Category Archives: Windows 10

Secure Your DNS Traffic with the outside world

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });
DoH in Microsoft Windows OS

Until this moment Microsoft Windows OS doesn’t support DNS over HTTPS, The feature will most likely be implemented in future builds but no body knows when is that however, You can still take a peak into the feature which is in preview mode/

Benefit of using DoH on an OS level

The benefit of using DoH on an Operating System level would provide more certainty that your DNS queries leave your computer without being read by any other party even if that is your ISP.

A simple DNS nslookup query using Wireshark on your computer would show you how serious this topic is. After installing Wireshark you’ll be able to see that all of your dns queries are in clear text and can be read by anyone until it gets to the destination website/server.

Demonstration of DNS lookup without DoH

After installing Wireshark, I fire up Powershell or CMD and try to nslookup google.com and it’ll show what I just queried for.

So how to make sure that your DNS queries don’t leave your computer in clear text format? and since Microsoft OS is not DoH ready yet what can you do?

In my case, I am already using encrypted DNS on firewall level as I have Pfsense acting as a router and it already supports DoH but still not pretty satisfied :).

DNSCrypt as a solution

Since the foundation of DoH I have been looking for a solution that would work on Microsoft Windows OS and luckily someone already created this great project called Simple DNSCrypt which not just enables the encryption of DNS queries on your OS but also enables this to work as a service.

Installing DNSCrypt would create a Windows based Service which would start automatically when your OS boots and logs into Windows.

The service is called DNSCrypt Client Proxy

Add alt text

DNSCrypt has a simple interface, You can pick up the DNS Server where to forward queries to and it works with proof.

Right after the installation of this tiny app, launch it as an administrator and configure it as in the below screenshot. You can choose to install the service or not.

Add alt text

Right after you enable it (By clicking on your Network Card box) that will start protecting your DNS queries. Let’s go ahead with a little demo

I am going to start Wireshark after enabling DnsCrypt and do a google dns lookup , As you can see below on wireshark it’s not returning any dns queries.

When you install Simple DNSCrypt it changes your Preferred DNS configuration to localhost so that all queries is passed through the app in DNS over HTTPS which doesn’t allow even Wireshark to see it as DNS.

So that makes it pretty secure and not even your firewall will see it.

If you have any question please don’t hesitate to ask me

Official DNScrypt website https://simplednscrypt.org/

Support the project founder https://github.com/bitbeans/SimpleDnsCrypt

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});

Microsoft Windows 10 security updates KB4532695 and KB4528760 causes TPM driver to fail and results in windows 10 BSOD

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });

Windows 10 Update :

Yesterday and today Microsoft released KB4532695 and KB4528760 causes TPM 2.0 driver to stop functioning and causes BSOD with error “Memory Management” Issue.

Windows Hello Face Authentication

In the first KB Microsoft says they have improved the accuracy of Windows Hello Face authentication however this would cause your PIN to be reset, TPM driver stop functioning and BitLocker to change in Pause state.

Check KB Article here

The BSOD will generate an event ID 1001 stating the bugcheck code and saves a dump. ( I haven’t analyzed that yet).

I suggest not to run it till Microsoft releases a bug fix

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});

Warning for millions of Windows 10 users

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });

The “Windows List” website, which follows the news of the famous operating system “Windows 10“, issued a warning to the users of the Operating system after it monitored a new security update for the operating system, which is “KB4528760” causing serious problems, noting that the problem “appears to be widespread now.”

In its interpretation of the sequence of events, the site says that this update initially fails to install on the device, issuing “a number of general error messages” that do not provide any indication of the cause of the problem, then the problem escalates as the next time you restart the computer it fails to boot .

“The recent update KB4528760 for Windows 1909 (the Windows build version number) appears to cause problems with some computers and prevents them from Starting up, causing the oxcooooooe error code. The number of devices affected by this problem has increased after installing this update,” says a user on the official Microsoft Community Forum. .

Some users attribute the problem to Microsoft’s Connect app, which the company has terminated. Although it is not the only scenario of the cause of the problem, the users who installed the app or had it installed and then uninstalled it, have been particularly severely affected. It is only Windows Vista that completely re-installs the Windows 10 operating system.

What increases the importance of the warning issued by “Windows Light” is precisely that Microsoft is not yet aware of this problem. Indeed, until the moment the company states on the support page of the latest update that it is “currently not aware of any problems with this update.”

This is a recurring series of slow responses in recent years, as Windows 10 users have experienced problems caused by system updates, and this is disappointing because it encourages users to continue to download the update that might harm their computers

The good thing here is that Microsoft is working on substantive modifications to improve the updates of “Windows 10”, but the bad thing is that the process of testing the modifications in its entirety is fundamentally flawed, according to the site mentioned

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});

MICROSOFT EXPOSES A SECURITY ISSUE THAT AFFECTS MILLIONS OF WINDOWS 10 COMPUTERS, RDP AND DHCP ON WIN2008R2

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });

Windows 10 Crypto API Spoofing

Microsoft has released a new security patch for a vulnerability that could affect millions of Windows 10 Users world wide. The decades old CryptoAPI tool validates and signs packages/software which could be utilized by hackers/developers to sign and execute illegitimate software thus would allow users to run anything without user’s nor Antivirus/Internet Security software’s notice.

Microsoft mentioned that the vulnerability could also allow hackers to change or modify encrypted communications.

It’s important to notice that CryptoAPI is a legacy API that’s being replace by a new CNG (Cryptography Next Generation API) which also supports CryptoAPI.

CryptoAPI Key Storage Architecture

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Windows 2008 R2, Windows 7 RDP

A day ago Microsoft released two very important security patches on May 14, 2019. One of these patches has been detected in the RDP service (CVE-2019-0708) which affects Windows 7 and Windows 2008 R2. According to MS’s Article a remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Windows 2008R2, 2012R2, 2016 and 2019 DHCP

The other one is in the DHCP service (CVE-2019-0725), and both exploitations are very critical. When we look at CVE-2019-0708, which is related to the RDP service, we see that attackers are able to run code on systems by sending specially produced packages without any user interaction and authentication and manage to install malware like Ransomware or other execution files.

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0725

Sources:

Microsoft, NSA, Other Security Researchers

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});

Enable PowerShell remotely on all PCs in a domain

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });

Enable PowerShell remotely on all PCs in a domain

First from the DC I’ll get all the PCs list in the forest/domain and add them to a text file called “Servers.txt” in C root drive.

Add-Content -path C:\Servers.txt -Value Dummy ; Get-ADComputer -LDAPFilter “(name=*)” -SearchBase “DC=moh10ly,DC=com” | Select -expand Name | Out-File -Encoding utf8 “C:\Servers.txt” -append

Next I will add those servers list to the syntax $PC

$PC = Get-content “c:\servers.txt”

Then I will get the list of the PCs in the $PC (server.txt file) to get ready for processing commands with a domain admin credentials.

Invoke-Command -ComputerName $PC -ScriptBlock { hostname } -Credential moh10ly\administrator

Enable powershell access remotely on all clients in the text file.

Get-Content C:\Servers.txt | ForEach-Object {Enable-PSRemoting -Force} –Verbose

This should do the job and now you ‘ll be able to access powershell remotely on all your domain clients.

https://technet.microsoft.com/en-us/library/hh847893.aspx

https://technet.microsoft.com/en-us/magazine/ff700227.aspx

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});

Windows 10 powershell’s Linux sudo apt-get install like CMDlet with Chocolately app

(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({});
(adsbygoogle = window.adsbygoogle || []).push({ google_ad_client: "ca-pub-4485177434915413", enable_page_level_ads: true });
Windows 10 has arrived finally and with it came lot of new features, and one of my favorite new features is that you can finally install applications through powershell just like Linux OS’s terminal window command (apt-get install).

Although the command is still pretty new and lack many repositories where you can find and install applications from…. there’s already some people who are working on adding sources of applications which you can test initially before Microsoft asks product companies to start making their own repositories so Powershell can trust these sites and applications.

One of the sites that are working on providing Windows 10 with repositories is https://chocolatey.org/ which provides hundreds of softwares that can be installed through PS.

To install Chocolately repository simply do the following

Open powershell as an administrator and paste the following cmdlet

@powershell -NoProfile -ExecutionPolicy Bypass -Command “iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET PATH={308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}PATH{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f};{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}ALLUSERSPROFILE{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}chocolateybin

Then this
iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))

From
https://chocolatey.org/

As soon as you have installed chocolately, you will get a new huge list of applications that can be installed with a very simple and short cmdlet as in the below screenshots.

The good things about these cmdlets is it can be used to deploy an app for a huge number of clients by simply running the script through GPO or batch file.

I am going to install VLC and Google drive on my computer using these cmdlet …

Find-Package


Install-package



Checking if the app is really installed or not?

——————————————

Find and install google drive package

Downloading