KRBTGT Account Password Reset – Security risk or operational risk?

Thursday, February 15, 2018

Hi KRBTGT known as Key Distribution Center Service Account object whose Responsible for the service core of Active Directory. Now days we expose to so many cyber-attacks which include query and manipulation on KRBTGT user.   Pretty popular attack is golden ticket. Once an attacker has gained access to the KRBTGT account password hash, The attacker can create Golden Tickets. It is important to understand that any existing Golden Tickets will no longer be validate for use after changing the KRBTGT password twice rapidly. What would cause a lack of use existing tickets and removes the attacker ability to create valid Golden Tickets with their KRBTGT.     KRBTGT Account...
no comments

Windows Security Center – Service Vulnerable on client

Wednesday, February 14, 2018

Hi Microsoft has taken some steps on cyber-attacks in recent years. One of them was knowing how to get detailed and complete information from the client to the cloud, with the ability to know what the unusual actions were taking on the client. Windows Defender Security Center become the solution that manages Windows Defender ATP Client.   The client deployment and management capabilities are among the highest I've come across in all the distribution issues and the ability to disrupt that deployment. Service signature by certificate is the means that Microsoft has chosen to implement in order to prevent the user from interrupting or stopping...
no comments

Differences – IIS 8.5 — IIS 7.5 – Permissions Field

Wednesday, November 30, 2016

Hey, in the last recent days i was handle with iis permissions issue, while trying to send http request from iis application (windows server 2012 r2 IIS 8.5)  - I get an exception 401 unauthorized. (SSL Client Certificate Authentication) when i try to simulate it with different OS (2008 R2 IIS 7.5) - I get 200 OK & everything goes as expected. after a little research we reached to obtain a local admin to the application pool user to check if the following scenario related to a permissions field . and guess what? it's works as we verified  - application pool user identity needs...
tags:
no comments

Copy all GPOs from one forest to another

Tuesday, September 20, 2016

Hey, The following presents a PS Script that Copy all GPOs from one forest to another, Backed up all GPOs in one domain using Backup-GPO Imported them to the other forest by using Import-GPO Load the following Modules before run PS Script: Import-Module ActiveDirectory            Import-Module GroupPolicy    $sPath = "X:\GPOFOLDER" $list = get-childitem $sPath | Select name foreach ($item in $list) {     $fXML = $sPath + "\" + $item.Name + "\gpreport.xml"     $XMLData = (get-content $fXML)     $GPOName = $XMLData.GPO.Name     import-gpo -BackupId $item.Name -TargetName $GPOName -path $sPath -CreateIfNeeded }        
tags:
no comments

Azure Security Center Overview

Monday, March 28, 2016

Hey With Azure Security Center, you get a central view of the security state of all of your Azure resources. At a glance, verify that the appropriate security controls are in place and configured correctly. Scott talks to Sara Fender who explains it all :       Azure Security Center Overview              
tags:
no comments

Azure AD App Proxy

Wednesday, January 20, 2016

Hey Most of us knows that Azure AD App Proxy allows  to extend access to our on-premises applications to users in the cloud without changing  applications and with no changes to our DMZ Environment.     Read More: a great post by Sean Ivey : http://blogs.technet.com/b/ad/archive/2016/01/19/azure-ad-mailbag-azure-ad-app-proxy.aspx    
tags:
one comment

Enhanced Mitigation Experience Toolkit – Customer Experience

Sunday, December 27, 2015

Hey   Many mitigation techniques implemented by EMET are preventative, e.g. they will not trigger an alert when they prevent an exploit. For example, with the heap spray mitigation, and exploit will just fail, and that could result in an application crash. But EMET will not display a message to tell you that it prevented an heap spray attack.     Use EMET Toolkit Today      
tags:
no comments

Azure Security Center now available

Thursday, December 3, 2015

Hey Yesterday ,Microsoft announce that the public preview of Azure Security Center is now available. The new service offers unmatched security monitoring and management for your cloud resources and is an essential part of Microsoft’s vision to deliver a holistic, agile security platform for today’s enterprise.       Read More: https://azure.microsoft.com/en-us/blog/azure-security-center-now-available/      
tags:
no comments

Active Directory Federation Services gains OpenID Certifications

Monday, October 12, 2015

Hey Microsoft report that ADFS for Windows Server 2016 has now been certified as conforming to the Basic OpenID Provider and Implicit OpenID Provider profiles of OpenID Connect – adding to its previous certification for the OpenID Provider Publishing Configuration Information profile.     Read More: http://blogs.technet.com/b/ad/archive/2015/10/08/active-directory-federation-server-gains-openid-certifications.aspx  
tags:
no comments