Ransomware has become a massive problem for individual users or entire organizations in recent years. Cryptolocker is a type of ransomware that encrypts valuable files (documents, photos, images) on users’…
NTLM (NT LAN Manager) is a legacy Microsoft authentication protocol that dates back to Windows NT. Although Microsoft introduced the more secure Kerberos authentication protocol back in Windows 2000, NTLM…
Windows Defender Antivirus is Microsoft’s free built-in antivirus that comes installed by default on Windows Server 2016 and 2019 (since Windows 10 2004 the name Microsoft Defender is used). In…
In this article, written as a part of a series devoted to Windows security, we will learn quite a simple method for getting passwords of all active Windows users using…
Microsoft Security Baseline contains recommended settings Microsoft suggests for Windows workstations and servers to provide secure configuration and protect domain controllers, servers, computers, and users. Microsoft has developed reference Group…
The broadcast protocols NetBIOS over TCP/IP and LLMNR are used in most modern networks only for compatibility with legacy Windows versions. Both protocols are susceptible to spoofing and MITM attacks.…
In August 2020, Microsoft released an update to fix a critical Windows Server vulnerability in Active Directory — CVE-2020-1472 (more known as Zerologon) . This update was successfully installed on…
Administrators often have to store passwords in automation scenario directly in the body of PowerShell scripts. As you know, it is extremely insecure when used in a productive environment, since…
In the previous article, we told that one of the ways to defending against mimikatz-like tools is disabling the debug privilege for system administrators using Debug Program policy. However, recently…