Author: Miriam Wiesner

Stop using Lan Manager and NTLMv1!

mx_microsoft_borderWhen performing Security checks in customer environments I often find out that LAN Manager or NTLMv1 is still allowed. Most customers don’t know that this setting leaves the environment highly vulnerable to attacks targeting their authentication methods.

Why you should not use LAN Manager and NTLMv1 anymore you will read in this article. (more…)

Advertisements

myDeckWishlist – Magic the Gathering

mx_offtopic_borderMagic the Gathering, played with real cards, can be a very expensive hobby: If you want to buy cards for a new deck, you often have to wait some months to get all cards you need.

If you already own other cards which fit in your deck, you may also want to play them instead until you can afford the more expensive cards. (more…)

Hakin9 published my article in the latest magazine “WordPress Hacking & Vulnerabilities” (Vol. 11 No. 06) 


My article “WordPress distributions and Security – a short overview” was published in the latest Hakin9 magazine “WordPress Hacking & Vulnerabilities” (Vol. 11 No. 06)! (more…)

Video Tutorial: XSS – Cross Site Scripting

Cross Site Scripting is the consequence of a vulnerability in websites or Client Software. It allows an attacker to inject his own malicious code.

It is used either to trick the user to believe that the injected code is part of the website or to run scripts which are not distributed by the website itself.

Do you know the difference between a DOM-based, a Not Persistent and a Persistent attack? (more…)

Thank you: Over 100 YouTube Subscribers!

To get your individual YouTube channel name, your channel needs to have at least 100 followers.

Man, I was longing for my own channel name…
Finally this weekend I reached this goal: I got my 100th subscriber!

By now, you can find my YouTube channel here:
https://youtube.com/c/miriamxyra

Thank all of you who helped me to get my new channel URL and see you in the next video!

Einfache Administration durch WMI-Filter

mx_microsoft_borderWenn man Gruppenrichtlinien zuweist, kann man diese bestimmten Organisationseinheiten (OUs) oder Sites zuweisen.

Doch manche Gruppenrichtlinien sollen nur für ein bestimmtes Betriebssystem angewandt werden. Client-Versionen unterscheiden sich manchmal und es müssen unterschiedliche Einstellungen konfiguriert werden.

Wie kann man diese Herausforderung lösen, ohne OUs für jeden Systemtyp anzulegen?

Erfahren Sie in diesem Artikel, wie Sie sich die Administration mit WMI-Filtern vereinfachen. (more…)

Exchange: Hide Disabled Users from the Global Address List (GAL)

mx_microsoft_borderWhen a user leaves the company, often the Exchange mail account is deleted and the user account gets disabled .

In this way, the former employee can not access corporate data, but he still appears in the Global Address List (GAL) for internal staff. He can still be selected in the address book and is also still visible in the team calendar.

The reason for this lies in the fact that the account is still in the Active Directory and in the attribute msExchHideFromAddressLists, which contains no value. If this attribute is set to TRUE, the user disappears from the Global Address List and from certain calendar groups.

To ease the work with disabled users, you can use the following PowerShell CMDlets. (more…)