Category: System and Network Admins


More and more C# usage and tools collection (http://www.harmj0y.net/blog/redteaming/ghostpack/)

Some related links :

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb

http://www.harmj0y.net/blog/redteaming/ghostpack/

https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc

https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike/

https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/

https://zeltser.com/fileless-malware-beyond-buzzword/

https://docs.microsoft.com/en-us/dotnet/api/microsoft.csharp.csharpcodeprovider?view=netframework-4.7.2

 

 

Advertisements

https://dnsdumpster.com/

https://dnschecker.org

 

https://www.whois.net/

 

https://mxtoolbox.com/

 

https://whatismyipaddress.com/

 

http://ping-test.org/

 

https://www.portcheckers.com/

 

 

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

To test SSL/TLS and much more you can use the free online tool from Qualys: https://www.ssllabs.com/ssltest/index.html

Third-party Tool: https://www.nartac.com/Products/IISCrypto/Download

 

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

 

SSSD principle:

SSSD for SuSE (sles):

https://www.suse.com/support/kb/doc/?id=7022002

http://www.novell.com/support/kb/doc.php?id=7014572

RHEL:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html

Troubleshooting SSSD:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html

Resolution:   id  <userid> ; getent passwd <userid>

Authentication: ssh <userid>@localhost

 

In addition to redhat guide, there are tones of interesting links:

http://thornelabs.net/2014/01/30/authenticate-rhel-5-and-6-against-active-directory-on-windows-server-2008-r2-with-sssd-using-kerberos-and-ldap.html

http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568

Learn more about Windows Server 2019

With the release of a new version of Windows Server, it’s time to learn about what’s new and try it out. At Ignite, we had tons of sessions and those are available for you on demand. If you want to go deeper on the details, you can find the updated documentation in the Windows Server technical content library.

If you are upgrading from an older version, you can check the new Upgrade Center, where you can find useful information on the upgrade process, as well as pre and post activities.

For those of you already looking ahead, join the Insiders program. We will continue to ship new builds of Windows Server that will first land on the next Semi-Annual Channel and later in the next Long-Term Servicing Channel.

We can’t wait to see what you’ll do with Windows Server 2019! Download it today!

 

 

Windows Admin Center:

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

https://blogs.technet.microsoft.com/servermanagement/2018/04/12/windows-admin-center-formerly-project-honolulu-is-now-generally-available/

https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/

Installation:

You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

This was one of the main blockers of Firefox adoption in the enterprise : https://bugzilla.mozilla.org/show_bug.cgi?id=1433136