English

Stop using Lan Manager and NTLMv1!

mx_microsoft_borderWhen performing Security checks in customer environments I often find out that LAN Manager or NTLMv1 is still allowed. Most customers don’t know that this setting leaves the environment highly vulnerable to attacks targeting their authentication methods.

Why you should not use LAN Manager and NTLMv1 anymore you will read in this article. (more…)

Advertisements

myDeckWishlist – Magic the Gathering

mx_offtopic_borderMagic the Gathering, played with real cards, can be a very expensive hobby: If you want to buy cards for a new deck, you often have to wait some months to get all cards you need.

If you already own other cards which fit in your deck, you may also want to play them instead until you can afford the more expensive cards. (more…)

Video Tutorial: XSS – Cross Site Scripting

Cross Site Scripting is the consequence of a vulnerability in websites or Client Software. It allows an attacker to inject his own malicious code.

It is used either to trick the user to believe that the injected code is part of the website or to run scripts which are not distributed by the website itself.

Do you know the difference between a DOM-based, a Not Persistent and a Persistent attack? (more…)

Thank you: Over 100 YouTube Subscribers!

To get your individual YouTube channel name, your channel needs to have at least 100 followers.

Man, I was longing for my own channel name…
Finally this weekend I reached this goal: I got my 100th subscriber!

By now, you can find my YouTube channel here:
https://youtube.com/c/miriamxyra

Thank all of you who helped me to get my new channel URL and see you in the next video!

Exchange: Hide Disabled Users from the Global Address List (GAL)

mx_microsoft_borderWhen a user leaves the company, often the Exchange mail account is deleted and the user account gets disabled .

In this way, the former employee can not access corporate data, but he still appears in the Global Address List (GAL) for internal staff. He can still be selected in the address book and is also still visible in the team calendar.

The reason for this lies in the fact that the account is still in the Active Directory and in the attribute msExchHideFromAddressLists, which contains no value. If this attribute is set to TRUE, the user disappears from the Global Address List and from certain calendar groups.

To ease the work with disabled users, you can use the following PowerShell CMDlets. (more…)

Registry Hacking against sysprep errors

NOTE: This article is meant for system administrators only. DO NOT CHANGE YOUR REGISTRY if you administer your PRIVATE PC!

mx_microsoft_borderIf you want to create images and execute Sysprep, sometimes it can happen that the following error message is displayed when the computer was restarted:

The computer restarted unexpectedly or encountered an unexpected error. Windows installation can not proceed. To install windows click "OK" to restart the computer, and then restart the installation.

After restarting the computer an error message appears every time you restart the system, that prevents Windows from starting properly. But you’ve already prepared the system for the image creation so you don’t want to reinstall the system.

In this article I will show you how to save your image, without reinstalling the system. (more…)

Hacking Video Tutorial: Exploiting the Heap

mx_security_borderWhen it comes to buffer overflow, most people talk about an overrun in the stack segment. But what about the heap?
You rarely find documentation how a heap overflow is triggered and how you can exploit it.

Buffer Overflow is the consequence of a vulnerability in computer software. It is used by attackers to overwrite memory bounds, to crash the code and even to inject malicious code – the so called payload.

(more…)

Hacking Video Tutorial: Stack Buffer Overflow

mx_security_borderBuffer Overflow is the consequence of a vulnerability in computer software. It is used by attackers to overwrite memory bounds, to crash the code and even to inject malicious code – the so called payload.

In this video tutorial I’m reverse engineering my demo code with Immunity Debugger to show you how memory is processed in the stack.

(more…)