them Exporting a private key: https://technet.microsoft.com/en-us/library/cc754329.aspx