Clik here to view.
Windows forensic: Sysmon
Download sysmon: NEW: Sysmon 6.0 is available ! : https://technet.microsoft.com/en-us/sysinternals/sysmon and how to use it: Installation and usage: Mark russinovitch’s RSA conference:...
View ArticleClik here to view.
Recommendations concerning NTFS cluster size
Microsoft’s file systems organize storage devices based on cluster size. Also known as the allocation unit size, cluster size represents the smallest amount of disk space that can be allocated to hold...
View ArticleClik here to view.
LDAP referrals
Technet article: https://technet.microsoft.com/en-us/library/cc978014.aspx ” Explanation: When a requested object exists in the directory but is not present on the contacted domain controller, name...
View ArticleClik here to view.
Clik here to view.
AD – Srv Record for NTP?
https://www.myotherpcisacloud.com/post/SRV-Record-for-NTP-In-MY-Active-Directory
View ArticleClik here to view.
AD – DSRM password
What is DSRM? Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs...
View ArticleClik here to view.
Microsoft Azure and Office365 resources
Here are resources about Azure and Office365, let me summarize: Office365 : is an offer of MS services and hosted applications – Saas ; in clear you pay for a service (sharepoint,exchange,office…) and...
View ArticleClik here to view.
Windows – detecting lateral movement using event logs
To detect lateral movement on Windows infrastructure I recommend to collect the following events: It’s based on events (4648 + 4672 from member servers, 8004 from DCs) + network traffic (AS/TGS)....
View ArticleClik here to view.
Clik here to view.
ADFS – list of RP showing up in idpinitiatedsignon.aspx
Problem description, security issue? When i log on to my Adfs link below https://sts.mydomain.com/adfs/ls/idpinitiatedsignon.aspx It showing two of my replying parties asking me sign in. I have up to 8...
View ArticleClik here to view.
ADFS – Backup and Restore tool
Description Today AD FS is made highly available by setting up an AD FS farm. Some organizations would like a way to have a single server AD FS deployment, eliminating the need for multiple AD FS...
View ArticleClik here to view.
AD: How to rename a domain controller 2012 R2
As an Administrator, Renaming Domain Controller is not right way but in some cases it is required due to some previous wrong names. Current Host name of the Domain Controller Since the name...
View ArticleClik here to view.
AD – MS Advanced Threat Analytics (ATA)
News from pentesters: https://www.slideshare.net/ChrisThompson73/ms-just-gave-the-blue-team-tactical-nukes-and-how-red-teams-need-to-adapt-defcon-25...
View ArticleClik here to view.
AD – How to audit weak passwords ?
Behind this catchy title is a real need. As a system administrator, it may be worthwhile to audit all of your organization’s Active Directory accounts to assess the level of security for user accounts....
View ArticleClik here to view.
How to bind a MAC to a Windows Domain?
How to bind a MAC to a Windows domain: Third-party Tools: Nomad nomad.menu Centrify www.centrify.com Procedures and white papers:...
View ArticleClik here to view.
WAP – How to remove a WAP Server from WAP clusters
Reference article: https://blogs.technet.microsoft.com/applicationproxyblog/2014/08/20/web-application-proxy-powershell-cheat-sheet/...
View ArticleClik here to view.
How to configure Windows Event forwarding (WEF)?
Introduction: Event forwarding (also called SUBSCRIPTIONS) is a mean to send Windows event log entries from source computers to a collector. A same computer can be a collector or a source. There are...
View ArticleClik here to view.
ADFS Backup Restore tool
ADFS Rapid restore tool: – download it from Microsoft Connect. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-rapid-restore-tool With ADFS Rapid Restore Tool, backup...
View ArticleClik here to view.
ADFS settings WebSSOLifetime and Token Lifetime, NotBeforeSkew
This post will try to explain some relevant parameters from the ADFS side. I’m not saying the defaults aren’t good, that’s something you’ve got to decide for yourself. Introduction WS-Fed/SAML protocol...
View ArticleSecurity – Privileged Admins workstations
Microsoft technet guide: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations Those laptops must run the latest Windows 10 OS with all the...
View Article