Modern Workspace: PowerShell OAuth Error

Create PowerShell Session is failed using OAuth

When connecting to Exchange online (there was a reason I needed to do this) I had the following error:

I did some googling that luckily someone has already posted how to fix this:

https://www.vansurksum.com/2021/03/11/create-powershell-session-is-failed-using-oauth-when-using-the-exchange-online-v2-powershell-module/

It turns out WINRM’s ability to use BASIC client authentication is disabled as part of the standard Windows 10 hardening baseline deployed via Intune.

To fix these we need to re-enable BASIC client side WINRM authentication. Read more “Modern Workspace: PowerShell OAuth Error” →

CTF

How to enable NULL Bind on LDAP with Windows…

History of NULL bind

Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!

So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.

The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019” →

Defense

The anatomy of designing resilience, recoverability, and contingency into…

I want a simple way of restoring service in the event of a disaster

Foreward

I wrote this over 5 years ago and wanted to see if it stood the test of time – I also see too often that organisations don’t have the right capabilitites to recover so I figured this is a good post on the subject.

Defense

Endpoint Security – The Essentials

It’s called essentials it’s not called advanced!

Have you ever wondered what the absolute minimum you should do is to protect against cyber criminals? I’ll be honest I haven’t, that minimalistic approach to be seems kind of risky… BUT the world is not me and if you want to achive greatness you need a good foundation! So the essentials are good to know.

Defense

WordPress Security Considerations

WordPress is one of the most popular content management systems in the world today. I believe it is about 35% of the market share globally. That is a lot of sites.

I have been using WordPress for years myself; some people give it some stick for being vulnerable but that is usually them referring to third party plugins. I like it because you can build a site easily, without having to spend ages and you can deploy it and migrate etc. without having a huge headache. Read more “WordPress Security Considerations” →

Defense

Combating Cyber Crime: Should we really be charging to…

Sensational Press or Cyber War Mongering?

I do not know Mr Martin, but I would assume that his role at NCSC and GCHQ would have given him a good insight into the realities of cybercrime, cyber terrorism, nation state affairs and how to effectively defend against cyber criminals (and other threat actors) so please read this blog as it is intended, it’s an analysis on the quoted statements and reporting style and general view of mine about current cyber war rhetoric, not an analysis of the person. Why am I writing this? Well, I am seeing an increased level of FUD, snake oil and cyber war rhetoric and I wanted to share some of my thoughts, opinions, and ideas in this space. For it is far too easy to call for war and in cyberspace do we even know what that means? Read more “Combating Cyber Crime: Should we really be charging to cyber war?” →

Defense

Retrieving Passwords From Veeam Backup Servers

Firstly before we get into recovering passwords from the veeam servers we have to think why is this technique so important to know?

It’s not what you think, so if you are a red teamer/penetration tester then sure you are going to want to know this to support your goals. But the real value in knowing this is to drive home a specific message.

DO NOT (PRODUCTION) DOMAIN JOIN BACKUP SERVERS

Veeam expicitly suports not being on a domain for this very reason. Why Dan? Why is it so important to not (PRODUCTION) domain join them? Well my friends, if a threat actor gets into your network, gains high priviledge access to active directory and get’s onto you veeam server they will probably disrupt and destroy your backup just prior to ransoming everyhing they can. You do no want this!

Defense

Understanding Penetration Testing Scopes

“Can I have a penetration test please” is about in line with saying “Can I have a car please?”. Why am I writing a blog about this? Well, where do I start, so I have been working on the technology world basically all my career and over the last 20 odd years one area of digital security management that I think a lot of organisations and people struggle with is understanding just what a penetration test is, how it should be used, how long they can take and what is involved. Read more “Understanding Penetration Testing Scopes” →

Defense

Snake Oil Defence: Defending against lies and false claims

Defenders of the Realm

We often talk about not selling using fear, uncertainty, and doubt (FUD). It is quite a big thing in the cyber security industry where the entire purpose of existence is to help people and organisations manage risk to prevent, detect and respond to impact to confidentiality, integrity, and availability. A key foundational component is that we operate using science, trust, and integrity.

This does however become quite interesting when you look at some rather dubious sales and marketing techniques employed by a few.

What I have noticed are there are a range of patterns that are similar (it is like they all went on the same con artist course!) so I thought I would look at some of the indicators I see which bring up flags to me. Read more “Snake Oil Defence: Defending against lies and false claims” →

Defense

Change Management 101

Managing Change (and releases)

This is an area that I think some might be interested in. I have worked with orgs of all shapes and sizes and one central area I find people struggle with is change management. I am not talking about organisational change management (that is another) but I am talking about the change of information systems or security controls.

Now you might be familiar with ITILv3/2011 and the PROCESS of change management or you might be in the new practise world of ITIL4 where it is called change enablement, or you might have no idea what I am rabbiting on about. That is ok that is why we are here!

The purpose of change management is (according to ITIL) to help minimise the risk of change for IT services.