Tag Archives: Microsoft

Useful post regarding Office 365 security hardening

It’s 2020. We are now progressing more and more toward the cloud and will have to take into consideration security concerns that relate to the cloud. 2 large players in the cloud for productivity suites include Google and Microsoft.

Since Microsoft still dominates the market when it comes to workstation operating systems and office suites, Office 365 is being adopted pretty quickly. I really recommend that you to take a look at this post if you currently have Office 365:

Introducing the Microsoft Office 365 Email Security Checklist

It has some good pointers that will help you lock your Office 365 tenant down. Of course there is Microsoft Secure Score, but it seems as if it’s in its infancy. It is buggy and not reliable. This is not to say it won’t help you harden your tenant, but I wouldn’t let it necessarily be the golden rule.

One must also keep in mind that to make Office 365 ‘more secure’ according to Microsoft, you need to essentially pay for it. Standard subscriptions won’t get you certain features. ( Please see: https://products.office.com/en-us/exchange/advance-threat-protection#office-ProductsCompare-785zwzq )

#Update 3/3/20:

Infragard presentation on Office 365 Security:

https://drive.google.com/open?id=1_n9RocH3-J0cwfj4l3RyzFCC-Qfd1g4Q

12C2049B0AB7E7F2134A2ECD3D37F402  – MD5

9664CBF3C74B27770E962E8BB96C7A8816BBAFDE – SHA-1

(VirusTotal: https://www.virustotal.com/gui/file/5509d67471b8d66cdfb90e147d8a31f5df8362f0a32d47f95fca0cab51e40376/detection )

#Update 3/6/20:

Pictures of Office 365 Secure Score Suggestions (one could extrapolate some of these suggestions and apply to other cloud services):

https://drive.google.com/open?id=1R1UVKtf9d8jwbrfC0IKgjOZIcTZt_Shy

550FB7C99E35AF8F7DB1DAD168410012 – MD5

56A43F1DCE1B9BC16AD1AD853CD3918E23AE60BD – SHA-1
(VirusTotal: https://www.virustotal.com/gui/file/9bd4515270eaf0941ff037368fd1badd38b9dd1dde4dbb925bf00256f5f372b1/detection )

A solution for Windows 10 Pro activation issues

If you have recently swapped a motherboard in a Windows 10 system that is a MBR based system (this may work for UEFI based systems, though I doubt it) and you’re running into activation issues like the following:

0x803f7001

Unable to reach Windows activation servers

Your key is not valid etc…

‘slui 4’ in run prompt doesn’t work

Try this:

1.) Open an elevated cmd prompt.

2.) C:\Windows\system32\slmgr.vbs /ipk NMCXD-TFQ77-PVBCT-XVV68-TQ726

3.) You may get an error message but you can ignore this.

4.) slui 4 in run prompt should work now and you can activate your Windows 10 Pro installation via the installation ID.

If this doesn’t work, you have any issues, questions or comments, please leave a comment below.

 

Windows Activation URL

#Update 10/7/2015  It appears that IE9 and IE10 will not work on these activation URLs but google-chrome and the like seem to work.

Are you ever tired of having to call Microsoft’s automated system to activate your Windows install? Use this URL instead, it’s ten times faster after you have your installation ID window up (accessible via slui.exe 4 in the run prompt):

http://bit.ly/1F4pgY0

#Update 7/30/2015

Should you have problems with that URL, try this one:

https://goo.gl/95joxB

#Update 3/31/2016

New URL to use: http://bit.ly/1q60R3W

#update 6/8/2018

New URL to use: http://m.vivr.io/mUJ1zm3

#update 6/21/2018

Doesn’t seem to work anymore and you need to call their automated phone system and get a unique URL each time.

Time to rejoice! OpenSSH official support coming to Windows!

http://undeadly.org/cgi?action=article&sid=20150603090420&mode=expanded

Granted you can already install cygwin and setup an openssh server (which is a pain), according to multiple sources OpenSSH will be supported by the Microsoft Powershell team. It is honestly about time, because if you’ve ever had to work with Windows Server Core edition, you may have felt like me and thought it was stupid that you would have to RDP into a system for command line access.

I have a strong gut feeling that the Metasploit community (who already seem to love Powershell for AV evasion) are going to have a lot of fun with a Microsoft OS builtin OpenSSH package that may even be able to be installed via the new package manager(?).

What do you guys, gals and bots think?

Stuff to throw in your C:\Windows\System32 directory and %PATH% variable

Ah… WINKEY+R and cmd.exe, two awesome means of launching programs and commands within a Windows environment. In my humble opinion, WINKEY+R is probably one of the best keyboard shortcuts to know,  especially if you work in the tech industry. I mention this because I find myself using this keyboard shortcut a lot and it’s nice just to call out the name of a program rather than hunting around for it in a GUI. Need to see trace route for google.com? WINKEY+R then tracert www.google.com. Need to do a force shutdown? WINKEY+R then shutdown -s -t 0 -f . The list goes on but today we will be adding to this list because we all know that there are a myriad of utilities out there that don’t come with Windows installations by default and it’s nice to have them sitting in your System32 directory or in your %PATH% variable to quickly execute. I will warn you that some of the utilities I will recommend may make it easier for your system to be used as a pivot point if your system gets compromised. Additionally some of these tools may be detected as ‘viruses’ by anti-virus programs. Lastly, this article isn’t a comprehensive list of ALL the utilities that could be added or desired. It’s merely a means of getting you started. With that being said, let’s continue.

Cygwin:

For those of you who want to give your Windows system more a UNIX/Linux feel, I strongly recommend installing Cygwin and customizing your install to have all the Unix based goodies that your little heart desires. Once you’ve done this, add the /bin/ directory to your %PATH% variable. Now you can use egrep instead of findstr. Also you can now use wget, curl, ssh utilities suite, netcat, perl and other powerful scripting languages from cmd.exe! (Provided you have selected to install these during the customization part of your Cygwin install.)

https://www.cygwin.com/

Sysinternals Tools:

Mark Russinovich deserves a medal of some sort. Practically every tool he makes for Windows is a must have if you work on Windows systems. So feel free to download and copy all of these .exe files to your System32 directory:

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

I personally use autoruns.exe all the time as a much greater alternative to msconfig and hijackthis.

Putty software suite:

If you forgot to install the ssh utilities under Cygwin, don’t worry and put these in your System32 directory:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


Other useful tools to have:

Here’s a list of some other tools that are very useful to have in your System32 directory:

Bluescreenview – great utility for getting information on BSODs

coretemp – (pretty self explanatory)

cpuz– very useful tool for getting information about your CPU, Motherboard, and RAM

fciv – Microsoft’s hash checksum utility

gpuz – like cpuz but for graphics cards

p95 –useful tool to benchmark your system

rufus -Create bootable USB drives with picky distros (not all work with YUMI)

Speccy -great alternative to msinfo32 that is better in some departments

usbdeview -useful for getting information about usb devices that have been plugged into your system

vncviewer

YUMI – create multi linux distro and OS bootable flash drives (see: http://zitstif.no-ip.org/?p=973 )

Of course this list isn’t complete but I strongly feel that this is a good start. If you feel inclined to suggest some tools/utilities to add to the list feel free to leave a comment or send me an email.