Tag: windows

Defense

Exchange Emergency Mitigation Service with new CU Update

This is a big thing in the Exchange world from my POV! I believe this is dropping sometime today (28th September!)

History

Exchange OWA, ECP etc. are exposed online not only for mailbox access, calendar sharing but also are a requirement for hybrid mode sync capabilities.

Vulnerabilities in Exchange this year (ProxyLogon/ProxyShell) have shown how problematic an attack surface this is. The good news is, Microsoft have created a feature for Exchange to help mitigate these attacks in the future via the EM Service!

Read more “Exchange Emergency Mitigation Service with new CU Update”
Guides

Rapid Active Directory Security Testing of Windows Server 2022…

Introduction

Ever needed to test active directory in a hurry? Well, here’s some common commands to test active directory domain services. In this post today we are going to focus on DNS and username enumeration, there are however a range of weaknesses you want to look for:

  • SMB Null Session/Guest Access
  • LDAP Null Bind
  • Sensitive Information Disclosure
  • Weak Password Policies
  • Unpatched Software Vulnerabilities

Active Recon

Port Scanning and Service Fingerprinting

nmap -p- -sC -sV -Pn -v -A -oA ecorp.local.txt 192.168.1.22

Text

Description automatically generated

Text

Description automatically generated

Domain Name and Domain Controller Enumeation

Read more “Rapid Active Directory Security Testing of Windows Server 2022 and Kali Linux”

Defense

Windows Security Fundamentals & LPE

Introduction

Recently I decided to do the Red Team Operator: Privilege Escalation in Windows Course by Sektor7 (thanks for the recommendation Justin!). I thought I’d write some notes but also create a quick blog covering some of the Windows fundamental areas. It’s easy to actually forget how this stuff is at a detailed level so figured it helps both myself and the world to share a snippet. I’m litterally listening to the course as I type this, I’ve just imported an OVA to vmware workstation so this is litterally live! (I’m 7 video modules in!)

There’s some key parts around Windows Security Architecture that is important to know, the course does cover this off at the start so I thought I’d share a tiny bit of my notes. Read more “Windows Security Fundamentals & LPE”

Defense

Ransomware Defence: Part 2a – Persistence, Privilege Escalation and…

Recap

In Part 1 (Initial Access Defence and Checklist) we looked at ways of hardening your attack surface to defend against initial access. When it comes to ransomware there is a range of elements and variables in the kill chain that need to be successful for the outcomes to be achieved by the criminals. Here we are going to move further into the kill chain to look at further defences. Remember you need to have an “Assume Breach” mindset if you are going to be able to defend against ransomware, that being said, there is a hell of a lot of things you can do for 0 to low investment costs that provide a great ROI. Now some of this is going to be repeated guidance from part 1, that’s ok repetition is good (make sure you are covered from multiple perspectives). Ok let us get to it! Read more “Ransomware Defence: Part 2a – Persistence, Privilege Escalation and Lateral Movement”

CTF

How to enable NULL Bind on LDAP with Windows…

History of NULL bind

Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!

So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.

The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019”

Defense

Field Notes – Just Patch

Windows update stuck at 0% download status

Often is we find an environment missing software updates it’s easy for someone without hands on experience to say, ‘just patch’. Outside of change requests, outside of authorisation, maintenance windows, roll back plans, communications etc. there is also the fact that ‘just patching’ isn’t that simple. Even for fairly standard patching tasks using Windows Updates you sometimes hit a snag. Today I’m looking at exactly that issue on a server, so I thought I’d post the steps to resolve an issue but also, I think this is a nice way to highlight the realities of patching.

We show a GUI and command line (PowerShell) method to achieve this result (the PowerShell isn’t fancy but I figured you could go away and upgrade that if you fancied some fun). Windows update sometimes has issues (does not all software!) and it is sometimes that we need to help it along the way, so let’s get too it! Read more “Field Notes – Just Patch”