On August 11, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1472). The vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.
Zerologon is arguably the most dangerous Windows vulnerability the security industry has seen. Organizations want to know with no uncertainty whether they’ve been attacked. That assurance doesn’t come from searching 30 days or even 90 days’ worth of Windows logs. It comes from a comprehensive search of all your Windows logs. Humio customers can get the certainty they need in a matter of seconds. Last month, Microsoft issued a patch for Zerologon.
Pandora FMS is a proactive, advanced, flexible and easy-to-configure monitoring tool tailored to business itself. It adapts to all needs both in servers, network computers, devices and whatever is necessary. In this article, we will focus on Windows Server monitoring, using the software agent installed on our server.
For decades, compute or server infrastructure has been the backbone of the IT world. Compute has gradually evolved from on-premise hardware to programmable compute in the form of software containers. Technology operators need to constantly monitor the performance of their Windows, Linux, and container infrastructure so that they can optimize their compute environments to match workload demands.
Windows Subsystem for Linux (WSL) is a software component allowing to run Linux applications directly on Windows 10 and Windows Server 2019 starting from August 2016. There are several software projects aimed at running/porting certain GNU/Linux applications to Windows, most known being Cygwin and Minfw-w64.
Today I will show you briefly how to build your own Powershell Modules/Plugins using icinga-powershell-framework. As you might know, we recently started writing plugins in Powershell that can be used to monitor windows-services in Icinga2 in a simple way. If you are interested in learning more about it, everything is documented here down to the smallest detail.
This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments.
Microsoft announced the general availability of Windows Subsystem for Linux 2 in the Windows 10 May 2020 update, also known as version 2004. Today Microsoft announced an update for Windows 10 which brings WSL 2 back to the Windows 10 May 2019 and November 2019 updates, also known as versions 1903 and 1909, respectively.