I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Sep 03 2014
Machine Account (AD Computer Object) Password Updates
There seems to be quite a bit of confusion when it comes to domain-joined computers and how/when they update their AD computer object (machine account) passwords. Here are a few key points on this process: The default domain policy setting configures domain-joined Windows 2000 (& up) computers to update their passwords every 30 days (default). …
Sep 02 2014
PowerShell: Using Active Directory .Net methods in PowerShell Part 2
Powershell has the incredible ability to run some .Net methods natively. Some of this data can also be gathered using AD commandlets. Read Part 1 for others. Here are a few of my favorites. Get a Computer’s Site: [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite() Get a User’s Domain: [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name Get a Computer’s Domain: [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name List Active Directory FSMOs: …
Sep 01 2014
PowerShell Parameters
One of the most useful features in Powershell is Parameters. Microsoft has some excellent documentation on Powershell Parameters Some of my favorites: Default Parameter [Switch]$Enabled = $True Mandatory Parameter [parameter(Mandatory=$true)] [String]$Name Validate Parameter Options in a set [ValidateSet(“TCP”, “UDP”)] [string]$NewPortType Validate Parameter Options in a range (case INsensitive) [ValidateRange(1,65535)] [string]$NewPortNumber Add Parameter Aliases [alias(“PortScope”,”Scope”)] [string] …
Aug 30 2014
PowerShell: Drop (remove) the last character from a string
Drop (remove) the last character from a string: $ComputerName = ‘DCCOMP01$’ $ComputerName = $ComputerName.Substring(0,$ComputerName.Length-1) $ComputerName Result is “DCCOMP01″. This works especially well when the last character is a special PowerShell reserved one like “$”.
Aug 27 2014
Installing Kali Linux on Windows 8 Hyper-V
Installing Kali Linux on Windows 8 Hyper-V (Windows 8.1 includes improvements to the Hyper-V platform) Installing Hyper-V: Requirement: Windows 8 Pro or Windows 8 Enterprise which include Client Hyper-V. Requirement: Your computer processor must support virtualization technology (VT), though most processors in the past 5 years support VT (pretty much all Intel i-series processors, i3, …
Aug 26 2014
Black Hat 2014 Talk on TSA System Insecurity: Pulling the Curtain on Airport Security
Billy Rios explains how security-focused agencies keep making the same mistakes – this time it’s the TSA. Some of the issues identified in the talk: Network cable connections easily accessible by the public Hardcoded passwords in body scanner systems (which run Windows 98/WinXP) Accounts are stored in a config file. Network services enabled.(with hardcoded passwords) …
Aug 25 2014
Microsoft Enhanced Mitigation Experience Toolkit (EMET) 5 Protection Methods
Microsoft Enhanced Mitigation Experience Toolkit (EMET) v5 security technology which I outlined in a previous post has several protection methods which will be detailed here. According to my sources at Microsoft 😉, EMET can be installed on workstations and servers (testing is always highly recommended before placing in production). Given the tremendous security improvements when …
Aug 20 2014
Microsoft EMET 5 Released
Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) is a free download from Microsoft that enhances Windows security by preventing common malware and exploitation software methods. It does need to be well-tested before deployment, but there are several legacy Windows methods leveraged by malware to get into a system and take control. Installing EMET provides very strong protection …
Aug 15 2014
Removing an Orphan (inactive) Active Directory Domain
Removing an Orphan (inactive) Active Directory Domain One of my customers has a forest with several domains, one of which hasn’t been used in a while (call it domain “RedShirt”). The 2 Domain Controllers in the domain, “RedShirt” both tombstoned. Yes, I know, how does that happen? ALWAYS monitor your environment. Since the domain hasn’t …
Aug 13 2014
Apple iOS Security Whitepaper
In February of this year, 2014, Apple released an updated whitepaper describing Apple iOS Security. Overall, the operating system and its components are very securely designed. The Table of Contents: Introduction System Security Secure Boot Chain System Software Authorization Secure Enclave Touch ID Encryption and Data Protection Hardware Security Features File Data Protection Passcodes Data …
Recent Comments