@import url('https://themes.googleusercontent.com/fonts/css?kit=wJuDEFlUsDZt7lpAAPdLm9CoNqneSjGN6FUREF5POP9krml-9Eg4KzR8naUO0aF3kuG_eoWNft1SfWZjF8JeEg');.lst-kix_wm3dnufq67dx-7>li:before{content:"- "}.lst-kix_wm3dnufq67dx-8>li:before{content:"- "}ol.lst-kix_iptxq54yrrnf-3.start{counter-reset:lst-ctn-kix_iptxq54yrrnf-3 0}.lst-kix_u3opzkdcnklc-1>li{counter-increment:lst-ctn-kix_u3opzkdcnklc-1}.lst-kix_wm3dnufq67dx-1>li:before{content:"- "}.lst-kix_iptxq54yrrnf-4>li{counter-increment:lst-ctn-kix_iptxq54yrrnf-4}ol.lst-kix_mfudkcwv2w89-7.start{counter-reset:lst-ctn-kix_mfudkcwv2w89-7 0}.lst-kix_wm3dnufq67dx-0>li:before{content:"- "}.lst-kix_hk8k8itxmlfp-4>li{counter-increment:lst-ctn-kix_hk8k8itxmlfp-4}.lst-kix_8chkxhfzc2ds-3>li:before{content:"- "}.lst-kix_8chkxhfzc2ds-5>li:before{content…  ( 25 min )

The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib  ( 24 min )

Robocopy (Robust File Copy) is a command line folder and file replication tool available as a standard Windows feature since Windows Server 2008. The goal of this post is to give you a quick start guide by providing some Robocopy examples. Robocopy usage examples first appeared on 4sysops.  ( 34 min )

Keeping an eye on activities and logs in the environment is a crucial aspect of cybersecurity and requires businesses to have the right tools to monitor network and system events. EventSentry is a networking monitoring tool that provides many capabilities for organizations looking to keep an eye on the environment. In addition, the recent release of version 5 offers many new features. EventSentry 5: SIEM & Monitoring with many new features first appeared on 4sysops.  ( 34 min )

It’s the second Tuesday of the month, and the last second Tuesday before Black Hat and DEFCON, which means Microsoft and Adobe have released their latest security fixes. Take a break from packing (if you’re headed to hacker summer camp) or your normal activities and join us as we review the details of their latest patches and updates. Adobe Patches for August 2022 For August, Adobe addressed 25 CVEs in five patches for Adobe Acrobat and Reader, Commerce, Illustrator, FrameMaker, and Adobe Premier Elements. A total of 13 of these bugs were reported through the ZDI program. The update for Acrobat and Reader addresses three Critical-rated and four Important-rated bugs. The critical vulnerabilities could allow code execution if an attacker could convince a user to open a specially crafted file…

Part 3: Expanding the Function Call Graph  ( 22 min )

As defensive controls have advanced, so too have adversaries’ approaches to social engineering. Landing a phishing email in an inbox has become harder, and most campaigns that do make it to an inbox are quickly reported, quarantined, or triaged. So, adversaries have asked themselves why not skip the inbox all together or leverage a service […] The post Thinking Outside the Mailbox: Modernized Phishing Techniques appeared first on Praetorian.  ( 12 min )

This blog post will first give a brief overview of obfuscation based on Mixed-Boolean-Arithmetic (MBA), how it has historically been attacked and what are the known limitations. The main focus will then shift to an extension of the oracle-based synthesis approach, detailing how combining program synthesis with the equality saturation technique produces significantly more simplification opportunities. Finally, a set of examples spanning from different MBA categories over unsolved limitations up to future work ideas will hopefully serve as food for thoughts to the reader. Across the post, references to existing research are provided to delve into additional details and deepen the understanding of the topics.  ( 26 min )

Introduction Last weekend (July 30th) a truly incredible piece of mathematical/cryptanalysis research was put onto eprint. Wouter Castryck and Thomas Decru of KU Leuven published a paper “An efficient key recovery attack on SIDH (preliminary version)” describing a new attack on the Supersingular Isogeny Diffie-Hellman (SIDH) protocol together with a corresponding proof-of-concept implementation. SIDH is … Continue reading Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath →  ( 32 min )

Many organizations use software that needs access to users' mailboxes. In this case, it makes sense to assign the necessary permissions centrally. Exchange provides the impersonation role for this, which can act on behalf of the respective users. Exchange impersonation: Grant permissions to service accounts first appeared on 4sysops.  ( 32 min )

This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&OS/X world out there, there […]  ( 18 min )

It is a new day with new challenges. Scope has shifted for the next part of our LHE. Today, you can feel the focus. These hackers have been heads do  ( 4 min )

This week is longer than I thought, so time to catch up… 🙂 This one is a mess, but sometimes a bit of a mess is not a bad thing. […]  ( 18 min )

Thoma Bravo’s investment in the IAM and authentication space continues with another massive ($2.8B) acquisition of Ping Identity on the heels of announcing that it intends to acquire SailPoint later this year. I believe it’s a great transaction for both sides. Shareholders of Ping get a nice exit after the stock was trading near its […] The post Hot Authentication Space Is Fueled Further by the Ping Identity Acquisition appeared first on SecureAuth.  ( 30 min )

The Get-ADPrincipalGroupMembership PowerShell cmdlet enables you to query all the Active Directory group memberships of a user. In this tutorial, you'll learn to work with Get-ADPrincipalGroupMembership, and see how you can use this useful cmdlet to quickly and easily use a PowerShell one-liner to search and see whether a user is a member of a particular Active Directory group. Simply put, if your organization uses Active Directory security groups, the ability to use this cmdlet is an absolute must. Get AD user group membership with Get-ADPrincipalGroupMembership first appeared on 4sysops.  ( 34 min )

In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.  ( 10 min )

TL;DR The regulation from the IMO has changed, you need to do more about cyber security. Key things to focus on:  Start asking questions of your supply chain, of your […] Maritime regulation. All Hands-on Deck!  first appeared on Pen Test Partners.  ( 8 min )

Welcome back to our first day of in-person hacking! We had some lovely people greeting you today for your check-in. Again, we want all of our hacker  ( 5 min )

No content preview  ( 12 min )

Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.  ( 14 min )

Part 2: Operations  ( 17 min )

Traditionally, the Office applications followed a lifecycle of five years each in mainstream and extended support. However, the situation is now more complicated because the apps are also limited in their use by being disconnected from the Microsoft 365 cloud services or when being run on an outdated Windows. End of support for Office (2013, 2016, 2019): No Microsoft 365 access, and outdated OS versions first appeared on 4sysops.  ( 35 min )

by Michael Mathews Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims … Continue reading Top of the Pops: Three common ransomware entry techniques →  ( 8 min )

After a day of prep, we were ready to launch into our first day of H1-702! What makes today special is the return of [email protected], previously  ( 5 min )

A final wrap-up from the Month of PowerShell: discoveries, recommendations, complaints, and successes.  ( 27 min )

This year, NCC Group researchers will be presenting at least five presentations at Black Hat USA and DEF CON 30. A guide to these presentations (abstracts, dates, and links) is included below. We will also update this post with any additional presentations as they are accepted and announced. Virtually or in-person, we hope you will … Continue reading NCC Group Research at Black Hat USA 2022 and DEF CON 30 →  ( 10 min )

The BloodHound Enterprise team is proud to announce the release of BloodHound 4.2 — The Azure Refactor.  ( 13 min )

ScriptRunner is a solution that centrally manages the running of PowerShell scripts across the environment. The new ScriptRunner Portal Edition R4 release provides many new features and capabilities. ScriptRunner Portal Edition R4: A portal for PowerShell scripts first appeared on 4sysops.  ( 35 min )

As blockchain and crypto technology transitions from experimental to mainstream, the importance of top-tier security is becoming increasingly relevant. As we discussed in a recent post, organizations are grappling with the fact that risk transference–planning to insure against a cybersecurity incident, or to pay damages out of pocket–is becoming more costly than simply investing in […] The post The Economy of Trust in Smart Contract Security appeared first on Praetorian.  ( 6 min )

Hackers! We have made it to Las Vegas! We are here for a live hacking event (LHE). All live hacking events are amazing, but this LHE has a special p  ( 5 min )

Terraform is a popular Infrastructure as Code solution. Did you know that you can manage other Azure resources, such as policy definitions and assignments with Terraform? In this tutorial, you will learn how to use Terraform to manage Azure Policy by creating a policy definition for a storage account naming standard. You will then assign the policy to a subscription and test the policy's effectiveness. Manage Azure Policy using Terraform first appeared on 4sysops.  ( 36 min )

Building securely in the cloud can feel daunting given the sheer volume of ever-changing information to review, assess, and deconflict for your business needs. For example, AWS releases countless updates, new features, and new security services around its summer security conference, re:Inforce. Praetorian analyzed all the information pertaining to AWS’s new releases and security related […] The post AWS Security Trends of 2022: Five Themes and Why They Matter appeared first on Praetorian.  ( 6 min )

The current Insider preview in the Dev Channel includes support for DNS over TLS (DoT). This is an alternative encrypted DNS protocol to DNS over HTTPS (DoH). It runs directly over a TLS tunnel without an HTTP layer and is therefore faster. The setup is done with netsh. Activate DNS over TLS (DoT) in Windows 11 first appeared on 4sysops.  ( 32 min )

A friend of the site recently suggested that we create a current-issue case study using our updated risk discovery approach. “It’s a great idea,” we replied and immediately started kicking around ideas.

Before we start let’s set the scene regarding vulnerability assessment. It is imperative that enterprises conduct their own continuous automated scanning, to have up-to-date assessments of threats that their networks […] Efficient Infrastructure Testing first appeared on Pen Test Partners.  ( 9 min )

Here is an overview of content I published in July: Blog posts: simple_listener.py Quickpost: Standby Power Consumption Of My USB Chargers Update: base64dump.py Version 0.0.23 Update: sortcanon Version 0.0.2 Update: oledump.py Version 0.0.69 Update: re-search.py Version 0.0.21 Quickpost: Standby Power Consumption Of My USB Chargers (120V vs 230V) Quickpost: iPad Pro Charging – Power Consumption […]  ( 9 min )

SANS Cybersecurity Blog pertaining to a summary of the SANS Security Awareness Summit  ( 9 min )

Writing your own sandbox has many advantages – the most important is an ability to collect data only large companies have. Analysing many samples gives us an unique insight into […]  ( 18 min )

I charged an iPad Pro (12.9 Inch) and measured the power consumption (at 120V and 230V). According to the specs, this iPad has a battery with a capacity of 40.88 Wh. Procedure: when the iPad Pro turns itself of because of a low battery, I started to charge the iPad with an Apple A2347 USB […]  ( 9 min )

Introduction There are more than four ways to mask data, but these are the main ones to focus on in this post. Lossless Compression Encryption Steganography Shuffling If we want to detect a compressed or encrypted stream of bytes but … Continue reading →  ( 10 min )

In this article we look at several keyboard shortcuts to speed up your PowerShell sessions.  ( 10 min )

This series got a bit delayed, because I got sick last week. — This is a bit counter-intuitive – why would you want to collect strings related to games? First, […]  ( 18 min )

In this article we finish up our look at PowerShell remoting by examining several options to run PowerShell commands on multiple remote systems.  ( 18 min )

After ten years of partnering with hackers, PayPal is a leader in cybersecurity and hacker relationship building. We were thrilled to work with PayPal once again to uncover new ways to reduce their risk and build proactive security practices.

In this tutorial, I will walk through the steps to use the AWS Terraform provider to create an EC2 instance in AWS. Terraform by HashiCorp is an infrastructure as code (IaC) tool that can be used to quickly and reliably deploy infrastructure to both cloud and on-premises environments using human-readable configuration files. Create an AWS EC2 instance with HashiCorp Terraform provider first appeared on 4sysops.  ( 34 min )

Nicholas Baker’s book Human Smoke brilliantly illustrates a unique approach to historical narrative. It also underscores the need to remember that every artist paints with intent.

In this article we look at how to automate a massive file-rename task using PowerShell.  ( 13 min )

In this new age of giant monsters, advanced awareness of classical surprise—that one big tipping moment—no longer suffices.

On March the 31st, I gave a quick talk on automotive security at VTM titled "UN ECE 155 Threats in the real world: Wireless Networking Attacks and Mitigations. A case study" (slides here). The idea was to create some content about one of the most hyped topics in the automotive cyber security world over the last year, without keeping it just theoretical; UN/ECE 155 and ISO/SAE 21434 whose concerns are about the implementation of a CSMS (Cyber Security Management System) which consists in performing, for each vehicle, several high level security tasks, such as Threat Analysis and Risk Assessment (TARA), supply chain security issues tracking, implementation of the mitigations, update management and so on. The following schema shows the product development lifecycle model, called V-Model, use…  ( 11 min )

SquaredUp Community Dashboard Server is a free solution for creating dashboards based on PowerShell and Web APIs. Learn about recent updates that add even more features. Free SquaredUp Community Dashboard Server for PowerShell first appeared on 4sysops.  ( 34 min )

By Troy Sargent, Blockchain Security Engineer You think you’ve found a critical bug in a Solidity smart contract that, if exploited, could drain a widely used cryptocurrency exchange’s funds. To confirm that it’s really a bug, you need to figure out the value at an obscure storage slot that has no getter method. Adrenaline courses […]  ( 9 min )

Join the SANS Institute at the 2022 Cloud Security Exchange as we bring together technical security leaders from Google Cloud Platform (GCP) and Microsoft Azure.  ( 11 min )

In this article, we discuss perhaps the most immediately-valuable feature in PowerShell for Windows administrators, the ability to run PowerShell commands on remote systems.  ( 12 min )

When you open tools such as Group Policy Management or AD Users and Computers, it might happen that these tools do not find the domain. Network problems in general and DNS problems in particular are almost always responsible for this. The IPv6 configuration plays a special role here. Troubleshooting “a domain controller could not be contacted” first appeared on 4sysops.  ( 33 min )

Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service, VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c. In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP stack is based on FreeBSD 8.2 and does not include security patches for the vulnerabilities disclosed over the years since that release of FreeBSD. This result also prompted us to analyze the nature of vulnerabilities di…

Whilst testing for XSS vectors, we found some new ways of framing a web site that don't use the iframe element. Naturally, we've updated our XSS cheat sheet to document them. We discovered that Chrome  ( 3 min )

It’s been a year since we launched our Burp Suite Certified Practitioner exam, so we’ve been reflecting on some of the improvements and developments we’ve made across both our preparation materials an  ( 5 min )

Software So who actually develops the software installed on Electronic Flight Bags (EFBs)?  The software can originate from a large range of sources: System software developers including the OS, drivers, […] Attacking EFB updates first appeared on Pen Test Partners.  ( 10 min )

In this article we look at using PowerShell maliciously while evading detection.  ( 10 min )

Deploy your hacklab using Ansible and Vagrant for fast, repeatable results. Building on the work by @myexploit2600, we're going to use Ansible and Vagrant to automate the manual steps of constructing a domain and vulnerable users.  ( 28 min )

An Expanding Problem $1,000,000,000 One billion dollars. According to a 2015 Detroit Free Press article, that was the amount Fiat Chrysler Automotive might have to pay in buybacks and fines due to an automotive cybersecurity vulnerability. That year, Charlie Miller and Chris Valasek had published security research demonstrating the ability to remotely take over and […] The post Anatomy of an Automotive Security Assessment appeared first on Praetorian.  ( 8 min )

Learn how to remotely monitor, manage, and automate your infrastructure with Pulseway. The latest version contains new automation and other features for macOS and Linux. Pulseway: Remote monitoring and automation for Windows, macOS, and Linux first appeared on 4sysops.  ( 34 min )

Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or just need a convenient interface for managing all services in one place. Advisory Information Remotely Exploitable: YesAuthentication Required: NoVendor URL: […]  ( 6 min )

In this article we build a useful PowerShell function to save useful commands for later reference: Save-Keeper!  ( 13 min )

I did not explicitly specify in my post “Quickpost: Standby Power Consumption Of My USB Chargers” that I did my tests here in Flanders, Belgium and thus that the mains electricity is 230V 50Hz. I wondered what the results would be in other parts of the world, like the USA. To answer this question, I […]  ( 9 min )

Accommodate but don’t fight the limitations you can’t control, recognize those you can influence and leverage, and don't imagine you have more free cells than you actually do.

In this post, you will learn how to fix Settings app crashes in Windows 10 and 11. You can also use this guide if the Settings app won't even open. Fix Settings app crashes in Windows 10 and Windows 11 first appeared on 4sysops.  ( 33 min )

The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to look for vulnerabilities which could affect to the availability, integrity or confidentiality of the different devices, from hardware to software. Eleven vulnerabilities were discovered. Below are … Continue reading Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) →  ( 21 min )

We continue our look at PowerShell threat hunting through process analysis, identifying Command & Control/C2 threats on a Windows system.  ( 18 min )

This new version of re-search.py adds a regex for UNCs to the library and has a Python 3 fix. re-search_V0_0_21.zip (http)MD5: 294DD5D4027F0AFD0A2DE6432FE4552DSHA256: B818CE4F7E217B381128550A3A36B40B6D07CC687CE4CF5AFF3C70EC0D3EEAD2  ( 9 min )

Where are all of the user properties for Active Directory users for Get-ADUSer?  ( 13 min )

Knowing what service name is what is quite useful. The attached list lists many, primarily native OS, and security product-related services that I have aggregated by looking at native services […]  ( 17 min )

This update brings an update to plugin plugin_vba_dco.py. This is a plugin that scans VBA source code for keywords (Declare, CreateObject, GetObject, CallByName and Shell), extracts all lines with these keywords, followed by all lines with identifiers associated with these keywords. For example, if the result of a CreateObject call is stored in variable oXML, […]  ( 10 min )

PowerShell is a powerful tool for threat hunting. Here we look at PowerShell threat hunting steps by assessing processes on Windows.  ( 17 min )

vSphere Diagnostic Tool is a new VMware Fling that helps bring together useful troubleshooting information and diagnostics in a single place. It comprises a set of Python and Bash scripts that runs diagnostic commands and queries data from vCenter Server. It can also speed up the process for VMware Support to perform a root cause analysis. Troubleshoot VMware using vSphere Diagnostic Tool first appeared on 4sysops.  ( 32 min )

PowerShell allows us to create a transaction file of all commands entered and output received, perfect for pentests, incident response, and more!  ( 13 min )

With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at Burp Towers. Find out what we've been up to, and what our plans are for the next yea  ( 6 min )

Over the past two years, we’ve seen a number of our clients’ security programs re-orient to prepare for potential ransomware incidents. Much of these preparations have focused on the controls and processes that would specifically help prevent and respond to a ransomware infection. While this is often effort well-spent, I’d like to suggest that many […] The post Part 2 – Adapting Security Strategy to the Rise of Opportunistic Attacks appeared first on Praetorian.  ( 6 min )

Many companies today have branches in several countries or an international workforce. In this case, they generally use English as the corporate language. However, Microsoft Teams offers the option of automatically sending invitations to meetings in a second (local) language. Send Microsoft Teams meeting invitations in multiple languages first appeared on 4sysops.  ( 32 min )

The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.  ( 10 min )

In this article we look at how PowerShell makes it convenient to work with file sizes, and how to use it in everyday administrator calculations.  ( 9 min )

Every admin knows the usage of Deployment Image Servicing and Management (DISM) for mounting and customizing Windows images. DISM is a comprehensive and varied utility, providing many lesser-known capabilities around servicing applications and drivers, applying unattend.xml, changing your Windows edition, or even reverting Windows to a previous OS installation. DISM command overview: Service images, repair Windows, and manage optional features and file associations first appeared on 4sysops.  ( 36 min )

British officer Vladimir Peniakoff’s approach to planning might sound a bit unorthodox at first, but it aligns nicely with Patton’s view of intelligence and speaks to an enduring need to understand front-line conditions.

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on GitHub.  ( 10 min )

In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike. In our analysis we’ll be using the initial malware sample itself together with some malware artifacts from the system … Continue reading Analysis of a trojanized jQuery script: GootLoader unleashed →  ( 11 min )

This new version adds a sort function to sort email addresses by domain first. sortcanon_V0_0_2.zip (http)MD5: ED6DBE384707778E765C9BD6B6880C05SHA256: 190922F347AC1B32D0CE503D1763F27A250D9BFDD15CB911EA4435BAB7E69CD3  ( 9 min )

In this article we look at how the PowerShell grouping operator works and how to use it instead of declaring a temporary variable to access an object's properties and methods.  ( 16 min )

Part 1: Discovering API Function Usage through Source Code Review  ( 30 min )

Back in 2021, I stumbled upon a proof of concept describing an arbitrary file read vulnerability in the Ivanti Avalanche mobile device management tool. As I was not aware of this product, I decided to take a quick look at the vendor’s website to learn more: “Avalanche Enterprise Mobile Device Management manages some of the most demanding, high-profile supply chain mobility solutions in the world. So, we understand the pressure you're under to maximize worker (and device) uptime.” “Manage all mobile devices in one place. Smartphones, barcode scanners, wearables and more—configure, deploy, update, and maintain them all in one system.” “30,000 organizations. Over 10 million devices.” As the product specification seemed to be both intriguing and encouraging, I decided to give it a shot and loo…

To disable Windows search highlights in corporate environment makes sense because this new Windows feature only distract users. In this post I will explain how you can turn off these search enhancements as they are sometimes called with Group Policy and PowerShell. Disable Windows search highlights first appeared on 4sysops.  ( 31 min )

This new version adds JSON input support, allowing,for example, to detect encoded payloads inside the registry: More info in an upcoming blog post. base64dump_V0_0_23.zip (http)MD5: 00D1E2344A6D09D3A2F18FC257F77090SHA256: E4CA046198E801DFF309D6A8B346D5084FB4B4DFBFD339C5BCB3EF570CD08A79  ( 9 min )

In this article we look problem solving using PowerShell with DeepBlueCLI, Syslog, and JSON data.  ( 21 min )

We need a more flexible game board where players can explore hypergame strategies—in other words, a game board where the strategist can play the hero for a change. We’ve built it.

The Remote Desktop port (RDP port) 3389 in Windows is a popular target for hackers. Thus, it might make sense to change the RDP port. This article describes how to change Remote Desktop with PowerShell. How to change Remote Desktop port (RDP port) using PowerShell first appeared on 4sysops.  ( 34 min )

In this final part of this series on working with the event log in PowerShell, we look at tips and commands for tweaking event log settings.  ( 16 min )

Like many Windows related technologies Active Directory uses a security descriptor and the access check process to determine what access a user has to parts of the directory. Each object in the directory contains an nTSecurityDescriptor attribute which stores the binary representation of the security descriptor. When a user accesses the object through LDAP the remote user's token is used with the security descriptor to determine if they have the rights to perform the operation they're requesting. Weak security descriptors is a common misconfiguration that could result in the entire domain being compromised. Therefore it's important for an administrator to be able to find and remediate security weaknesses. Unfortunately Microsoft doesn't provide a means for an administrator to audit the sec…  ( 12 min )

A routine task (merging two files) leads us down the path of developing a better understanding of the ForEach command in PowerShell.  ( 15 min )

Recently, it appears that Chrome and Edge notifications are being hijacked into pushing people onto fake antivirus websites, such as the one in the example image below. As part of my work on the helpdesk, I often see firsthand how users are tricked into opening PDFs or clicking on links. Thus, we decided to disable Chrome notifications. The procedure described here also works for Microsoft Edge. Disable browser notifications in Chrome first appeared on 4sysops.  ( 33 min )

In part 3 of Working with the Event Log we look at using a third-party function to make accessing event log data much easier.  ( 19 min )

Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the product for those who h  ( 4 min )

TL;DR The Passenger Information List (PIL) is often now available on EFBs and crew devices. It stores information such as passenger names, seat numbers, and customer services information.  Digital versions […] EFB ePIL. Pinching passenger PII from pilots first appeared on Pen Test Partners.  ( 12 min )

In this article we look at how we can leverage PowerShell's object-passing pipeline to parse and retrieve data from an IIS web server log file.  ( 13 min )

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Quintin Crist of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by Yuki Chen. The bug is found in the implementation of Network File System (NFS)and is due to improper handling of NFSv4 requests. An unauthenticated attacker could exploit this bug to execute arbitrary code in the context of SYSTEM. The following is a portion of their write-up covering CVE-2022-30136, with a few minimal modifications. A remote code execution vulnerability exists in Windows Network File System. The vulnerability is due to improper handling of NFSv4 requests. A remote attacker can exploi…

Security leaders often struggle to keep pace with the evolving nature of their respective attack surfaces. Many fall behind in their ability to identi  ( 8 min )

Learn how threat actors manipulate Windows to install malicious apps that are trusted by the system, and how to defend against them.  ( 13 min )

PyAutoGUI is a Python module that enables interaction with a GUI operating system. With PyAutoGUI, we can "drive" the keyboard and mouse as if a user were running the PC. PyAutoGUI works with Windows, Linux, and macOS. In this article, I explain how to install PyAutoGui, we will look at how to get started using PyAutoGui and I will give a simple example that demonstrates some of the main features of PyAutoGUI for Windows GUI automation. Install PyAutoGUI for Windows GUI automation first appeared on 4sysops.  ( 34 min )

We continue our look at working with the Windows event log using PowerShell with 10 threat hunting techniques.  ( 20 min )

These FOR585 excerpt animations talk about possible problems you might encounter during mobile device investigations & tricks to uncover data.  ( 9 min )

Last week, NIST announced some algorithms selected for standardization as part of their Post-Quantum Cryptography project. This is a good opportunity to recall the history of this process, observe its current state, and comment on the selected algorithms. It is important to remember that the process is not finished: round 4 has started, and should … Continue reading NIST Selects Post-Quantum Algorithms for Standardization →  ( 9 min )

In the Threat Pulse released in November 2021 we touched on Everest Ransomware group. This latest blog documents the TTPs employed by a group who were observed deploying Everest ransomware during a recent incident response engagement.  ( 8 min )

Not every surprise is a cunning thunderbolt. Some surprises creep up slowly, rusting away former resilience until a simple nudge reveals the rot.

Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is an important part of…  ( 18 min )

If the internet is not working on a Windows PC where everything related to networking is properly configured, the command netsh winsock reset might save your day. Furthermore, this command will also help you fix the Windows Sockets registry entries required for network connectivity are missing error that is shown when you run Windows network diagnostics. Netsh winsock reset: If the internet is not working first appeared on 4sysops.  ( 34 min )

HashiCorp Terraform is an open-source Infrastructure as Code (IaC) tool that enables deploying resources on-premises and to the cloud. You can build, modify, and version your environment using an efficient deployment process. In this Getting Started tutorial, I'll introduce to the basic Terraform concepts, and you'll deploy your first Terraform configuration in Azure. Getting started with Terraform in Azure first appeared on 4sysops.  ( 38 min )

In this article we look at working with the Windows event log using PowerShell.  ( 20 min )

It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings. Adobe Patches for July 2022 For July, Adobe addressed 27 CVEs in four patches for Acrobat and Reader, Photoshop, RoboHelp, and Adobe Character Animator. A total of 24 of these bugs were reported through the ZDI program. The update for Acrobat and Reader addresses a combination of 22 different Critical- and Important-rated bugs. The most severe of these could allow code execution if an attacker convinces a target to open a specially crafted PDF document. While there are no active attacks noted, Adobe does list this as a Priority 2 deployment rating. The upda…