If you have an own PKI in your AD, you may stop reading and move on. Nothing to see here. My gut however tell me, many mid-sized companies don’t have one and are at the mercy of Alex Neff’s Python script.1 Wsuks2 positions itself as man-in-the-middle between a Windows Update Server (WSUS) and the various servers/clients. It spoofs the WSUS IP in the ARP table. Upon contact (default: every 24 hours), a psexec64.exe along with a PowerShell script is distributed to the machines and executed, including elevation to Administrator. The payload can be adjusted arbitrarily. Read more

Over the weekend I have increased security and automatized processes - that’s lame! This can be anything or nothing, too vague and unspecific. Well technically correct and with a touch of cynicism: “I translated bash scripts to YAML.” Okay, let’s agree on: I consolidated numerous bash scripts for automatically renewing certificates, reduced complexity, eliminated potential security risks when transferring certificates from outside reverse proxies to inside hosts, and made everything more transparent with both Ansible and Git. Read more

A quizzle for the weekend: Which of the following domains is most likely a malicious one? Look closely! ԁeutsche-telekom.de sparkasse-ԁarmstadt.de cloud.sessionID.cf.373.tw/323.fra.commerzbank.de Quite simple, some will say. Others claim they never fail to phishing mails or open unknown file attachments. This always happens to the others! Whoever knows such a person may pass this quiz to him or her. Solution Even if the first two domains seem familiar, they do not lead to where you expect. The “d” in deutsche-telekom and sparkasse-darmstadt is a cyrillic “d” and hardly distinguishable from our latin one. Technically it is a completely different letter. A look into the source code reveals the difference: Read more

Yesterday and today I’ve noticed the author malvuln1. He has uncovered vulnerabilities for 14 malware and backdoor applications. Yes, you are correct: He has found vulnerabilities in malware and backdoors, practically with proof-of-concepts to reproduce. No need to emphasise, that’s all Windows malware we’re talking about. There is no indication whether he contacted the respective vendors of the affected “software” prior to his full disclosure. Also missing are CVE2 reference numbers and CVSS3 Scores. But with a chuckle we just look away. Read more

In the previous webinar on IT risk assessment and information security, participants questioned me during the 15-minute live hacking session: Is this not illegal? We took a closer peek at the servers of an ambulant care unit and two other businesses. I found them by chance from a total of 28 million hosts1 across Germany using specific search terms. The search lasted just a few seconds and after that we browsed through the numerous directories with patient data and medical prescriptions. Read more

Felix von Leitner (Fefe) in his latest article1 at Heise wrote a very good statement straight out from the bottom of my heart: Programming is in reality more an optimisation problem (what is the least effort I have to invest to get the customer to buy this) than engineering design. Even worse: If you find a developer who does everything correctly, then he is not competitive on the market against all the short-term approaches of the botchers of the competition. Read more

Feedbacks to my recently written blog “Working in Homeoffice Part I”: No Tomas, you can’t say you believe Windows is broken by design, bashing everybody up in the face. or: It’s not that simple getting privileges on windows computers. Well, how to put it right? Perhaps by explaining how easy and quickly you can become an administrator on Windows 7 or Windows 2008R2 server? Without knowledge of any login data at all? Read more

Home Office Workstations - Introduction How to integrate a corporate home office securely? And preferably also in a cost-effective, transparent and sustainable way! Some people might have been busy on this question due to Corona lockdown. As an external contractor, I used to stand at the sideline more than once and looked into the big arena of swarm idiocy1 and stupidity2. With this picture in mind, I’m launching a new blog series describing what I think a home office workplace for small and medium-sized businesses should look like. As always: No solution fits every use case universally. Your mileage may vary and of course the remark: I am buyable for exactly such challanges. Read more