With the release of Microsoft ATA 1.7 today I was pretty excited. I got a hint that a feature request I made was implemented into the product. Prior to ATA 1.7 when configuring there was no good method of verifying mail and syslog alerting. To test and verify the alert configuration, I had to trigger […]
Posts in category Security
Microsoft Advanced Threat Analytics – My best practices
I thought I would write this blogpost to describe what I think is best practices in terms of installation of Microsoft Advanced Threat Analytics. The product is meant to reveal advanced attacks in your infrastructure. It is therefore important to understand that you should assume breach when installing this product. This could be a little […]
Start Explorer elevated in one command
Sometimes you want to work uninterrupted on a server and you definitely do not want to start notepad elevated in order to edit your stuff. There are of course many ways to do this, but I find myself using the following routine. Start an elevated CMD – Right click CMD and run as administrator. Run […]
Legacy Protocols and Ciphers – Let’s disable them!
Since there has been a lot of writing in Norwegian media about Norwegian Government pages that still uses old protocols and ciphers, I decided to post a PowerShell script I use when I setup Windows Servers in order to disable the old protocols and ciphers. NRK has written in detail how they conducted their research here […]
New macro security setting in Office 2016
Microsoft has announced (https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/) that there is a new group policy setting in macro security that blocks macros from files that arrives from Internet. If there is one setting you should implement in your organization, it is this one. This setting will make attacks through attachments in emails much harder. Microsoft’s Office 365 Advanced Threat […]
AppLocker video (Norwegian)
I just created a video about AppLocker and how it can make companies more secure. The video is in Norwegian (Sorry to our english readers). My goal with the video is to get companies to focus more on client security. Two days ago we could read about a hospital in Hollywood that was taken offline […]
Our session compared with NSA’s Nation-State hackers session
If there is one session about security I really think you should watch, it is definitely Rob Joyce’s talk at USENIX. Rob Joyce leads the NSAs Tailed Access Operations. They are often referred to as Nation-State hackers. His session is about tips on how to prevent or make it more difficult for Nation-State Hackers to get […]