This might come as a shocker to you (irony), but cyber-criminals use e-mail to attack your users. I feel that client security is something that is often overlooked and IT-pros tend to focus on securing the servers rather than focusing on what is possible to do from the clients within the company network. If you […]
I often hear from people about the security setting in PowerShell that prevents unsigned code from running. You know what I am talking about. I am talking about the ExecutionPolicy. I believe this feature is often misunderstood by us IT-Pros. This setting has a few options (taken from PowerShell help): — Restricted: Does not load […]
In this post, I will focus on maintaining access on a Windows machine after getting a shell. In my environment the user is a local administrator on the client machine. The clue of creating a successful backdoor is to create something that is not to suspicious and that blends into everything else. In my lab […]
You have probably heard of Silver Ticket attacks and you are probably thinking that this problem was patched ages ago. Well, think again. In this post, I will demonstrate the dangers of SPN and how they can be misused in what is called a Silver Ticket attack. In the first part of my blogpost, I […]
If you try to run the command «wusa.exe c:\temp\file.cab /extract:c:\temp2\» you will in Windows 10 get this error: The reason Microsoft has removed this option is because of a security issue with the extract option. The reason I found out that this was removed was because I was trying to bypass UAC on Windows 10. […]
Hi everybody, sorry that it has been a long time since my last post. In this post I will try to go over one privilege escalation technique that I know of that I think is really cool. Privilege escalation is when you are able to gain more privileges on a system than you are supposed […]
Remember KB931125? The patch that broke tons of Configuration Manager management points? Yeah, that one. I just found out that as of October 17th Microsoft has released a “quick fix” for this problem so that you don´t have to manually delete the certificates yourself. Basically the fix will delete all the third party root certificate […]
I was working with a customer that had implemented Active Directory segmented by firewalls. We had implemented PKI earlier, but that was before the AD segmentation, and on time there was no requirements for Certificate enrollment services. But after the AD segmentation, we would like to implement auto-enrollment for computers one “the other side of […]
Attending Mark Russinovich great sessions at TechEd Europe is always a good reminder of the powerful Sysinternals Tools from Windows Sysinternals (http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx) So when a customer called me telling me all the programs crashing on startup, I thought it would be a nice opportunity to troubleshoot with Sysinternals Tools. This was a old PC (with […]
When using custom scripts for Detection Methods you have the possibility to use a Powershell script. However, if your environment has security in focus, then setting the ExecutionPolicy for Powershell scripts to anything other than AllSigned is not an option. This means you have to sign your scripts before running them. Christian has written an […]