jueves, 23 de marzo de 2023

New vulnerability on Outlook

 



Check on the DC server the logs:

<QueryList>

  <Query Id="0" Path="Security">

    <Select Path="Security">

*[System[(EventID=4624)]]

and

*[EventData[Data[@Name='AuthenticationPackageName']='NTLM']]

and

*[EventData[Data[@Name='TargetUserName']!='ANONYMOUS LOGON']]

</Select>

  </Query>

</QueryList>



How to Disable NTLM Authentication in Windows Domain? | Windows OS Hub (woshub.com)



martes, 21 de marzo de 2023

How to connect to exchange online

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Get-ExecutionPolicy

Connect-ExchangeOnline -UserPrincipalName alejandro.garcia@birchandwaite.com.au

Get-AcceptedDomain

Disconnect-ExchangeOnline

jueves, 16 de marzo de 2023

How to filter security logs of active directory by username

 How to filter security logs of active directory by username

<QueryList>

  <Query Id="0" Path="Security">

    <Select Path="Security">*[

 EventData[Data[@Name='TargetUserName']='DataDevice1']]</Select>

  </Query>

</QueryList>