Windows 10 Hardening
In May 2018 the Australian Cyber Security Center published an updated list of recommended configuration settings for hardening Windows 10 version 1709. This 50 page guide provides easily readable recommendations along with explanations of why the settings should be changed.
NetbiosSMB Missing Binding
While investigating the demise of NetBIOS and how to fully remove it from a network I came across and interesting observation.
The Case of the Four Folders
A client recently called in with an interesting problem. When users would create a new folder on a network share, four folders would appear instead of one. Even more interesting is that this was only happening for those users when connecting to the share from a Windows 10 workstation. The same user accessing the share from Windows 7 would only create a single folder.
Introduction to Microsoft Policy Analyzer
Policy Analyzer is one of the tools included as part of the Microsoft Security Compliance Toolkit, which Microsoft describes as “a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.”
Domain Permission Auditing with BloodHound
“BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.” In short, it analyzes group membership, GPOs, permissions, and currently logged-on sessions to visually displays links between objects in order to identify misconfigurations and easy paths to compromise. This tool is not for analyzing the permissions on a single server, but rather for identifying the path of least resistance to gaining elevated Domain permissions.
Installing Prometheus Docker Image on Debian 9
In preparation for an upcoming post, I recently dove into my notes on installing the Prometheus monitoring server. My last time setting up Prometheus was on an Ubuntu server and the repository version was at least the same major revision version as the current release. This time I’m installing on Debian 9 and currently the latest Prometheus version is 2.3.2 while the Debian repository is offering 1.5.2. That’s unacceptable. While the sid repository does contain 2.3.2, I decided to take the opportunity to deploy in a cleaner (and less permanent) manner through Docker. Prometheus is well supported in Docker environments and it gave me an opportunity to brush up on my container deploying skills.
Opennic-query
Opennic-query is a simple python program I wrote to bring together the list of DNS servers maintained by OpenNIC and the Namebench DNS testing utility.
Introduction to Azure File Sync
Azure File Sync became generally available to the public this month and I decided to implement it in my lab to gauge its strengths and weaknesses. The proposition of fully replicated, managed, and secured file synchronization across all branch offices of an organization makes for one of the strongest stand-alone use cases for the Cloud after Backup & DR, as long as it solves more problems than it introduces.
Home Assistant Presentation
A presentation I created for a local Meetup as an introduction to Home Assistant, the open-source home automation platform.