asteroza + domain   105

Security Focus: Analysing 'Account is sensitive and cannot be delegated' for Privileged Accounts – PoSh Chap
Apparently this setting helped to stop a NotPetya analog (NCC group's EternalGlue neutered red team worm using techniques from EternalBlue and mimikatz and bloodhound) from running rampant and capturing the domain admin account via token impersonation. There may be drawbacks however...
windows  active  directory  AD  security  domain  admin  token  delegation  NotPetya  EternalBlue  sysadmin  tips  tricks 
december 2018 by asteroza
Emoji usage in your domain – Joe McCormack – Medium
Probably limited to 10/2016, but MS did backport emojis to 7 so...
windows  unicode  emoji  password  domain  user  AD  security  hacking  pentesting 
september 2018 by asteroza
Expired Domains | Daily Updated Domain Lists for 388 TLDs
Service to tell you about expired names which have history/juice
expired  DNS  domain  name  list  service  security  hacking  pentesting  phishing  SEO 
august 2018 by asteroza
Njalla — A privacy-aware domain registration service
Registrar that tries to hide contact info as much as possible. Shell company in Nevis, contact email is a .onion address.
anonymous  domain  name  DNS  registration  registrar  service  privacy  security 
april 2018 by asteroza
Windows Server version 1709 no longer supports FRS
Old AD's that use FRS for sysvol replication block new server promotion
windows  AD  active  directory  SYSVOL  FRS  replication  sysadmin  tips  tricks  2016  domain  controller  promotion 
march 2018 by asteroza
Stop Using "internal" Top Level Domain Names - SANS Internet Storm Center
Hrm so .AA .ZZ .QM- .QZ .XA- and .XZ may be usable as internal TLD assuming no ISO country code is issued...
DNS  private  internal  domain  name  TLD  gTLD 
november 2017 by asteroza
Private local domain name
apparently .internal is no longer kosher, but numeric ones should still be safe for internal use...
DNS  private  internal  domain  name  TLD  gTLD 
november 2017 by asteroza
RFC 6762 - Multicast DNS
so .local was recommended for microsoft AD DNS for ages, but mDNS uses .local that's out. corp/hom/lan look to be possibly sold as gTLD's so they're unsafe, and internal is apparently no longer safe neither...
DNS  private  domain  name  naming  TLD  gTLD 
november 2017 by asteroza
NameQL - Find a great name
NameQL helps you find a great name. It searches 10s of thousands of potential names and shows you the best. It only suggests names for which you can purchase a .com domain.
product  startup  name  generator  service  DNS  domain  branding  marketing 
november 2017 by asteroza
Connecting…
How can ooo.0o0.ooo be a real domain?
humor  DNS  domain  name  Delicious 
february 2017 by asteroza
JPCERT/CC Blog: Verification of Windows New Security Features – LSA Protection M...
So the short story is the increased security from LSA Protection Mode or Credential Guard protects domain users mostly, if domain password caching is disabled. But local passwords are still vulnerable to Mimikatz, and password reuse is a thing...
Windows  domain  logon  password  hash  security  research  lateral  movement  pentesting  hacking  Delicious 
november 2016 by asteroza
stealth/harddns
Interesting, using DNS-over-HTTPS to improve security of lookups, assuming you trust google DNS.
NSS  module  DNS-over-HTTPS  DNS  SSL  TLS  certificate  pinning  domain  name  lookup  hardening  security  Delicious 
october 2016 by asteroza
PowerPath/FindShortestPath.ps1 at master · andyrobbins/PowerPath
How to locate a domain admin account on a PC that is hop/chainable from the current PC.
windows  domain  AD  administrator  admin  graph  graphing  user  search  pentesting  security  hacking  powershell  Delicious 
february 2016 by asteroza
AWS Fishing Panel
Reused elastic IP's with dangling DNS entires without short TTL's means I can potentially grab an IP for a major site, quickly deploy a phishing site emulating such site, and grab logins. Short TTL's and proper domain management will mitigate this though.
AWS  elastic  IP  dangling  domain  DNS  TTL  security  hacking  phishing  attack  Delicious 
october 2015 by asteroza
Simple Domain Name Registrar - iWantMyName
Assuming they aren't frontrunning you and buying the searched domain ahead of time...
domain  name  search  engine  service  DNS  web  online  Delicious 
july 2014 by asteroza
Patent-Able
Interesting work by a guy making 3D models of designs in US patents that have become public domain.
model  modeling  domain  printing  3D  fabbing  patent  tumblr  public  design  Delicious 
august 2013 by asteroza
Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003
Full line would be

w32tm /config /manualpeerlist:"0.europe.pool.ntp.org,0x8" /syncfromflags:manual /update
force  windows  active  directory  domain  controller  external  NTP  time  source  client  mode  sync  Delicious 
march 2011 by asteroza
OpenNIC Wiki: dotP2PTLD
Current rules to apply for an OpenNIC .P2P domain name from the OpenNIC registrar.
OpenNIC  alternative  DNS  root  infrastructure  domain  name  system  registrar  registration  Delicious 
december 2010 by asteroza
Main Page - Dot-p2p
I'm guessing you end up running a micro DHT client that hooks into name lookups locally to branch off .P2P domain lookups. This project is a response to the US government seizing domain names recently, pulling the rug out from both the owner and the registrar and possibly ICANN as well. Which generally proves the US should not have that much control over the DNS root (the US had been relatively well behaved up until now regarding this, so people were willing to leave the status quo alone, as having a single authority helps mangerially.) THe question now is whether the actions of the US will spawn more collective will to either remove total root control from the US or to switch to some kind of shared alternative system. Most governments will not support a fully decentralized system now as they understand that controlling the flow of information is critical to suppression and manipulation of the populace.
alternative  distributed  domain  name  system  DNS  bittorrent  privacy  freedom  activism  autonomous  decentralized  Delicious 
december 2010 by asteroza
.ORG Registrars | .ORG, The Public Interest Registry
Convenient list of .ORG DNSSEC compatible DNS registrars
DNS  DNSSEC  registrar  list  reference  signed  domain  name  Delicious 
june 2010 by asteroza
« earlier      
per page:    204080120160

related tags

3D  2008R2  access  account  active  activism  AD  address  admin  administrator  advice  aggregator  AI  ajax  ajaxDNS  alternative  analysis  anonwhois  anonwhois.org  anonymity  anonymous  antispam  API  APT  art  ASCII  association  attack  auction  audiobook  audit  auditing  automation  autonomous  AWS  backend  backorder  ban  band  best  bitcoin  bittorrent  block  bloodhound  book  branding  brute  BustAName  bypass  c  c++  catcher  ccTLD  certificate  change  character  check  checker  client  cloning  cluster  collection  communications  communities  complexity  computing  configuration  configure  content  control  controller  conversion  cookie  core  cost  count  CPU  cracking  crawler  credential  cryptography  CT  cycling  dangling  data  datamining  dataset  datawarehouse  DC  deathstar  decentralized  deep  defense  Dekart  delegation  delete  Delicious  deny  derivative  design  detection  devops  directory  distributed  dns  DNS-over-HTTPS  DNSSEC  DNStunnel  domain  domaintools  dorking  dossier  EBM  elastic  email  emoji  empire  emprie  encryption  engine  enrollment  enumeration  ESXi  EternalBlue  event  expired  expresso  external  fabbing  facebook  file  fingerprint  force  forwarding  FOSS  free  freedom  frequency  fronting  FRS  gandi  gatherer  geek.name  generated  generator  Germany  global  go  godadddy  godaddy  google  GPO  graph  graphing  grid  group  gTL  gTLD  guide  guilt  hacking  Hancock  hardening  hash  history  hostile  hosting  hosts  howto  HTTPS  humor  hunting  ICANN  IDN  iFrame  image  impersonation  information  infrastructure  intelligence  interest  internal  internationalized  internet  investigation  IP  japan  join  kerberos  KeySystems  language  large  lateral  leak  librivox  linux  list  local  log  logging  login  logon  lookup  low  machine  malware  management  mapping  marketing  Microsoft  mitigation  mode  model  modeling  module  monitoring  movement  mp3  name  Namecheap  NameCoin  naming  neo4j  network  networking  non-latin  nonexistent  NotPetya  NSS  NTLM  NTP  NUMA  obfuscation  ondemand  online  OpenNIC  opensource  OSINT  output  P2P  P2V  parking  password  patent  PDC  pentest  pentesting  permission  phishing  photo  picture  ping  pinning  podcast  pointing  policy  power  powershell  practice  predicitive  prevention  printing  privacy  private  privilege  product  programming  promotion  proof-of-concept  propagation  protocol  proxy  public  query  rainbow  rainbowcrack  recon  reconnaissance  record  recovery  redirect  reference  registrant  registrar  registration  registry  regulatory  relationship  replication  research  reset  resolver  restriction  reverse  RID  root  S3  scan  scanner  scanning  screenshot  scripts  search  SecPAL  secure  security  SEO  separate  server  service  sharing  signed  SIM  sizing  Skype  smartcard  snadbox  snatcher  socket  software  source  spam  specific  spider  squatting  SSL  startup  stealer  streaming  SubBrute  subdomain  suffix  surveillance  sync  sysadmin  system  SYSVOL  tables  telemetry  test  testing  theory  thepiratebay  threat  time  tips  TLD  TLS  token  tools  tor  traffic  transparency  tricks  TTL  tumblr  tunnel  tutorial  typosquatting  UGC  unicode  unlock  unlocker  unregistered  unrestricted  uptime  URL  USB  user  username  utilities  variant  vCPU  virtual  virus  VM  VMware  vNUMA  VoIP  VPN  web  webdev  website  WEFFLES  whois  whois.sc  wifi  windows  wireless  wordpress 

Copy this bookmark:



description:


tags: