All you need to know about Keytab files

Whether you are currently using them or planning to issue one, here is (I hope) all you need to know about those little binary files. It’s a Kerberos thing If you use or plan to use keytabs, it means that you are planning to add Kerberos support to a system which can’t do it otherwise…

1

Extract pictures from a Steps Recorder file

For those who don’t know, there is a pretty cool feature built-in in Windows since Windows Vista/Windows Server 2008 called Steps Recorder. It is there by default in your Windows folder: %windir%\system32\psr.exe. When you run it, it will capture a screenshot of each click that you perform on the system where it runs (if you…

0

Good news everyone! We are under brute force attack!

The title is a tribute to Professor Farnsworth… I mentioned it because my jokes usually never land… And just to make it clear, this post is not a guidance on what to do in case of brute force attacks (bummer… eh?), it is a just testimony of my recent experience with the topic and how…

2

🐶🐶🐶 Credential theft made easy with Kerberos delegation

Yes it takes just 2 lines of PowerShell to impersonate whoever you want… A small preamble: things discussed here are not hacking techniques, nor innovative ways to impersonate a user. These are intended behaviors, and they all have been around for a very long time. Why talk about it now? Because as a part of my job, I…

3

Do I really need ADFS?

Update 2018-01-06: Lots of new things came up so I updated this article. I often hear and read misconceptions on whether or not you should or must deploy an ADFS farm when Office 365 is in the picture. So I will try to give you my version (well it is a collection of feedback from…

14

List all possible security events and their descriptions in PowerShell

If you’d like to know all the possible security event in your system, the best way to do it is to download the spreadsheet that has the full list: Windows security audit events This is great, very complete but also implies that you have an Internet connection and Excel to open the file. An other…

0