Security News!

Security News: 2020/06/09: new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-008/ 2020/03/12: Windows hosts vulnerable to pre-auth remote code execution in SMBContinue reading “Security News!”

Audit windows files

Windows file system auditing is an important mean to keep your security high, Article: https://www.varonis.com/blog/windows-file-system-auditing/  PowerShell script: https://gallery.technet.microsoft.com/scriptcenter/How-to-audit-changed-39afba72 Extract: First, you need to enable File system auditing using GPO setting: In the Group Policy editor, click through to Computer Configuration -> Policies -> Windows Settings -> Local Policies. Click on Audit Policy. You can add many auditing options toContinue reading “Audit windows files”

Security : Systems forensics and free tools

Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment: Repair tools: http://trinityhome.org/Home Windows privilege escalation: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Blog hacker playbook mindmap (poster): https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ SANS DFIR hunting evil Windows map (poster): Windows systems: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.3_12-18.pdf Linux privilege escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Blogs and web sites: 51 Tools for Security AnalystsContinue reading “Security : Systems forensics and free tools”

Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

How to deploy latest Windows GPO ?

The Central Store. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools by default. The Group Policy tools use all .admx files that are inContinue reading “How to deploy latest Windows GPO ?”

How to with Regular expressions

Hi, if you are using regular expressions, I recommend you the following tools and sites: Regex tools to learn, build, test regular expressions: https://regexper.com/ https://regex101.com/ https://regexr.com http://regex.lumadis.be/test_regex.php?lang=fr Tutorials about regexp: http://en.wikipedia.org/wiki/Regular_expression http://www.regular-expressions.info/quickstart.html http://www.expreg.com/   Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matchesContinue reading “How to with Regular expressions”

Security baseline for Windows Operating system

Security baseline reference article: Download the latest version: https://www.microsoft.com/en-us/download/details.aspx?id=55319 Introduction: Download the content. As usual, the content includes GPO backups, GPO reports, scripts to apply settings to local GPO, Policy Analyzer rules files for each baseline and for the full set, and spreadsheets documenting all available GPOs and our recommended settings, settings that are new toContinue reading “Security baseline for Windows Operating system”

Hacking and Securing Active Directory

Hacking techniques for AD: “state of the art” (but scary!) with possible mitigation (when possible) + a few new methods… https://adsecurity.org/wp-content/uploads/2015/08/DEFCON23-2015-Metcalf-RedvsBlue-ADAttackAndDefense-Final.pdf https://github.com/infosecn1nja/AD-Attack-Defense https://specterops.io/resources/research-and-development https://github.com/wavestone-cdt/AD-security-workshop https://www.labofapenetrationtester.com/ https://github.com/fireeye/commando-vm For GPO Audit : https://github.com/l0ss/Grouper2 Spraykatz: https://www.slideshare.net/sylvaincortes/spraykatz-installation-basic-usage https://github.com/aas-n/spraykatz ReverseTCP shell: https://www.youtube.com/watch?v=T9qb4DIAXTg&feature=youtu.be https://github.com/ZHacker13/ReverseTCPShell Securing AD: AD Explorer: https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer https://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory http://video.ch9.ms/sessions/teched/na/2014/DCIM-B213.pptx https://www.pingcastle.com/ AD Authentication silos and more: https://www.sstic.org/user/abordes MS white-paper best practicesContinue reading “Hacking and Securing Active Directory”

Authentication Silos and policies

Reference: To use Authenticated silos, you need a 2012 R2 Domain functional level on the forest. Their are part of the configuration partition (so, at the forest level), replicated on all domain controllers https://www.sstic.org/2017/presentation/administration_en_silo/ https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos.md https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos#BKMK_HowKerbUsed   Videos: