Security

What is WPAD? WPAD stands for Windows Proxy Auto-Discovery. It is a protocol to obtain the URL for a PAC file. WPAD uses the following methods in order to discover the PAC file URL: DHCP DNS WINS LLMNR NetBIOS Hosts Lmhosts The PAC file tells the host where to direct network traffic. This is usually used to force traffic through a web proxy. Why is it insecure? When DHCP or DNS is misconfigured or not configured, an attacker can provide the client with a PAC file that directs traffic to a compromised server....

Summary Remote Credential Guard (RCG) protects admin credentials by ensuring they are not passed over the network to a target device. RCG is particularly useful for administrators who need to remotely access and manage servers and other critical systems. By ensuring that credentials are not exposed during these remote sessions, it significantly reduces the risk of credential theft and lateral movement in the network. Details Clients with RCG enabled do not send primary credentials to the target machine....

Problem Statement Accounts with bad passwords, especially accounts with privileged access are the Achilles heel of an organisation’s security. Traditionally IT has tried to impose “strong password policies” such as “Choose a password with an uppercase letter, a number, a symbol and more than 10 characters”. However, a password like “Summer2020!” satisfies ALL those requirements despite being an immesurably weak password. So, what can we as IT professionals do to reduce bad passwords and mitigate their impact?...

Summary Tpotce is an all-in-one honeypot platform with a collection of honeypots and tools for monitoring them. Requirements 8GB RAM 128GB Disk Space Unfiltered Internet Access Isolated Subnet Promiscious Mode Enabled for fatt, suricata and p0f to work properly Port forward or NAT to the honeypot Installation Set up is simple as the ISO is prebuilt. Download the latest ISO from Tpotce releases Mount the ISO to a VM and run through the installer....