With the release of Microsoft ATA 1.7 today I was pretty excited. I got a hint that a feature request I made was implemented into the product. Prior to ATA 1.7 when configuring there was no good method of verifying mail and syslog alerting. To test and verify the alert configuration, I had to trigger […]
This is probably something that many already knows and there are probably other and better blogposts about this, but I thought that it is important to refresh old knowledge. In Skype it is possible to send links in an IM chat and that’s great. A problem with that is that it can be used for […]
Got a friend that received the following mail 8 or 9 times in his inbox and he wondered if I would take a look at it. How can I say no? The mail looked like this: It has been some time since I last reversed something so I taught it would be fun just to […]
I thought I would write this blogpost to describe what I think is best practices in terms of installation of Microsoft Advanced Threat Analytics. The product is meant to reveal advanced attacks in your infrastructure. It is therefore important to understand that you should assume breach when installing this product. This could be a little […]
Sometimes you want to work uninterrupted on a server and you definitely do not want to start notepad elevated in order to edit your stuff. There are of course many ways to do this, but I find myself using the following routine. Start an elevated CMD – Right click CMD and run as administrator. Run […]
Since there has been a lot of writing in Norwegian media about Norwegian Government pages that still uses old protocols and ciphers, I decided to post a PowerShell script I use when I setup Windows Servers in order to disable the old protocols and ciphers. NRK has written in detail how they conducted their research here […]
Microsoft has announced (https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/) that there is a new group policy setting in macro security that blocks macros from files that arrives from Internet. If there is one setting you should implement in your organization, it is this one. This setting will make attacks through attachments in emails much harder. Microsoft’s Office 365 Advanced Threat […]
I just created a video about AppLocker and how it can make companies more secure. The video is in Norwegian (Sorry to our english readers). My goal with the video is to get companies to focus more on client security. Two days ago we could read about a hospital in Hollywood that was taken offline […]
If there is one session about security I really think you should watch, it is definitely Rob Joyce’s talk at USENIX. Rob Joyce leads the NSAs Tailed Access Operations. They are often referred to as Nation-State hackers. His session is about tips on how to prevent or make it more difficult for Nation-State Hackers to get […]
This blogpost is based on an evil thought I have had. After all, I have been a pentester for several years, so «evil» ideas are a part of my mindset. Let’s say I want to plant a backdoor on future machines, where would I put my backdoor? Inside the WIM that is used to deploy […]