Script for detecting potentially vulnerable Log4j jars [CVE-2021-44228] on Windows Server

Update 2021-12-18 – This looks like a much more competent script for detecting this vulnerability and there is a python version for Linux: https://github.com/CERTCC/CVE-2021-44228_scanner Updated 2021-12-17 – Script is v1.4 and looks for .war files now too Original post below Inspired by the one-liner here: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b#find-vulnerable-software-windows I wrote a script to expand on the command, … Read more

How to perform an offline audit of your Active Directory NTLM hashes

It’s read-only Friday so I decided to perform a offline audit of our Active Directory passwords. I found this great tool: https://gitlab.com/chelmzy/five-minute-password-audit which in turn is a fork of this tool: https://github.com/DGG-IT/Match-ADHashes What I’m going to write here is mostly a repeat of these two Gitrepos with a few tweaks and corrections. To perform this … Read more

Event ID 20292 from DHCP-Server

Checking over our DHCP server we were seeing quite a few of these errors appearing in the ‘Microsoft-Windows-DHCP Server Events/Admin’ event log: Log Name: DhcpAdminEvents Source: Microsoft-Windows-DHCP-Server Date: 1/28/2019 10:23:49 PM Event ID: 20292 Task Category: DHCP Failover Level: Error Keywords: User: NETWORK SERVICE Computer: dc2.mydomain.com Description: A BINDING-ACK message with transaction id: 943568 was … Read more

Microsoft RAS VPN and VXLAN not quite working

I’m not overly knowledgeable about advanced networking but I figured I’d share this since I couldn’t find anything online about it at the time. We run a Microsoft Remote Access Server (RAS) for our VPN server. We provide L2TP primarily for users. Due to a limitation in the Windows VPN client our RAS server has … Read more