June 2017: @TroyHunt is back in Belgium for his workshop ‘Hack Yourself First’. Wanna join?

ZIONSECURITY will be welcoming Troy Hunt again. The 1st and 2nd of June, he will be leading a ‘Hack Yourself First’ workshop where he will teach professionals how to break into their own applications. Find out the program and register here!

#update: download the flyer with program and details here: Flyer Troy Hunt June.

I have been there the last time, it was great fun, lots of interaction. And I certainly would recommend you to join.

What if you really wanna join, but your boss is not willing to sponsor? (While he SHOULD!).
Or any other silly reason you can’t attend?

Well, you know, if you can provide me a very good, strong, original and unique argument why you MUST be at this workshop, you might be lucky.

You know the channels to reach out to me and test your luck.

Some suggestion, send me a direct message:
1. Comment on this post,

2. mail me, tweet me (direct message!), F@ceBook me, LinkedIn …

Convince me and it could be you sitting at the first row.

Advertisements

Note-to-self: Strenghten your Intune/SCEP with ADCS

Recently I got a question from a customer about SCEP.
SCEP as in “Simple Certificate Enrollment Protocol”, not “System Center Endpoint protection”.

Pretty important difference, although SC (System Center as in SCCM) is involved in this case.

Background:
customer investigating integration of ADCS (Active Directory Certificate Services) with Intune.

Case:
Customer found an interesting article: “Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests” (http://www.kb.cert.org/vuls/id/971035)

In short, the article mentions (quote):

“SCEP was designed for use “…in a closed environment” and is not well suited for MDM and “bring your own device” (BYOD) applications where untrusted users and devices are in use.

When a user or a device requests a certificate, the SCEP implementation may require a challenge password. It may be possible for a user or device to take their legitimately acquired SCEP challenge password and use it to obtain a certificate that represents a different user with a higher level of access such as a network administrator, or to obtain a different type of certificate than what was intended.”

In Windows Server 2012 R2 the Active Directory Certificate Services (AD CS), NDES supports a policy module that provides additional security SCEP.

Windows Server 2012 R2 AD CS NDES does not ship with a policy module. You must create it yourself or obtain it as part of a software solution from a MDM vendor.

Microsoft Intune DOES HAVE that module.

But how do you integrate your ADCS with Intune?
Well, here’s the interesting stuff, there is a bunch of interesting reading and even step-by-step guides available from one of our Microsoft colleagues.
Just to be clear: all credits go to the original authors of ALL these articles I point you to.

But I thinks the links below must be in your favorites collection.

The technical background info you can find on TechNet had an update, recently:

If you really want to dive into it, with practical hands-on, please check this out (credits to Pieter Wigleven)

Pieter has put quite some effort to document the procedures step-by-step with very interesting screenshots.
Enjoy and share!

Note-to-self: Download free DLA Piper legal start-up pack with legal rules of thumb and templates.

Source: http://trends.knack.be/economie/bedrijven/gratis-juridisch-start-up-pack-voor-technologiestarters/article-normal-541367.html

“This Start-up Pack has been designed and prepared by the (DLA PIPER) Technology Sector initiative, which includes lawyers with experience in intellectual property, corporate, employment and tax matters.

The purpose of this Start-up Pack is to provide assistance and support to early stage start-ups who are looking to establish their business on a more formal basis. Creating the right legal framework and ensuring that the business is protected at the outset is vital for a start-up to achieve its full potential.”

Note-to-self: using Honeypot to detect Mimikatz Use On Your Network

Source: https://isc.sans.edu/diary/Detecting+Mimikatz+Use+On+Your+Network/19311

In short:”… Here is the idea.   You stage these fake credentials in the memory of computers you suspect might be the initial entry point on your network.   Perhaps all the computers sitting in your DMZ.    For a great deception my friend Rob Fuller (@mubix) is toying with the idea of putting this into the logon scripts to stage fake workstation administrator accounts on all the machines in your network.  Then you would setup alerts on your network that detect the use of the fake accounts.    Be sure to choose a username that an attacker will think is valid and will have high privileges on your domain. …

 

Note-to-self: Just Enough Administration Whitepaper

Source: https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

Short URL: http://aka.ms/JEA

From the introduction: ”

In the current world of Information Technology, protective measures do not stop at the network edge. Recent news reports based on security breach post-mortems indicate the need to protect assets using measures that reduce administrative access. While the principle of least privilege has always been known to IT Security professionals, there is a need in the industry for a standardized method of constructing an operator experience that reduces access with a more sophisticated level of granularity than what is available in many traditional access control models.

Just Enough Administration (JEA) is a solution designed to help protect Server systems. This is accomplished by allowing specific users to perform administrative tasks on servers without giving them administrator rights, and then auditing all actions that these users performed. JEA is based on Windows PowerShell constrained runspaces, a technology that is already being used to secure administrative tasks in environments such as Microsoft Exchange Online.”

For the latest information, please see http://blogs.msdn.com/powershell/ and http://aka.ms/buildingclouds

Don’t need to tell you that you should definitely save these in your favorites. (Well, just did it… so no excuses..)

Note-to-self: free Executive Guide: IT-security en riskmanagement #ZDNet

Source: http://www.zdnet.be/continuity/159407/gratis-executive-guide-it-security-en-riskmanagement

As add-on to their free seminar on businesscontinuity (11/dec) ZDNet offers a free guide on IT-security and riskmanagement.

It offers 10 IT-riskmanagement domains that are often forgotten. The guide also offers a simplified framework on IT Risk management for SMB.

Further more the guide discusses useful topics on risk management, to determine the possible risks and how to implement control mechanisms on insider threats.

Download the executive guide here.