Restricting an AD user account to particular workstations–one gotcha
We locked down one of our generic user accounts to a particular workstation, for good security reasons. Windows OSHub has a good writeup on how and why you do it.…
We locked down one of our generic user accounts to a particular workstation, for good security reasons. Windows OSHub has a good writeup on how and why you do it.…
Though it WAS supported until very recently. Some digging later: Microsoft made it the default in mid-December. The fix? Don’t run your VS Code with Administrator privileges The workaround? Edit…
Forensics Windows Forensics Analysis — Tools And Resources | by Nasreddine Bencherchali | Medium Blue Team-System Live Analysis - Windows: User Account Forensics- NTUSER.DAT Rules, Tools, Structure, and Dirty Hives!…
Working though an Essential Eight Maturity assessment at the moment. “What is the Essential Eight?” you might be wondering The Essential Eight are designed to protect Microsoft Windows-based internet-connected networks.…
“Where are they actually stored though? In the Roaming Profile, or somewhere else?”, asked the Problem Team. The answer is “somewhere else”. “Windows NT 4.0 has the capability to cache…
I failed due to having too complex a password. Here is what I learnt on the way, though. CherryTree encrypted databases are a 7z encrypted archive So you need to…
Some Kerberos items I looked at lately Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning Detecting Kerberoasting Activity Hunting down DES in order to securely…
When you use TeamViewer to connect to a remote computer, with Windows Authentication, TeamViewer QS will restart on the remote computer with those credentials.Except it was throwing a Microsoft UAC…
Everything was going along fine, then it wasn’t.Access to my work network was suddenly blocked, and the last thing I expected was for my Internet Provider to “improve my security”…
Wow, it was over 11 years ago when I wrote Email file extensions I recommend blocking in email. We migrated off Lotus Notes years ago and I never revisited the…