Skip to main content

Posts

Microsoft best practices for ransomware protection

Microsoft best practices for ransomware protection 1) Prepare your recovery plan   This is the first phase, planning your recovery in the event of a ransomware attack. This will help the organization in limiting the damage and handle the situation efficiently and reduce the monetary loss. Ensure procedure to make accessing and disrupting the systems harder.   Identify and categorize your business-critical systems and apply best practices. Ensure that you have a working backup. For this make use of the Azure Backup services. It also provides built-in monitoring and alerting capabilities to view and configure actions for events related to Azure Backup. Make sure to implement steps to protect the integrity of the backup, implement principle of least privilege and adding an extra layer of authentication for critical operations, you're prompted to enter a security PIN before modifying online backups.   2) Limit the scope of the damage   Assume breach scenario. In the event of a successf
Recent posts

Free Certifications and Training [Feb 2024]

Consolidated list of Active free certifications and training. [Feb 2024] Course/Certification Link Kubernetes from KubeCampus https://kubecampus.io/ Veeam Product training & Certifications https://www.veeam.com/free-on-demand-trainings.html CC- Certified in Cybersecurity from ISC2 https://www.isc2.org/Certifications/CC EC-Council's Essentials Series from EC-Council https://codered.eccouncil.org/essentials-series-bundle Free Courses from Linux Foundation https://training.linuxfoundation.org/resources/?_sft_content_type=free-course API Penetration testing, Fundamentals from APISECUniversity https://www.apisecuniversity.com/#courses API Designer, Security Architect, Product Manager certifications https://apiacademy.co/api-certification/ JumpCloud Certification https://university.jumpcloud.com/pages/get-jumpcloud-certified arcX Cyber Threat Intelligence (CTI) 101

What is the use of Microsoft Learn XP?

You may be wondering if there is are any benefits of accumulating XP points in the Microsoft Learn website. The answer is No and there are options such as redeeming to get Certification vouchers or swags (as of today).  Learn XP is only a representation of your learning progress.  To access the learn website : https://learn.microsoft.com

[FIX] yt_dlp.utils.DownloadError: ERROR: You have requested merging of multiple formats but ffmpeg is not installed

[ISSUE] While running your python code or while executing a job : yt_dlp.utils.DownloadError: ERROR: You have requested merging of multiple formats but ffmpeg is not installed [CAUSE] Your code is unable to find ffmpeg installed in your system. [FIX] Install ffmpeg in your system. 1) Download ffmpeg package from Git or already compiled executable from the official website .  2) Once downloaded, extract the zip file and place it in your desired location. eg: C:\  3) Now add the ffmpeg bin directory location in the user environment variable path.     In the User variables section. Select Path and click on New.  Click on New and add the path. Now compile your code and it should work. For the python code to download YouTube playlist, visit https://github.com/jaacostan/YTDL

RUST errors due to outdated version | IDE

I haven't used IDE for a while and today, when i opened to do something, it was throwing me multiple errors. Error 1 : error: Found argument '--filter-platform' which wasn't expected, or isn't valid in this context The rust-analyzer invokes the command cargo metadata with the flag --filter-platform. This flag was added in Rust 1.41.0. The older versions will give the following error. C:/.cargo/bin/cargo.exe metadata --verbose --format-version 1 --all-features --filter-platform x86_64-pc-windows-msvc stdout : error: Found argument '--filter-platform' which wasn't expected, or isn't valid in this context Error 2 : Another error was Fetching Cargo Config failed. Execution failed (exit code 101). C:/.cargo/bin/cargo.exe -Z unstable-options config get stdout : stderr : error: no such subcommand: `config` Error 3 : Rust 1.39.0 which is no longer supported. It may lead to unexpected errors. Consider upgrading your toolchain to at least 1.56.0 Solution is to

Information Technology Service Management (ITSM) Core Processes.

 Information Technology Service Management (ITSM) Processes. 1) Service Request Management Focuses on requests and responses for the IT help-desk items. The processes should be established and uniform. To reduce the workload on agents, organization may consider implementing self service options or chat-bots. 2) Service Catalogs Generally Service Catalogs is a central location/webpage with all the details for contacting the help-desk. It may also contain the self service options and solutions for common problems/issues. 3) Knowledge,Policy and Procedures. This is the knowledge base which controls the collection, maintenance and distribution of information sharing throughout the organization. It shall include the policies, standards, guidelines and the operating procedures for each process or tasks. 4) Incident Management. Defines process on how to handle a situation when an incident happens and how to fix the situation in an accelerated and organized manner. The objective is to reduce t

Download Microsoft Office 2019 offline installer.

When you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy. Here is the list of genuine Microsoft links to download the office .img files.  Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img Download Microsoft Office 2019 Professional : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/Professional2019Retail.img Download Microsoft Office 2019 Home and Business : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/HomeBusiness2019Retail.img Download Microsoft Office 2019 Home and Student : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-U

Enhance your privacy on Microsoft Windows.

Windows comes preinstalled with a lot of bloatware, telemetry and unnecessary services enabled. This results in higher resource utilization and less privacy. This post introduces some free open tools that helps to enhance privacy on windows by disabling unnecessary services and bloatware. 1) Privatezilla Privatezilla integrates the most critical Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. Active settings are marked with the status "Configured" and indicates that your privacy is protected. The inactive ones are declared as "Not configured". All available settings (currently 60) can be enabled as well as disabled. Link : https://github.com/builtbybel/privatezilla 2) Windows10Privacy Windows 10 Privacy Utility streamlines many of Windows 10's built in privacy settings into something that is easy for people to access on a single page while also providing an easy way to access hidden functions and additional t

Top 10 Free Infosec Learning resources and platforms.

Consolidated list of  selected top 10 Infosec Learning resources and platforms. Red Teaming 1) Beginner? Want to learn ethical hacking basics. The best stepping stone is Practical Ethical Hacking course by TCM on freeCodeCamp's YT. FreeCodeCamp has other free courses related to programming, ethical hacking etc on their YouTube channel. Learn for free. Link : https://www.youtube.com/watch?v=3Kq1MIfTWCE 2) Try Hack Me (THM) Learn and practice your cybersecurity skills such red teaming activities, blue team activities etc. Has curated learning path for organized learning. Link : https://tryhackme.com/ Subscription : Most of the rooms are free. Subscription (~10$/mo) enables to access the learning path and exclusive rooms. Level : Beginner 3) Web Security Academy. Free, online web security training especially on OWASP top 10 from the creators of Burp Suite Link : https://portswigger.net/web-security Subscription :Free. Level : Beginner 4) eLearnSecurity Junior Penetration Tester Train

[Fix] Windows shuts down automatically without warning?

Recently i encountered a very annoying problem. One of my Windows VM running on Virtualbox. This windows host keep shutting down on regular intervals. Initially i couldn't able to identify whether it is random or happening on fixed time intervals. I went through the settings, change active hours, change advanced startup options and went through the scheduled tasks suspecting something is triggering the reboot. Well, that didn't fix the issue. Then i went through the event viewer, and under Windows Application logs, i can see some informational events with event ID 100 . It mentions that, the license period for this installation of Windows has expired. The Operating system will shutdown every-hour. So that's it. My Windows trial period was over and without having a valid license, the OS disables many windows features, won't receive any updates, and this regular shutdown thing.

Malware Analysis : RtlMoveMemory function and its usage.

Note : This is the continuation to my previous post on VirtualAlloc function, click here to refer. RtlMoveMemory function copies the contents of the payload to the destination memory block/buffer. The syntax of the function is, VOID RtlMoveMemory(   _Out_       VOID UNALIGNED *Destination,   _In_  const VOID UNALIGNED *Source,   _In_        SIZE_T         Length ); Destination : To where to copy the payload. Source : From where to copy the payload. Length : Size of the payload. Example : char payload[] ={0x90,0x90}; int payload_size=2; mem = VirtualAlloc(0,payload_size,MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); // Create and allocate a memory buffer RtlMoveMemory(mem,payload,payload_size) Reference : https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlmovememory

Malware Analysis : VirtualAlloc Function, Usage.

While creating a malware, in-order to run they payload in the memory of the process, we need to create a memory buffer for the payload. For this purpose, we need to make use of the VirtualAlloc function. As per the windows documentation, a VirtualAlloc function reserves, commits or changes the state of a region of pages in the virtual address space of the calling process. Lets dig deep on this function and its parameters, The syntax for the function usage is, LPVOID VirtualAlloc(   [in, optional] LPVOID lpAddress,   [in]           SIZE_T dwSize,   [in]           DWORD  flAllocationType,   [in]           DWORD  flProtect ); lpAddres s : This field is optional. It is the starting address of the region to allocate. dwSize : The size of the region in bytes. This si usually the size of the payload we have, not less than that. flAllocationType : Type of memory allocation. The commonly used parameters are MEM_COMMIT and MEM_RESERVE, MEM_COMMIT : Allocates memory charges (from the overall si