miércoles, 29 de marzo de 2023
jueves, 23 de marzo de 2023
New vulnerability on Outlook
Check on the DC server the logs:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[System[(EventID=4624)]]
and
*[EventData[Data[@Name='AuthenticationPackageName']='NTLM']]
and
*[EventData[Data[@Name='TargetUserName']!='ANONYMOUS LOGON']]
</Select>
</Query>
</QueryList>
How to Disable NTLM Authentication in Windows Domain? | Windows OS Hub (woshub.com)
martes, 21 de marzo de 2023
How to connect to exchange online
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Get-ExecutionPolicy
Connect-ExchangeOnline -UserPrincipalName alejandro.garcia@birchandwaite.com.au
Get-AcceptedDomain
Disconnect-ExchangeOnline
jueves, 16 de marzo de 2023
How to filter security logs of active directory by username
How to filter security logs of active directory by username
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[
EventData[Data[@Name='TargetUserName']='DataDevice1']]</Select>
</Query>
</QueryList>