Security News!

Security News: 2020/06/09: new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-008/ 2020/03/12: Windows hosts vulnerable to pre-auth remote code execution in SMBContinue reading “Security News!”

Security : Systems forensics and free tools

Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment: Repair tools: http://trinityhome.org/Home Windows privilege escalation: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Blog hacker playbook mindmap (poster): https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ SANS DFIR hunting evil Windows map (poster): Windows systems: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.3_12-18.pdf Linux privilege escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Blogs and web sites: 51 Tools for Security AnalystsContinue reading “Security : Systems forensics and free tools”

Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

How to deploy latest Windows GPO ?

The Central Store. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools by default. The Group Policy tools use all .admx files that are inContinue reading “How to deploy latest Windows GPO ?”

Azure networking resources

Azure networking techniques and resources (FR and US): https://azure.microsoft.com/en-us/blog/expressroute-global-reach-building-your-own-cloud-based-global-backbone/ https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/reference/networking-vdc https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview IP addresses in Azure: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm youtube video: https://www.youtube.com/watch?v=YW_bMJsbRMU Outbound connections in Azure: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections Network security groups: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Express Route in a nutshell: You can link up to 10 virtual networks to a standard ExpressRoute circuit. All virtual networks must be in the same geopoliticalContinue reading “Azure networking resources”

How to with Regular expressions

Hi, if you are using regular expressions, I recommend you the following tools and sites: Regex tools to learn, build, test regular expressions: https://regexper.com/ https://regex101.com/ https://regexr.com http://regex.lumadis.be/test_regex.php?lang=fr Tutorials about regexp: http://en.wikipedia.org/wiki/Regular_expression http://www.regular-expressions.info/quickstart.html http://www.expreg.com/   Examples: .at matches any three-character string ending with “at”, including “hat”, “cat”, and “bat”. [hc]at matches “hat” and “cat”. [^b]at matchesContinue reading “How to with Regular expressions”

Security baseline for Windows Operating system

Security baseline reference article: Download the latest version: https://www.microsoft.com/en-us/download/details.aspx?id=55319 Introduction: Download the content. As usual, the content includes GPO backups, GPO reports, scripts to apply settings to local GPO, Policy Analyzer rules files for each baseline and for the full set, and spreadsheets documenting all available GPOs and our recommended settings, settings that are new toContinue reading “Security baseline for Windows Operating system”

PowerShell – DNS – Create conditional forwarder zone

Best practices for DNS forwarding: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754941%28v%3dws.10%29 https://www.petri.com/best-practices-for-dns-forwarding To export conditional forwarder zones: Conditional forwarders are in the same registry key as the zones. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones Export the key then you can import it to the other server. To export global forwarders settings: Global forwarders are setup in the following key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters Forwarders key ExportContinue reading “PowerShell – DNS – Create conditional forwarder zone”

AD LDS resources

Main entry point: AD DS vs AD LDS – Active Directory solutions compared http://technet.microsoft.com/en-us/library/cc731868(v=ws.10).aspx step1 – backup AD LDS: http://technet.microsoft.com/en-us/library/cc730941(WS.10).aspx step2 – restore AD LDS: http://technet.microsoft.com/en-us/library/cc725903(WS.10).aspx On MS Technet:   AD LDS Replication Step-by-Step Guide Step 1: Practice Managing Replica AD LDS Instances Step 2: Practice Managing Site Objects Step 3: Practice Managing Site Link ObjectsContinue reading “AD LDS resources”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: https://www.cert.ssi.gouv.fr/uploads/guide-ad.html https://github.com/PaulSec/awesome-windows-domain-hardening Pingcastle: to audit an AD domain https://www.pingcastle.com/ AD explorer (sysinternals): https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer Microsoft audit Policy settings and recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations Sysinternals sysmon: to audit and control changes https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On ADsecurity.org: Beyond domain admins: https://adsecurity.org/?p=3700 Gathering AD data with PowerShell: https://adsecurity.org/?p=3719 Hardening Windows computers, secure Baseline check list: https://adsecurity.org/?p=3299Continue reading “AD – Securing Domain Controllers / hardening Windows domain and computers”