Zerologon: Windows Netlogon Vulnerability CVE-2020-1472

On August 11, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1472). The vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.


How to detect Zerologon attacks in your Windows infrastructure

Zerologon is arguably the most dangerous Windows vulnerability the security industry has seen. Organizations want to know with no uncertainty whether they’ve been attacked. That assurance doesn’t come from searching 30 days or even 90 days’ worth of Windows logs. It comes from a comprehensive search of all your Windows logs. Humio customers can get the certainty they need in a matter of seconds. Last month, Microsoft issued a patch for Zerologon.


Server Monitoring with OpsRamp

For decades, compute or server infrastructure has been the backbone of the IT world. Compute has gradually evolved from on-premise hardware to programmable compute in the form of software containers. Technology operators need to constantly monitor the performance of their Windows, Linux, and container infrastructure so that they can optimize their compute environments to match workload demands.


Use Windows Subsystem for Linux to enhance IPHost monitoring setups

Windows Subsystem for Linux (WSL) is a software component allowing to run Linux applications directly on Windows 10 and Windows Server 2019 starting from August 2016. There are several software projects aimed at running/porting certain GNU/Linux applications to Windows, most known being Cygwin and Minfw-w64.


Create Custom Icinga Powershell Modules and Plugins

Today I will show you briefly how to build your own Powershell Modules/Plugins using icinga-powershell-framework. As you might know, we recently started writing plugins in Powershell that can be used to monitor windows-services in Icinga2 in a simple way. If you are interested in learning more about it, everything is documented here down to the smallest detail.


Introduction to Windows tokens for security practitioners

This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments.


Ubuntu on WSL 2 Backported to Windows 10 1903 and 1909, Extending Reach

Microsoft announced the general availability of Windows Subsystem for Linux 2 in the Windows 10 May 2020 update, also known as version 2004. Today Microsoft announced an update for Windows 10 which brings WSL 2 back to the Windows 10 May 2019 and November 2019 updates, also known as versions 1903 and 1909, respectively.