Category: Uncategorized

October 6, 2016

Use nested traversal groups to allow access to ABE-enabled grandchild folders.

Say you have the following structure: \\DOMAIN\DFS\Folder1\ <– UserA can access this folder. \\DOMAIN\DFS\Folder1\Folder2 <– UserA has no privileges on this folder. \\DOMAIN\DFS\Folder1\Folder2\Folder3 <– UserA has modify access to this folder, subfolders and files. \\DOMAIN\DFS\Folder1\Folder2\Folder4 <– UserA has no privileges on this folder. With ABE, the UserA will not see Folder2 even though Folder3 is something they do have access to. So permissions are added […]

May 12, 2016

Use GPO to change the default behavior of potentially malicious file extensions.

If you’re like me and don’t have direct control of your own email filtering, or want to go a step beyond, you’re going to want a way to prevent non-PE viruses from running. Software Restriction Policies are good for this if you’re using them in a whitelist capacity, provided that you’ve also added the extension to the Designated File Types. From a blacklist standpoint it’s […]

April 7, 2016

DangItBobby.ps1 – Remotely disable a NIC given only a username.

So I have a code offering today, which I’m calling DangItBobby.ps1. It lets you remotely disable the NIC of a computer given only the username that is logged in. In essence, when in the middle of a ransomware infection, and you see that the owner of all the files is changing to Bobby, you run the script and provide credentials of a local admin account. […]

March 21, 2016

Quick Tips: Share Permissions do more than you think.

While rebuilding a piece of my lab for file server and DFS services, I had an odd set of symptoms. I had a user in a security group that was not set to be able to change permissions, and no ability to take ownership, in the NTFS permissions. Yet they were able to add permissions to give others elevated access, or even elevate their own […]

March 18, 2016

Ransomware is the future.

When I first started fighting ransomware in late 2013, I had a premonition that this was something serious. While CryptoLocker was rather easily defeated in the enterprise and ultimately killed by killing the botnet, media outlets and tech sites ran with the story. It showed this small group making millions and millions of dollars. Guess what? More people started writing ransomware. Cut to now. Ransomware-as-a-service is […]

March 2, 2016

Setting up secure Home Folders without touching AD.

In preparing for a new file server schema, I’ve been playing with home folders and quotas. I wanted to come up with a “home folder” solution that met a couple needs: Worked well with Windows 7 through 10 Did not involve the client support team having to set the home folder in each user’s AD profile Did not rely on folder redirection or roaming profiles Set-and-forget […]