2020 LDAP channel binding and LDAP signing requirements for Windows (KB4520412) https://evotec.xyz/four-commands-to-help-you-track-down-insecure-ldap-bindings-before-march-2020/ https://www.petenetlive.com/kb/article/0001645 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-2020/ba-p/921536 If the LdapEnforceChannelBinding key is not present, the server will use the new […]
Category: Research
Research Undertaken
How to leverage Azure PIM to protect onpem AD Groups
Make sure you set this up with the correct service user to start withAdd Groups that have roles assigned will be synced onpremMake sure you do not […]
How to Redirect Http to HTTPS on a non standard port on IIS using URL ReWrite
The standard way in IIS to redirect HTTP to https will not work because http_host contains the port You need to use Regex Magic : <rule […]
Dynamics Reports not Showing Logo’s
After copying the .DIC files fro Dynamics the Reports were not showing the logos A few things to note
FsLogix Update Procedure
Download FSLogix FSLogix is available for download: https://aka.ms/fslogix-latest
HTTP Header Internal IP Disclosure
Fix for IIS -> https://securitytutorials.co.uk/http-header-internal-ip-disclosure/ and how to test after Can also be done via -> https://www.verifyit.nl/wp/?p=175955 How to test HTTP header side : ( curl -v […]
The message was not delivered. Failed 365
A user could not send email in Office 365 anymore , however everyone else in the tenancy could The user was listed in Restricted entities , remove […]
Azure policy based VPN ikev1 ( Basic ) dropping Pings
Recently setup a ikev1 VPN between Azure and an Old Sophos Gateway which only supported IKEV1 device Going through the Microsoft Parameters listed here About VPN devices […]
Errors Enabling DKIM 365
After enabling one domain in DKIM , you get errors in the GUI when trying to enable the others The operation couldn’t be performed because object ‘xxxxx.com’ […]
Cannot add spn to delegated tab
Recently I was trying to delegate an SPN For HTTP service for An App ProxyWhen Choosing the above I could no search for the SPN in ADI […]
AppLocker
For severs look at https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controlshttps://dailysysadmin.com/KB/Article/6773/configuring-windows-applocker-to-protect-against-ransomware-attacks/ GitHub – microsoft/AaronLocker: Robust and practical application control for Windows <AppLockerPolicy Version=”1?><RuleCollection Type=”Appx” EnforcementMode=”Enabled”><FilePublisherRule Id=”041c480f-6af0-44b6-b712-ebc33913a055? Name=”All signed packaged apps” Description=”Allows members of […]
Account switch detected we were unable to verify your account MAC Outlook
After defederating a domain for a 365 tenant , trying to add the account back to Mac Outlook comes up with the error ” Account switch Detected […]