recentpopularlog in

whip_lash : microsoft   31

Extended Protection for Authentication Overview | Microsoft Docs
The solution is to use a TLS-secured outer channel and a client-authenticated inner channel, and to pass a Channel Binding Token (CBT) to the server. The CBT is a property of the TLS-secured outer channel, and is used to bind the outer channel to a conversation over the client-authenticated inner channel.

In the previous scenario, the CBT of the client-attacker TLS channel is merged with the authorization information that is sent to the server. A CBT-aware server compares the CBT co...
security  microsoft  windows  authentication 
10 weeks ago by whip_lash
!exploitable Crash Analyzer - MSEC Debugger Extensions - CodePlex Archive
The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown.
security  Microsoft  debugger  windbg  exploit  development 
may 2018 by whip_lash
LAPS - Part 2
In Part 1 we explored how one could go about discovering and mapping the LAPS configuration in a domain. In this part, we’ll look at various ways LAPS can be abused for persistence purposes.
laps  activedirectory  Microsoft  windows  privesc  postexploitation 
march 2018 by whip_lash
LAPS - Part 1
The purpose of this post, is to put together a more complete end-to-end process for mapping out the LAPS configuration in a domain.
laps  activedirectory  Microsoft  windows  privesc  postexploitation 
march 2018 by whip_lash
Abusing Microsoft Word Features for Phishing: “subDoc” - Rhino Security Labs
In the above configuration, we’re telling Word to open a sub-document over the network using a UNC path which points external to their network. The destination IP address, in this case, is a VM instance that we control, hosted by a cloud provider which allows incoming SMB requests.

At this point, we’re able to load which allows us to listen for incoming SMB requests and collect the respective NTLMv2 hashes.
hashes  Microsoft  office  vulnerability  pentest  responder  security 
january 2018 by whip_lash
Clint Boessen's Blog: What is the NTDS Quotas container in Active Directory?
The ability to create objects in Active Directory with no limit imposed is dangerous, an attacker could create billions of Active Directory objects in Active Directory until the database file NTDS.dit became so large it fills up the disk space on all available domain controllers making the domain completely unavailable.

When creating a user account in Active Directory which has been delegated the permissions to create objects within Active Directory it is best practice to set a quota to limit the number of objects that account can create.
activedirectory  security  microsoft  domain 
october 2013 by whip_lash
If domain controller replication is not working - 4sysops
Essentially if you bring up a domain controller in a site without a fully replicated domain controller already in it replication will continuously fail, but as soon as the domain controller is logically put into a site with a “good” domain controller it will replicate.
microsoft  domain  dc  dcpromo  replication 
september 2013 by whip_lash
Adding a New Disk to an Existing Windows 2008 Cluster - Ask the Core Team - Site Home - TechNet Blogs
Adding new storage is a simple, reliable process that I thought I would show everyone. In this walk through, I already have a 2 node cluster. I am going to walk through adding a 1GB LUN as a new disk to an existing cluster.
microsoft  windows  cluster  sysadmin  engineering 
may 2012 by whip_lash
Microsoft vs. Software Piracy - Inside the War Room -
All but the lead vehicle turned off their headlights to evade lookouts, called “falcons,” who work for La Familia Michoacana, the brutal Mexican cartel that controls the drug trade. This time, the police weren’t hunting for a secret stash of drugs, guns or money. Instead, they looked to crack down on La Familia’s growing counterfeit software ring.
mexico  software  Microsoft 
november 2010 by whip_lash
Is Microsoft’s Kinect Racist? - PCWorld
Early reviews of Microsoft's Kinect facial recognition feature suggest that the motion-sensing camera does not work properly with some darker-skinned users. GameSpot's U.K. site unsuccessfully tested Kinect's features with two dark-skinned employees, while white reviewers had no problem using facial recognition.
microsoft  games  wtf 
november 2010 by whip_lash
Microsoft Official Defends Complex Software Licensing Efforts -
"We don't have a team of people in Redmond trying to make licensing complicated," Beare said. Programs have been built based on customer demand, he stressed. "The problem is when you start layering them," with customers having to deal with four or five different programs, he said.
software  microsoft 
october 2010 by whip_lash
Configuring the Windows Time Service
This article walks you through the process of setting up an authoritative time server for a Windows Server 2003-based network running Active Directory. The article outlines procedures for syncing to both an internal and external time source, and also lists additional resources for configuring the Windows Time service and troubleshooting time synchronization problems.
sysadmin  time  microsoft  networking  windows 
july 2010 by whip_lash
Nick MacKechnie : Now Available for download: Security Compliance Manager
The Solution Accelerators Team is pleased to announce the release of the Security Compliance Manager. This new tool is designed to help organizations plan, deploy, operate, and manage their security baselines for Windows® client and server operating systems, and Microsoft applications.
security  tools  compliance  microsoft 
april 2010 by whip_lash
The Ultimate Excel Cheatsheet
Working with the new Excel 2007 is now more frustrating than ever when it comes to finding the right commands. Sometimes it seems like part magic and part luck. That’s why we’ve put together the cream of the crop of Excel shortcuts in easy to use cheatsheets you can print up and keep handy.

Highlighting the most commonly used and commonly looked for Excel commands, this list puts it all at your fingertips.
cheatsheet  tips  shortcuts  microsoft  excel 
march 2010 by whip_lash
TestKing Pass4Sure 70-290 MCSE 70-620 CCNA 640-802 70-270 70-291 70-647 70-294 70-649 - Free Download
Here you can download free practice tests for such certifications as MCSE, MCDBA, MCSD, A+, Network+, Security+, CCNA, CCNP, and so on. All tests on this site have been created with Visual CertExam Suite. Visual CertExam Suite is an exam simulator developed for certification exam preparation. You can also use it as a Trandumper replacement. Files with VCE extension can be opened with this program.
certification  training  microsoft  cisco  linux  vmware  redhat 
march 2010 by whip_lash
Former Microsoft manager offers fix for XP SP3 'endless reboot' - Network World
A former Microsoft security manager has published a tool designed to detect and fix PCs that may be susceptible to "endless reboots" if updated to Windows XP Service Pack 3 (SP3).
microsoft  windows 
may 2008 by whip_lash
MCSE Server 2003 Core Pak
Going for your MCSE Server 2003? Here are all the core exams you need to get your MCSE in one convenient Pak.
mcse  microsoft 
july 2007 by whip_lash
Microsoft claims software like Linux violates its patents - May 28, 2007
Microsoft claims that free software like Linux, which runs a big chunk of corporate America, violates 235 of its patents. It wants royalties from distributors and users.
microsoft  linux  patents 
may 2007 by whip_lash
Ubuntu Linux Tips & Tricks: Did Microsoft just patent sudo?
1985, huh? And when did this Microsoft patent happen? It was filed in 2000. Well gee, that doesn't make sense. How'd they get the patent?
linux  microsoft 
may 2007 by whip_lash

Copy this bookmark:

to read