TPM Owner Password

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today we will focus on TPM Owner Password – quite misunderstood secret that is usually linked to the Bitlocker. TPM (Trusted Platform Module) is a small chip on the motherboard (discrete TPM) or part of the CPU implementation (firmware TPM) where we can store…

17

Digest Authentication

Hello again. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will focus on Digest Authentication. Digest Authentication is a challenge-response authentication protocol used to authenticate users over the network. Challenge/response protocols require an authenticating server to generate a challenge containing some amount of unpredictable data. A client then uses a key derived…

0

EFS – “Element not found” error

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will troubleshoot with you one error related to EFS (Encrypting File System). EFS (Encrypting File System) is a component of the NTFS file system present in Windows starting from Windows 2000. EFS enables transparent encryption and decryption of files by using advanced, standard…

0

TPM Lockout

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today, I am going to talk about TPM Lockout state. TPM (Trusted Platform Module) is a small chip on the motherboard (discrete TPM) or part of the CPU implementation (firmware TPM) which can be used to securely store small amount of information (certificates, private…

14

MBAM version chart

Hello Its Rafal Sosnowski from Microsoft Dubai Security PFE Team. Some time ago I put together all versions of MBAM (Microsoft Bitlocker Administration and Monitoring) tool into one table. Small disclaimer: It is based on what I have seen in the wild and is not official information from Product Group.   Version Product 1.0.1237.1 MBAM…

30

ELAM Driver

Hello again. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team and today I will be explaining what is the ELAM driver. ELAM – Early Launch Anti-Malware is a piece of code that is loaded in the pre-boot environment and is responsible for verification of other drivers before they are loaded into memory. ELAM driver…

9

Special Groups Audit

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about Special Groups – feature added back in Windows 2008/Vista but not rarely used by administrators. Special Groups feature lets you audit all logons of the user that belongs to certain group so called “Special Group”. This is quite useful…

0

Bitlocker: Network Unlock

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Recently I have been requested by my customers to explain Bitlocker Network Unlock. So here you go. Network Unlock is a relatively new Bitlocker protector (added in Windows 8) that can be used to unlock computers after the reboot without need of entering Bitlocker…

17

Secure Boot on Virtual Machines

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will explain how to configure Secure Boot on VMs. Note: To better understand subjects presented in this article I strongly recommend to read my post about Secure Boot: https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/ Support for Secure boot in virtual machines has been added in Hyper-V for Windows…

0

Diving into Secure Boot

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today we will dive into Secure Boot technology. Secure Boot is a feature of UEFI (Unified Extensible Firmware Interface) that ensures that each component loaded during the boot process is digitally signed and validated. Secure boot makes sure that your PC boots using only software…

2

Bitlocker: AES-XTS (new encryption type)

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about new Bitlocker algorithm introduced in Windows 10 (build 1511). Bitlocker uses AES (Advanced Encryption Standard) to encrypt data on the drives. AES is a block cipher (as opposed to stream cipher) which divides plain text into blocks with the…

4

Who can add workstation to the domain

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. During my numerous Security Audits and Assessments I deliver to customers, I usually discover too wide permissions and user rights configured in Active Directory. One of them is “Add Workstation to the Domain”. There are 3 items that might influence who can add computer to…

3

Windows Update categories

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. I want to talk about different types of our Windows Updates. Microsoft has following categories of updates: Critical Update Security Update Definition Update Update Rollup Service Pack Tool Feature Pack Update   Critical Update – is an update which fixes specific, non-security related, critical bug….

4