Category: System and Network Admins


More and more C# usage and tools collection (http://www.harmj0y.net/blog/redteaming/ghostpack/)

Some related links :

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb

http://www.harmj0y.net/blog/redteaming/ghostpack/

https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc

https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike/

https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/

https://zeltser.com/fileless-malware-beyond-buzzword/

https://docs.microsoft.com/en-us/dotnet/api/microsoft.csharp.csharpcodeprovider?view=netframework-4.7.2

 

 

Advertisements

https://dnsdumpster.com/

https://dnschecker.org

 

https://www.whois.net/

 

https://mxtoolbox.com/

 

https://whatismyipaddress.com/

 

http://ping-test.org/

 

https://www.portcheckers.com/

 

 

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

To test SSL/TLS and much more you can use the free online tool from Qualys:

https://www.ssllabs.com/ssltest/index.html

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

 

SSSD principle:

SSSD for SuSE (sles):

https://www.suse.com/support/kb/doc/?id=7022002

http://www.novell.com/support/kb/doc.php?id=7014572

RHEL:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html

Troubleshooting SSSD:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html

Resolution:   id  <userid> ; getent passwd <userid>

Authentication: ssh <userid>@localhost

 

In addition to redhat guide, there are tones of interesting links:

http://thornelabs.net/2014/01/30/authenticate-rhel-5-and-6-against-active-directory-on-windows-server-2008-r2-with-sssd-using-kerberos-and-ldap.html

http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568

https://cloudblogs.microsoft.com/windowsserver/2018/03/20/introducing-windows-server-2019-now-available-in-preview/?MC=WinServer&MC=MSAzure&MC=SysMagSof&MC=Windows&MC=Virtual

 

Windows Admin Center:

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

https://blogs.technet.microsoft.com/servermanagement/2018/04/12/windows-admin-center-formerly-project-honolulu-is-now-generally-available/

https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/

Installation:

You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

This was one of the main blockers of Firefox adoption in the enterprise : https://bugzilla.mozilla.org/show_bug.cgi?id=1433136