Security : Systems forensics and free tools

Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment: Repair tools: http://trinityhome.org/Home Windows privilege escalation: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Blog hacker playbook mindmap (poster): https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ SANS DFIR hunting evil Windows map (poster): Windows systems: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.3_12-18.pdf Linux privilege escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Blogs and web sites: 51 Tools for Security AnalystsContinue reading “Security : Systems forensics and free tools”

How to with Regular expressions

Hi, if you are using regular expressions, I recommend you the following tools and sites: Regex tools to learn, build, test regular expressions: https://regexper.com/ https://regex101.com/ https://regexr.com http://regex.lumadis.be/test_regex.php?lang=fr Tutorials about regexp: http://en.wikipedia.org/wiki/Regular_expression http://www.regular-expressions.info/quickstart.html http://www.expreg.com/   Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matchesContinue reading “How to with Regular expressions”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: https://www.cert.ssi.gouv.fr/uploads/guide-ad.html https://github.com/PaulSec/awesome-windows-domain-hardening Pingcastle: to audit an AD domain https://www.pingcastle.com/ AD explorer (sysinternals): https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer Microsoft audit Policy settings and recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations Sysinternals sysmon: to audit and control changes https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On ADsecurity.org: Beyond domain admins: https://adsecurity.org/?p=3700 Gathering AD data with PowerShell: https://adsecurity.org/?p=3719 Hardening Windows computers, secure Baseline check list: https://adsecurity.org/?p=3299Continue reading “AD – Securing Domain Controllers / hardening Windows domain and computers”

Microsoft Graph / Graph API

Introduction: The Microsoft Graph APIs exposes RESTful services. This makes it very flexible because REST is compatible with almost any modern platform programming languages. The exchange format is essentially in JSON and it can be encapsulated into the HTTPS transport security. The central point of Microsoft Graph is the concept of User, the authentication andContinue reading “Microsoft Graph / Graph API”

Azure Automation

Introduction: https://docs.microsoft.com/en-us/azure/automation/automation-intro How to: Getting Around the Basics of Azure Automation for Office 365 https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-create-account https://docs.microsoft.com/en-us/azure/automation/manage-runas-account https://docs.microsoft.com/en-us/azure/automation/automation-windows-hrw-install#automated-deployment https://docs.microsoft.com/en-us/azure/automation/troubleshoot/runbooks Automation runbook gallery: https://docs.microsoft.com/en-us/azure/automation/automation-runbook-gallery Redirect Azure automation output to a file ( or blob container in Azure terminology) ? https://docs.microsoft.com/en-us/azure/automation/automation-runbook-output-and-messages https://social.msdn.microsoft.com/Forums/en-US/8ac6068f-5bb6-49e2-b63c-8852ef6b6bb1/azure-runbook-output-to-blob-container Process automation for Intune and AzureAD: Process automation for Intune and Azure AD with Azure Automation

How to update group membership without logoff / logon /restart

This might be very useful for certain situations where you want to update a user’s or computer’s group membership without the need to re-logon / restart. The whole magic is behind the issued kerberos tickets after you logged on to a machine or a machine has been started. The tool “klist.exe” cannot only be usedContinue reading “How to update group membership without logoff / logon /restart”

Azure Cloud shell

Overview: https://docs.microsoft.com/en-us/azure/cloud-shell/overview URL: https://shell.azure.com On first launch Cloud Shell prompts to create a resource group, storage account, and Azure Files share on your behalf. This is a one-time step and will be automatically attached for all sessions. A single file share can be mapped and will be used by both Bash and PowerShell in CloudContinue reading “Azure Cloud shell”

Microsoft Message Analyzer resources

Basic network capture methods: https://blogs.technet.microsoft.com/askpfeplat/2016/12/27/basic-network-capture-methods/ Network Monitor 3.4 (Netmon) – https://www.microsoft.com/en-us/download/details.aspx?id=4865 (NOTE: Network Monitor is no longer under active development) Wireshark (v 2.2.2 as of 11/16/16) – https://wireshark.org/#download Netsh Trace – built-in to operating system Microsoft Message Analyzer (MMA) (v 1.4 as of 6/13/16) – https://www.microsoft.com/en-us/download/details.aspx?id=44226 Message analyzer operating guide: http://technet.microsoft.com/en-us/library/jj649776.aspx How to message analyzerContinue reading “Microsoft Message Analyzer resources”

Windows – Windows Admin Center

Windows Admin Center: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/understand/windows-admin-center Installation: You can install Windows Admin Center on the following Windows operating systems: Version Installation mode Windows 10, version 1709 or newer Desktop mode Windows Server Semi-Annual Channel Gateway mode Windows Server 2016 Gateway mode Windows Server 2019 Gateway mode Desktop mode: Launch from the Start Menu and connect to theContinue reading “Windows – Windows Admin Center”