Aug 26 2021

Interesting Privilege Escalation Vulnerability

Category: Security vulnerabilities,Windows SecurityDISC @ 9:21 am

It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin.

Privileged Attack Vectors

Razer DeathAdder Essential Gaming Mouse

Tags: Privilege Escalation, vulnerabilities, Windows, zero-day

Jun 26 2021

WhyNotWin11 is a better replacement for Windows 11’s PC Health Check

Category: Windows SecurityDISC @ 12:24 pm

An open-source application called WhyNotWin11 acts as a better drop-in replacement for Microsoft’s PC Health Check app to determine if your hardware is compatible with Windows 11.

This week, Microsoft announced that the next version of Windows is Windows 11 would be the next version of Windows and that it would be released as a free upgrade this fall.

As part of this announcement, Microsoft also published Windows 11’s minimum hardware requirements needed to upgrade or install Windows 11.

Microsoft released the PC Health Check app to check your computer’s hardware and tell you if it is compatible with Windows 11.

Unfortunately, Microsoft’s first version of the PC Health Check app did not tell users what hardware was failing tests, leading to even more confusion.

For many people, the issue was that they did not have a required TPM 2 compatible security processor enabled on their computer. As a result, Microsoft released an updated PC Health Check app that specifically warned users that a TPM 2 device was missing.

PC Health Check App reporting a TPM 2 not installed

Source: WhyNotWin11 is a better replacement for Windows 11’s PC Health Check

Microsoft Introducing Windows 11

Tags: PC Health Check, Windows, Windows 11, Windows 11's PC Health Check

May 21 2021

Information security: What is Pass the Hash Attack and how to mitigate the attack

Category: Windows SecurityDISC @ 12:12 pm

A Pass the Hash (PTH) attack is a technique whereby an attacker captures a password hash as opposed to the password itself (characters) thereby gaining access (authentication) to the networked systems. This technique is used to steal credentials and enable lateral movement within a network. In a Windows environment, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password.  Now that Kerberos has replaced NTLM as the preferred authentication method for Windows domains, NTLM is still enabled in many Windows domains for compatibility reasons. And so, pass the hash attacks remain an effective tool in the hands of attackers. It is worth noting that there are other attacks associated with Keberos such as Pass the ticket and Kerberos-brute force attack etc. I will be discussing this in my next guide. Below are some articles relating to this topic: NT LAN Manager: How to prevent NTLM credentials from being sent to remote servers, Active Directory Authentication methods:How do Kerberos and NTLM work, and How to configure a service account for Kerberos delegation.

Tags: hash attack, hash crack, Windows, windows server

Apr 05 2019

How to completely and securely delete files in Windows

Category: App Security,File Security,Windows SecurityDISC @ 3:36 pm

To make sure a deleted file can’t be recovered, you’ll need to use a third-party shredding tool. Here’s a look at three such free programs: Eraser, File Shredder, and Freeraser.

Source: How to completely and securely delete files in Windows

Enter your email address:

Delivered by FeedBurner

Tags: Microsoft Windows, Windows, windows security

Oct 29 2008

Laptop and traveling precautions

Category: Laptop SecurityDISC @ 12:58 am

Laptop security

Best practice emphasize the fact to backup the data if you can’t live without it, in the same way a traveler must avoid taking sensitive data on the road unless it’s absolutely necessary to do so. If you do plan to take sensitive data with you on the laptop, the necessary security controls must be implemented and go with the sensitive data. The data protection controls should be based on your information security policy data classification.

The laptop hardware itself is only worth few hundred dollars these days, but on the other hand it’s hard to put a price tag on the exposed data which may have a drastic impact on your organization, especially these days when most of the organizations are at the edge due to financial chaos.
Frequent travelers know it’s possible to lose a laptop or lose data because laptop may become inoperable due to hardware malfunction. Planning an important business trip should include encrypting sensitive data and backup on a remote website (Carbonite). So in case you lose your laptop or it’s is inoperable for some reason, you can remotely recover backed up files from site within reasonable time.


Here is how you can encrypt your data on Windows laptop with built-in utility EFS

1. Create a new folder, and name the folder Private.
2. Right click the new folder and choose properties
3. Click advanced button
4. Check encrypt contents to secure data box and then click OK, Apply and OK again.

You have created a secure area where you can put your sensitive documents. Any file or subfolder you add to this folder (Private) will be encrypted automatically. Basically any type of file except Windows system file will be encrypted in this folder. Now if the attacker steal your laptop and remove your hard drive and mount on a system where the attacker has administrative privileges, the attacker will not be able to access the contents of the folder Private. On the other hand 256-bit AES encryption key is stored in encrypted form as a file attribute called the data decryption field (DDF). The EFS private key, needed to decrypt the DDF and extract the file encryption key, is also stored in encrypted form in the registry. The master key, which is used to obtain the key needed to access the EFS private key, is encrypted by the systems key and also stored locally. So the attacker will be able to decrypt the EFS protected files if he can somehow get possession of the system key.

Luckily we do have a choice whether to store the system key locally on your laptop. If you click start, then Run and then launch syskey.exe utility, you can choose how and where the system key will be stored. The dialogue box will present three options.

1. Store the startup key locally
2. Store the startup key on the floppy disk
3. Generate the startup key from a password

With the two non default options, you will be requiring to either insert the floppy or enter the password whenever the laptop is BOOTED. The floppy option is highly inconvenient for laptop users but the password options seem sufficient to protect the laptop data. On the laptop which doesn’t have a floppy drive, don’t try to click the floppy option because when you boot next time the laptop will be looking for the system key on a floppy before booting.

Survey: CISOs worried about mobile data security

**The real Hustle – Laptop Theft Scam

Reblog this post [with Zemanta]

Tags: aes, Backup, Booting, carbonite, Cryptography, data classification, data ptotection, ddf, efs, encryption, exposed data, financial chaos, Hardware, Notebooks and Laptops, private key, Security, security controls, sensitive data, system key, threats, Windows