LAPS, PVLAN and admin shares: limiting lateral movement
Summary A new effective ransomware showed up: NotPetya . Let’s look at how it spreads and what we can do to harden networks accordingly. Microsoft article detailing the attack: ht…
Posts
Newest first.
Apache Guacamole – a VPN alternative for your users
A quick introduction to a product that many blogs already talk about. Guacamole provides your users with a centralized web interface for RDP , VNC and SSH connections. In my case,…
Security: my recommendations
Hello everyone… Here are some security recommendations for your networks. I’m aware not everything is applicable everywhere. Protection against Internet‑facing attacks Review your…
A simple and effective firewall solution (Shorewall)
A quick post to introduce a simple and effective solution. In general we all agree iptables is reliable and powerful… but the syntax can be painful. I discovered Shorewall at my n…
Managing WAPT with an all‑in‑one package
Hi — it’s been a while! Today, a WAPT post 🙂 I’d like to manage WAPT in a different way. Let’s forget the console for 30 seconds and create a WAPT package that installs… WAPT pack…
Self Service Password + sync to Google Apps and Office 365
A useful post for Samba and Windows Active Directory. In my organization we have more and more BYOD laptop classes (students bring their own laptop). Credentials used for Wi‑Fi, O…
OwnCloud: mounting WebDAV as a network drive on Windows
Another short post about an issue I ran into. In my school we deployed an OwnCloud. It’s very useful for teachers and students from outside. With the desktop client on teachers’ p…
Wi‑Fi auth & filtering: FreeRADIUS, 802.1X, Squid, SquidGuard
Some time ago I wrote “Why you shouldn’t use Squid in transparent mode?”. That covered filtering — but not authentication. I considered PacketFence, but it’s more of a NAC solutio…
Update: fighting ransomware
Some time ago I wrote a post: “Fighting ransomware” : Fighting ransomware Today, a small update is needed. I collected ransomware samples from my spam inbox and started testing th…
WPAD: Chrome vs Firefox
A short post about a silly issue I hit with WPAD in Chrome, Firefox and IE. I wanted to use something like: if (isInNet(myIpAddress(), "172.29.0.0", "255.255.0.0&qu…