Understanding and Remediating “PASSWD_NOTREQD”

In my previous post on querying the userAccountControl attribute, I noted one of the flags I want to ensure you understood was the PASSWD_NOTREQD or “Password Not Required” flag. As the name suggests, this flag allows you to have a fully functioning account with a blank password (even with a valid domain password policy in place). In my time…

10

Creating Custom Windows Event Forwarding Logs

You may have noticed recently that *we* Microsoft security people have kind of fallen in love with Windows Event Forwarding (WEF). Why? Its built into Windows itself, easily configurable and can collect a very large amount of course or finely filtered events (including existing events) from any domain joined machine with less then 30 minutes of…

10