I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
Aug 26 2014
Black Hat 2014 Talk on TSA System Insecurity: Pulling the Curtain on Airport Security
Billy Rios explains how security-focused agencies keep making the same mistakes – this time it’s the TSA. Some of the issues identified in the talk: Network cable connections easily accessible by the public Hardcoded passwords in body scanner systems (which run Windows 98/WinXP) Accounts are stored in a config file. Network services enabled.(with hardcoded passwords) …
Aug 25 2014
Microsoft Enhanced Mitigation Experience Toolkit (EMET) 5 Protection Methods
Microsoft Enhanced Mitigation Experience Toolkit (EMET) v5 security technology which I outlined in a previous post has several protection methods which will be detailed here. According to my sources at Microsoft đ, EMET can be installed on workstations and servers (testing is always highly recommended before placing in production). Given the tremendous security improvements when …
Aug 20 2014
Microsoft EMET 5 Released
Microsoft’s EMETÂ (Enhanced Mitigation Experience Toolkit) is a free download from Microsoft that enhances Windows security by preventing common malware and exploitation software methods. It does need to be well-tested before deployment, but there are several legacy Windows methods leveraged by malware to get into a system and take control. Installing EMET provides very strong protection …
Aug 15 2014
Removing an Orphan (inactive) Active Directory Domain
Removing an Orphan (inactive) Active Directory Domain One of my customers has a forest with several domains, one of which hasnât been used in a while (call it domain âRedShirtâ). The 2 Domain Controllers in the domain, âRedShirtâ both tombstoned. Yes, I know, how does that happen? ALWAYS monitor your environment. Since the domain hasnât …
Aug 13 2014
Apple iOS Security Whitepaper
In February of this year, 2014, Apple released an updated whitepaper describing Apple iOS Security. Overall, the operating system and its components are very securely designed. The Table of Contents: Introduction System Security Secure Boot Chain System Software Authorization Secure Enclave Touch ID Encryption and Data Protection Hardware Security Features File Data Protection Passcodes Data …
Aug 06 2014
PowerShell: One-liners to Get You Started
Some of the scenarios covered in the blog post: The server rebooted recently – who did it and when exactly? Is there an easy way to see if KB2862152 is installed? I need to backup all of the GPOs in the domain every day What are the IP settings on my system(s)? What are the …
Jul 30 2014
New 2012 SIDs cause lookup issues for older clients
The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs because when they (Windows 7 and 2008 R2) were written these particular SIDs didnât exist. References: http://blogs.technet.com/b/askpfeplat/archive/2014/06/30/troubleshooting-windows-server-2012-r2-domain-controller-new-sids-a-real-world-example.aspx http://support.microsoft.com/kb/2830145
Jul 27 2014
RODC Trick: Remove a Userâs Password from a RODC without forcing the user to change her password
TechNet (RODC FAQ) states: How can you clear a password that is cached on an RODC? There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a password that is stored on an RODC, an administrator should reset the password in the hub site. This way, …
Jul 24 2014
Authentication Problems in an Environment with Windows Server 2003 and Windows Server 2012 R2 Domain Controllers
Why this happens: The Kerberos client depends on a âsaltâ from the KDC in order to create the AES keys on the client side. These AES keys are used to hash the password that the user enters on the client, and protect it in transit over the wire so that it canât be intercepted and …
Jul 23 2014
PowerShell: Get all Active Directory Sites based on Domain
Get all Active Directory Sites based on Domain. $DomainSiteFilter = “DomainA” Write-Output “Get AD Site List `r” $ADSites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites [int]$ADSitesCount = $ADSites.Count Write-Output “There are $ADSitesCount AD Sites in the forest `r” $DomainADSites = $ADSites | where {$_.Domains -like “*$DomainSiteFilter*”} | sort-object name [int]$DomainADSitesCount = $DomainADSites.Count Write-Output “There are $DomainADSitesCount AD Sites matching …
Recent Comments