I went into my password vault the other day to retrieve a password. For the application in question I had noted in the comments “old password may be ________”. I’m not sure why I felt the need at some point to record a previous password. This is terrible opsec practice to leave old passwords lying around. Ask yourself, how many folks do you think use old passwords as seeds for new passwords?
monkey12 -> monkey123
password! -> password!!
mommieOct06 -> MommieDec08
Sysinternals Autoruns is a great way to view persistent WMI subscriptions for an online system. What tools are available to scan for WMI subscriptions against offline images?
Wow, imagine the possibilities….
The U.S. Coast Guard is developing the use of 3-D printers to create spare parts on board its ships.The technology has already been used to produce spare parts, and is now being trialed more widely to print parts that are not normally kept on vessels and which may be difficult to source. The Coast Guard said this will improve mission readiness and logistical support.
“Sometimes those parts have lead times of weeks… maybe months, depending on the workload of the manufacturer,” said Captain Joseph Dugan, manager for the National Security Cutter Program.
Roskomnadzor, Russia’s internet regulator, decided to end its blogger registry because it has become inefficient. In 2014, Russia passed a regulation requiring bloggers to register which would monitor their blogs for content deemed illegal. The regulation’s intent was to eliminate anonymous blogging and to curtail libel and defamation, but bloggers believed “the goal [was] to kill off the political blogosphere,” according to a popular anti-Putin blogger.
All of these settings can be controlled via Group Policy / Local Security Policy:
1. Rename the Local Administrator Account
2. Disable the Guest Account
3. Disable LM and NTLM v1
4. Disable LM hash storage
5. Minimum password length
6. Maximum password age
7. Event logs
8. Disable anonymous SID enumeration
9. Don’t let the anonymous account reside in the everyone group
10. Enable User Account Control
Citing a worry over “cyber vulnerabilities,” the U.S. Army this week ordered that all drones built by China-based DJI, the world’s biggest drone maker, be immediately removed from Army service. The order comes following a classified study of the issue completed in May by the Army Research Laboratory, and the simultaneous release of a Navy memorandum titled “Operational Risks with Regards to DJI Family of Products.”
He says NASA and the Department of Energy have already stopped using DJI products. When Egan looked into why, he says they weren’t allowed to use the drones “because they are Chinese.”
1. Manage Legacy Protocols
Remediation: Disable the use of LLMNR, NBNS, and WPAD protocols in group policy.
2. Disable LM, NTLMv1
Remediation: Disable LM hashing, and, unfortunately require a password reset for all your accounts if it was enabled.
3. Common Password Use
Remediation: User education, increase default password length requirement from 8 to 12+, and add simple password brute-forcing as part of your vulnerability management program to check for weak or known passwords.
4. Enforce SMB Signing for Servers and Workstations
Remediation: Force SMB signing for all domain joined computers.
5. No LAPS
Remediation: Deploy LAPS, which rotates and stores the local administrator password in the domain controller.
6. Anonymous Enumeration Allowed
Remediation: Disable anonymous enumeration of SAM accounts and shares.
7. Remove Stored Passwords in Group Policy Preferences (GPP)
Remediation: Review your group policy preferences and ensure no passwords are used or stored.
8. Default User/Pass In Use
Remediation: Know what you have deployed on the network, and verify that no system is setup to use its default credentials.
9. Not Using MFA for Remote Access, or to Sensitive Networks
Remediation: Deploy multi-factor authentication at minimum for all remote access solutions and all cases where a security boundary is being crossed.
10. Non-Segmented Legacy Hardware & Software
Remediation: If you’ve seen “Silence of the Lambs”, think Hannibal Lecter in his cell, in a strait jacket… wearing a mask.
HT: Critical Informatics