-
Understanding Passkeys: A New Era of Authentication [Read More]
-
How to configure exchange online to block hyperlinks to zip top level domains
Import the Exchange Online PowerShell Module [Read More] -
Custom Windows Hardening
Introduction 4D5A/windows_hardening is a personal fork of 0x6d69636b/windows_hardening by Michael Schneider 0x6d69636b. 0x6d69636b/windows_hardening is a repository used for development and the production repository is HardeningKitty by scipag. The PowerShell module in the scipag/HardeningKitty repository is digitally signed by scipag.1 [Read More] -
Invoke-DNSQuery
Introduction Many Network Administrators and Systems Administrators frequently respond to questions about why an email wasn’t received by someone in their organization. The questions are often asked with a tone of “why did you block my email?” or “something is obviously wrong, because I should have received that email” and... [Read More] -
Get-PKICertificates
Introduction When I first started scripting with PowerShell, I came across the Get-PSDrive cmdlet. https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-psdrive?view=powershell-7.3 Immediately one of the things that stood out to me was that with PowerShell, it was possible to access storage devices, the registry, and certificate stores similar to the process of accessing storage devices with... [Read More] -
Active Directory Elevated Users Health Check
Introduction I reviewed the configuration of my domain controller and as part of my review, I used a security audit program to review the security configuration of my domain. It found several users which it stated had elevated privileges. I reviewed their Active Directory group membership but they only appeared... [Read More] -
Unblocking yourself from WHM
WHM provides some decent out of the box security tools. Those include iptables, cPHulk Brute Force Protection, and fail2ban. cPHulk and fail2ban have their own chains in iptables. If you are using both, you may end up getting locked out of WHM and not knowing how to log back in.... [Read More] -
Configuring Microsoft Intune to automatically enable BitLocker with full volume encryption
There is a great article at TechNuggets that explains how to Enable BitLocker Silently using Autopilot and Intune. One capability I was hoping existed was to not just enable Intune to Automatically enable BitLocker but to enable it using Full Volume Encryption instead of the default configuration of encrypt used... [Read More] -
Implementing DMARC for Enhanced Email Security: A Guide for Systems Administrators
Introduction [Read More] -
How to configure DKIM in Microsoft 365
DomainKeys Identified Mail (DKIM) is a solution for determining if the content of an email was modified after it was sent and to verify that the domain provided in the From address matches the domain name in cryptographic signature added by DKIM.1 [Read More] -
Configuring sender policy framework in Exchange Online
Before you change the configuration of your Exchange Online environment or public DNS, you should be comfortable with understanding what Sender Policy Framework (SPF) is and why it is important to properly configure. I wrote a introduction to SPF named, Blocking Spoofed Emails. [Read More] -
How to enable Windows Sandbox
Windows 10 and Windows 11 (Pro and Enterprise Versions) include a great feature called Windows Sandbox. [Read More] -
What is virtualization
As we start the year 2022, many people in technology refer to “virtual” servers, and “virtual” private servers (VPS), and “virtual” machines. What are these platforms, what makes them virtual, and what someone use them for? [Read More] -
Manually updating GVM
After reading Kali, Postgres, GVM, and Troubleshooting you may have GVM up and running on your linux machine. Next, you probably want to update the the Greenbone Community Feeds. If you previously used the Greenbone VM, you may be expecting the feeds to update automatically but if that doesn’t happen,... [Read More] -
Using a security group for Dynamics 365
As organizations move away from on-premises Active Directory (AD) to Azure Active Directory (AAD), there will be resources which were previously managed on-premises Active Directory security groups. When an account is created in AAD the account does not exist in on-premise AD (unlike if you create the account in on-premise... [Read More] -
Kali, Postgres, GVM, and Troubleshooting
Everything was working well, that is until you decided to install a newer version of Postgres, right? [Read More] -
How to create a Windows 11 dev environment
If you want to be able to quickly create a Windows 11 Virtual Machine in Hyper-V, there is a Hyper-V Quick Create option that will take care of downloading the ISO and installing the OS for you. [Read More] -
How does email work
Almost everyone uses email daily, but have you ever asked how your email reaches another person? [Read More] -
Blocking spoofed emails
TLDR; Who is allowed to send email for your domain name? Did you know you can tell the whole world which servers are allowed to send email from your domain name (and therefore, email sent from servers which you have not authorized should be considered fraudulent and the receiving email... [Read More]