Cached credentials are extremely useful for laptops that don’t always connect to their domain controls. When you log into one that is outside of your network, Windows checks if the entered username and password match the local cached copy and will let you in if it does. But it’s not necessary on a desktop computer that is always wire-connected to […]
Back to the old days when everything goes through the classic SMTP, nothing gets protected. Those were the good days for any man in the middle, picking up confidential information like free gift. Not anymore with the use of TLS, StartTLS, or even better S/MIME which is suitable for your most sensitive information. Every email sent through TLS is encrypted […]
A fellow IT Redditor, /u/shalafi71, created quite a security training slideshow and generously shared his PowerPoint on /r/sysadmin, who also adds: Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, […]
A Reddit user raised this great question today that I am not aware of. So I did a little research and here is the breakdown of what it is. What is KRBTGT? The KRBTGT is a local default account that acts as a service account for the Key Distribution Center (KDC) service. It’s created automatically when a new domain is […]
Pwned Passwords is a great web service that lets you check your own password against millions of compromised and leaked password. It’s not only getting constantly updated by the owner, Troy Hunt but offers text-based downloadable files and API for anyone interested in building a 3rd party app. Newly added to the list is the password hashes in NTLM format, […]
Dots don’t matter is a feature Google has put on Gmail, meaning If someone accidentally adds dots to your address when emailing you, you’ll still get that email. For example, if your email isĀ [email protected], you own all dotted versions of your address: [email protected] [email protected] [email protected] The intention of this is good but it also opens a door for a phishing […]
This is a very nicely written cheat sheet by JDow.io for web application penetration testing. This cheat sheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. Many of the ideas presented in this sheet […]
Next time when you are throwing away a used boarding pass with a barcode on it, please consider tossing it into a shredder instead. Why? Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent […]