Security News!

Security News: 2020/06/09: new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks: 2020/03/12: Windows hosts vulnerable to pre-auth remote code execution in SMBContinue reading “Security News!”

Security : Systems forensics and free tools

Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment: Repair tools: Windows privilege escalation: Blog hacker playbook mindmap (poster): SANS DFIR hunting evil Windows map (poster): Windows systems: Linux privilege escalation: Blogs and web sites: 51 Tools for Security AnalystsContinue reading “Security : Systems forensics and free tools”

Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

How to deploy latest Windows GPO ?

The Central Store. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools by default. The Group Policy tools use all .admx files that are inContinue reading “How to deploy latest Windows GPO ?”

Azure networking resources

Azure networking techniques and resources (FR and US): IP addresses in Azure: youtube video: Outbound connections in Azure: Network security groups: Express Route in a nutshell: You can link up to 10 virtual networks to a standard ExpressRoute circuit. All virtual networks must be in the same geopoliticalContinue reading “Azure networking resources”

How to with Regular expressions

Hi, if you are using regular expressions, I recommend you the following tools and sites: Regex tools to learn, build, test regular expressions: Tutorials about regexp:   Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matchesContinue reading “How to with Regular expressions”

Security baseline for Windows Operating system

Security baseline reference article: Download the latest version: Introduction: Download the content. As usual, the content includes GPO backups, GPO reports, scripts to apply settings to local GPO, Policy Analyzer rules files for each baseline and for the full set, and spreadsheets documenting all available GPOs and our recommended settings, settings that are new toContinue reading “Security baseline for Windows Operating system”

PowerShell – DNS – Create conditional forwarder zone

Best practices for DNS forwarding: To export conditional forwarder zones: Conditional forwarders are in the same registry key as the zones. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones Export the key then you can import it to the other server. To export global forwarders settings: Global forwarders are setup in the following key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters Forwarders key ExportContinue reading “PowerShell – DNS – Create conditional forwarder zone”

AD LDS resources

Main entry point: AD DS vs AD LDS – Active Directory solutions compared step1 – backup AD LDS: step2 – restore AD LDS: On MS Technet:   AD LDS Replication Step-by-Step Guide Step 1: Practice Managing Replica AD LDS Instances Step 2: Practice Managing Site Objects Step 3: Practice Managing Site Link ObjectsContinue reading “AD LDS resources”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: Pingcastle: to audit an AD domain AD explorer (sysinternals): Microsoft audit Policy settings and recommendations: Sysinternals sysmon: to audit and control changes!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On Beyond domain admins: Gathering AD data with PowerShell: Hardening Windows computers, secure Baseline check list: reading “AD – Securing Domain Controllers / hardening Windows domain and computers”