avatar

Filtering Domains with Squid Proxy

Introduction Squid is a web proxy with caching and forwarding capabilities, however, this post will not be concerned with caching web content. The focus will be on using Squid to control which domains are accessible to a user, either through blacklisting or whitelisting. This can be useful for blocking undesired domains, such as those associated with malware or advertisements. On the other hand it can be use to limit what a set of computers in a network can connect to which can potently mitigate the impacts of an attack.

Transferring and Seizing FSMO Roles

Introduction Within a Active Directory environment there are 5 Flexible single master operation (FSMO) roles that are present, they can either all be on a single domain controller or can be distributed between multiple. There are 2 FSMO roles that are forest wide and 3 that are domain wide. This post will describe the steps taken in order to either transfer a FSMO role to another server, or seize a FSMO role.

Credential Guard on Windows

Introduction This post will aim to explain Credential Guard and Virtualization Based Security (VBS) which is the technology that makes it possible. There has been many discussions, papers, and talks about this subject. The goal of this post is for me to write out the technical details of this technology in my own words. There are many interesting and insightful resources available online that can also help you understand how this technology works, resources I have found useful will be linked in the References section at the end of the post.

Updating and Rolling Back ESXi

Updating ESXi For this example I will be updating ESXi build 8169922 to ESXi build 13981272 . You can check the current build of an ESXi box by running the following command: 1 2 3 [root@testesxi:~] vmware -v VMware ESXi 6.7.0 build-8169922 [root@testesxi:~] Updates come in the form of ZIP files, this ZIP file is usually downloaded from VMWare website . After an update file is retrieved check that the hash of the file matches.

Saving ESXi Configuration State

Saving the configuration state of a standalone ESXi server will allow for the restoration of all configurations if a new instance is installed. This will include all virtual machines registrations, switches, port groups, and system configurations. Backing Up State Running auto-backup.sh will write the current configuration onto the disk, which is stored in /bootbank/state.tgz. ESXi has a cronjob that will run this script every hour, however, if there was a change made recently and you are backing up the configuration it would be best to run this script.

Locking Down a Workstation with AppLocker

Introduction AppLocker is a powerful component of the Windows operating system that allows an administrator to dictate whether a user has permissions to run a file. There are a few different types of files that can be controlled by AppLocker which include executable files (.exe), DLL files (.dll), Windows Installer files (.msi), PowerShell scripts (.ps1), and packaged applications (these include graphical programs such as Settings and the GUI for Defender).