Tag: Microsoft
Useful post regarding Office 365 security hardening
by zitstif on Feb.27, 2020, under Posts
It’s 2020. We are now progressing more and more toward the cloud and will have to take into consideration security concerns that relate to the cloud. 2 large players in the cloud for productivity suites include Google and Microsoft.
Since Microsoft still dominates the market when it comes to workstation operating systems and office suites, Office 365 is being adopted pretty quickly. I really recommend that you to take a look at this post if you currently have Office 365:
Introducing the Microsoft Office 365 Email Security Checklist
It has some good pointers that will help you lock your Office 365 tenant down. Of course there is Microsoft Secure Score, but it seems as if it’s in its infancy. It is buggy and not reliable. This is not to say it won’t help you harden your tenant, but I wouldn’t let it necessarily be the golden rule.
One must also keep in mind that to make Office 365 ‘more secure’ according to Microsoft, you need to essentially pay for it. Standard subscriptions won’t get you certain features. ( Please see: https://products.office.com/en-us/exchange/advance-threat-protection#office-ProductsCompare-785zwzq )
#Update 3/3/20:
Infragard presentation on Office 365 Security:
https://drive.google.com/open?id=1_n9RocH3-J0cwfj4l3RyzFCC-Qfd1g4Q
9664CBF3C74B27770E962E8BB96C7A
(VirusTotal: https://www.virustotal.com/gui/file/5509d67471b8d66cdfb90e147d8a31f5df8362f0a32d47f95fca0cab51e40376/detection )
#Update 3/6/20:
Pictures of Office 365 Secure Score Suggestions (one could extrapolate some of these suggestions and apply to other cloud services):
https://drive.google.com/open?id=1R1UVKtf9d8jwbrfC0IKgjOZIcTZt_Shy
550FB7C99E35AF8F7DB1DAD168410012 – MD5
A solution for Windows 10 Pro activation issues
by zitstif on Sep.09, 2017, under Posts
If you have recently swapped a motherboard in a Windows 10 system that is a MBR based system (this may work for UEFI based systems, though I doubt it) and you’re running into activation issues like the following:
0x803f7001
Unable to reach Windows activation servers
Your key is not valid etc…
‘slui 4’ in run prompt doesn’t work
Try this:
1.) Open an elevated cmd prompt.
2.) C:\Windows\system32\slmgr.vbs /ipk NMCXD-TFQ77-PVBCT-XVV68-TQ726
3.) You may get an error message but you can ignore this.
4.) slui 4 in run prompt should work now and you can activate your Windows 10 Pro installation via the installation ID.
If this doesn’t work, you have any issues, questions or comments, please leave a comment below.
Windows Activation URL
by zitstif on Jun.16, 2015, under Posts
#Update 10/7/2015 It appears that IE9 and IE10 will not work on these activation URLs but google-chrome and the like seem to work.
Are you ever tired of having to call Microsoft’s automated system to activate your Windows install? Use this URL instead, it’s ten times faster after you have your installation ID window up (accessible via slui.exe 4 in the run prompt):
#Update 7/30/2015
Should you have problems with that URL, try this one:
#Update 3/31/2016
New URL to use: http://bit.ly/1q60R3W
#update 6/8/2018
New URL to use: http://m.vivr.io/mUJ1zm3
#update 6/21/2018
Doesn’t seem to work anymore and you need to call their automated phone system and get a unique URL each time.
Time to rejoice! OpenSSH official support coming to Windows!
by zitstif on Jun.03, 2015, under Posts
http://undeadly.org/cgi?action=article&sid=20150603090420&mode=expanded
Granted you can already install cygwin and setup an openssh server (which is a pain), according to multiple sources OpenSSH will be supported by the Microsoft Powershell team. It is honestly about time, because if you’ve ever had to work with Windows Server Core edition, you may have felt like me and thought it was stupid that you would have to RDP into a system for command line access.
I have a strong gut feeling that the Metasploit community (who already seem to love Powershell for AV evasion) are going to have a lot of fun with a Microsoft OS builtin OpenSSH package that may even be able to be installed via the new package manager(?).
What do you guys, gals and bots think?
Stuff to throw in your C:\Windows\System32 directory and %PATH% variable
by zitstif on Feb.27, 2015, under Posts
Ah… WINKEY+R and cmd.exe, two awesome means of launching programs and commands within a Windows environment. In my humble opinion, WINKEY+R is probably one of the best keyboard shortcuts to know, especially if you work in the tech industry. I mention this because I find myself using this keyboard shortcut a lot and it’s nice just to call out the name of a program rather than hunting around for it in a GUI. Need to see trace route for google.com? WINKEY+R then tracert www.google.com. Need to do a force shutdown? WINKEY+R then shutdown -s -t 0 -f . The list goes on but today we will be adding to this list because we all know that there are a myriad of utilities out there that don’t come with Windows installations by default and it’s nice to have them sitting in your System32 directory or in your %PATH% variable to quickly execute. I will warn you that some of the utilities I will recommend may make it easier for your system to be used as a pivot point if your system gets compromised. Additionally some of these tools may be detected as ‘viruses’ by anti-virus programs. Lastly, this article isn’t a comprehensive list of ALL the utilities that could be added or desired. It’s merely a means of getting you started. With that being said, let’s continue.
Cygwin:
For those of you who want to give your Windows system more a UNIX/Linux feel, I strongly recommend installing Cygwin and customizing your install to have all the Unix based goodies that your little heart desires. Once you’ve done this, add the /bin/ directory to your %PATH% variable. Now you can use egrep instead of findstr. Also you can now use wget, curl, ssh utilities suite, netcat, perl and other powerful scripting languages from cmd.exe! (Provided you have selected to install these during the customization part of your Cygwin install.)
Sysinternals Tools:
Mark Russinovich deserves a medal of some sort. Practically every tool he makes for Windows is a must have if you work on Windows systems. So feel free to download and copy all of these .exe files to your System32 directory:
https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
I personally use autoruns.exe all the time as a much greater alternative to msconfig and hijackthis.
Putty software suite:
If you forgot to install the ssh utilities under Cygwin, don’t worry and put these in your System32 directory:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Other useful tools to have:
Here’s a list of some other tools that are very useful to have in your System32 directory:
Bluescreenview – great utility for getting information on BSODs
coretemp – (pretty self explanatory)
cpuz– very useful tool for getting information about your CPU, Motherboard, and RAM
fciv – Microsoft’s hash checksum utility
gpuz – like cpuz but for graphics cards
p95 –useful tool to benchmark your system
rufus -Create bootable USB drives with picky distros (not all work with YUMI)
Speccy -great alternative to msinfo32 that is better in some departments
usbdeview -useful for getting information about usb devices that have been plugged into your system
YUMI – create multi linux distro and OS bootable flash drives (see: http://zitstif.no-ip.org/?p=973 )
Of course this list isn’t complete but I strongly feel that this is a good start. If you feel inclined to suggest some tools/utilities to add to the list feel free to leave a comment or send me an email.