I came across a scenario today when I was helping during a migration project. We wanted to map a drive based on a value in extensionattribute on the user. First, we thought that we would solve it with a script, but then it hit me like a lightning bolt that it is possible to use […]
Microsoft has announced (https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/) that there is a new group policy setting in macro security that blocks macros from files that arrives from Internet. If there is one setting you should implement in your organization, it is this one. This setting will make attacks through attachments in emails much harder. Microsoft’s Office 365 Advanced Threat […]
I volunteered for the Onedrive Next Gen Sync client Preview program. I am very impressed with the new client so far. One of my favorite features is that the 2 GB file size limit is removed even the documentation states that it is still 2GB: The new default size limit is 10736369664 Bytes – Approx […]
This might come as a shocker to you (irony), but cyber-criminals use e-mail to attack your users. I feel that client security is something that is often overlooked and IT-pros tend to focus on securing the servers rather than focusing on what is possible to do from the clients within the company network. If you […]
Maybe I am just slow, but I never picked this up before. There is actually a command in Windows that lets you copy stuff from your command directly into the clipboard. The command is named CLIP.exe. Lets say I want the ping result into clipboard I can use this command: You can also do […]
Background info The end customer had migrated from EX2007SP3 to EX2013 earlier this year. In January or so they uninstalled EX2007 environment based on http://technet.microsoft.com/en-us/library/bb123893(v=exchg.80).aspx. Everything worked flawlessly until they installed Exchange 2013 CU4 (SP1). The problem: After the CU4 update both Outlook, Lync and also Internet explorer was unable to authenticate with EWS and […]
Attending Mark Russinovich great sessions at TechEd Europe is always a good reminder of the powerful Sysinternals Tools from Windows Sysinternals (http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx) So when a customer called me telling me all the programs crashing on startup, I thought it would be a nice opportunity to troubleshoot with Sysinternals Tools. This was a old PC (with […]
When using custom scripts for Detection Methods you have the possibility to use a Powershell script. However, if your environment has security in focus, then setting the ExecutionPolicy for Powershell scripts to anything other than AllSigned is not an option. This means you have to sign your scripts before running them. Christian has written an […]
Yesterday Microsoft released a hotfix that’s a big collection of fixes for slow boot and slow login on Windows 7 and Windows Server 2008 R2. Check this article from one of the PFE’s: http://blogs.technet.com/b/askpfeplat/archive/2013/03/12/slow-boot-slow-login-sbsl-hotfix-rollup-for-windows-7-and-server-2008-r2-available-today.aspx Tested this on a computer that before the hotfix would use 20+ minutes, after applying the hotfix it now takes about […]
It has been a while since I wrote a good blog post. So the time has come for me to write a little about Windows security from a Penetration tester perspective. Hope you like it. There is probably a tons of guides and blog posts on how to hardening your Windows clients. In this post […]