AD Password Audit

Problem Statement Accounts with bad passwords, especially accounts with privileged access are the Achilles heel of an organisation’s security. Traditionally IT has tried to impose “strong password policies” such as “Choose a password with an uppercase letter, a number, a symbol and more than 10 characters”. However, a password like “Summer2020!” satisfies ALL those requirements despite being an immesurably weak password. So, what can we as IT professionals do to reduce bad passwords and mitigate their impact?...

21 January, 2022 · 3 min · 568 words · JD

Creating a Honeypot with T-Pot

Summary Tpotce is an all-in-one honeypot platform with a collection of honeypots and tools for monitoring them. Requirements 8GB RAM 128GB Disk Space Unfiltered Internet Access Isolated Subnet Promiscious Mode Enabled for fatt, suricata and p0f to work properly Port forward or NAT to the honeypot Installation Set up is simple as the ISO is prebuilt. Download the latest ISO from Tpotce releases Mount the ISO to a VM and run through the installer....

16 January, 2022 · 3 min · 470 words · JD

Hugo

Update: I’ve since switched to the PaperMod Theme I’m sick of maintaining Wordpress. I’ve finally decided to switch to a static site using Hugo. Hugo Setup Install Hugo I’m using the DoIT Hugo theme. This requires Hugo Extended. Installation via Chocolatey choco install hugo-extended Create a new site Hugo will create a new site named <my-site> hugo new site <my-site> Install a theme I like the simplicity and aesthetics of the DoIT theme....

27 December, 2021 · 2 min · 274 words · JD

Dns Capture

Sometimes you need to do a packet capture on a Windows machine without installing anything. This is a guide on how to use the inbuilt Windows utility – netsh trace – to capture IPv4 packets. For just capturing DNS packets, capturing only UDP packets should cover most DNS traffic. #Run this command in an elevated command prompt netsh trace start maxSize=500 capture=yes Ethernet.Type=IPv4 Protocol=UDP report=disabled #When you want to stop the packet capture run netsh trace stop For capturing all types of packets, leave out the Protocol Type:...

2 August, 2020 · 1 min · 155 words · JD

Automating vSphere with PowerCLI

PowerCLI by VMWmare is a tried and tested way of scripting management of a vSphere instance using PowerShell. Installing PowerCLI Open a PowerShell terminal as administrator and run the following commands: #Install PowerCLI Install-Module VMware.PowerCLI -AllowClobber -Force #Disable Certificate Verficiation (Don't use this in production) Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false #Disable CEIP Telemetry Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP:$false #Save vSphere credentials New-VICredentialStoreItem -Host <vSphere FQDN or IP> -User "<username>@domain.com" -Password "<password>" #Test your connection to a vSphere Server Connect-VIServer <vSphere FQDN or IP> Instant Clones An instant clone builds on the advantages of a linked clone by not only sharing common files but also sharing RAM....

31 July, 2020 · 6 min · 1142 words · JD