Tag Archives: windows

Auditing Passwords with Active Directory Properties

0

Posted on August 28, 2015 by

Have you ever been looking through Active Directory and notice something strange in one of the fields?  Maybe the Organization or Description field has a weird string of letters, numbers, and characters.  You think, “Huh, that kind of looks like a password.”

Ding! Ding! Ding!

Yes, it happens.  Either through lack of understanding or just laziness, sometimes passwords get put into the plain text fields in AD.  This is dangerous because those fields are readable by everyone on the domain.

So how do you know if any of these fields are being used to store passwords?  I managed to cobble together a PowerShell script that can help. (more…)

Advanced Security Audit Settings Spreadsheet

0

Posted on February 19, 2014 by

I was recently reviewing the Advanced Security Audit settings available for Windows 2008 and above and decided to create a spreadsheet with all of the details. While Microsoft does have all of the details on their website, the details are spread across multiple pages.  Having it all in one document made it easier to research each setting, compare the defaults to existing settings, and make recommendations for changes.  The spreadsheet can be downloaded off of Google Drive below:

https://drive.google.com/file/d/0B7uH-SwTZjFQNTJVbHNnNFBhV3c/edit?usp=sharing

The spreadsheet contains two worksheets.  The first gives the default for each setting and the volume of logs generated with each setting.

The second worksheet lists every Event ID generated by each setting and the message associated with each Event ID.

Hopefully this will be useful to others.

Information Gathering Incident Response Script

0

Posted on October 24, 2012 by

So, you have a PC on your network that you think might be infected with some malware.  What do you do?  Well, you could always PSExec into the computer and run a series of commands.  But why not automate that process and store the results?

That was my motivation for writing this IR-Script.  It is like a first response tool for investigating a possibly infected PC.  You run the tool, gather a bunch of information, and store it for review.  The script gathers the following information from a PC: (more…)

EMET v3 is Awesome Sauce

0

Posted on September 19, 2012 by

If you read the computer security news feeds, you’ve probably heard about the recent Java 7 and IE 6-9 exploits.  The problem is that these exploits are discovered before there are any patches or reasonable workarounds for them.  Fortunately, there is something that can be done to provide some additional protection that doesn’t involve an anti-virus company.  Earlier this year, Microsoft released the Enhanced Mitigation Experience Toolkit (or EMET) version 3.  The goal of EMET is to make exploitation of Windows applications difficult or impossible using the common attack techniques we see today.  It’s not a silver bullet and won’t protect against every type of attack.  But it does add additional layers of protection to your system by enforcing DEP, ASLR, Heap Spray Protection and more. (more…)