Rocky Linux version 10 is today's Linux OS of choice and part of the Zero Trust implementation for the home lab. The steps in this blog detail the implementation of IPSec between a Windows Domain and Linux using Strongswan.

Smart cards store cryptographic certificates that enable two-factor authentication (2FA). Unlike passwords, these credentials cannot be easily stolen or reused, making it significantly harder for attackers to gain access and will be implemented as part of Zero Trust

Zero Trust - This blog will provide an in-depth explanation of the AD delegation model that has been delivered by PowerShell for a Zero Trust Network

Zero Trust assumes the network is hostile, even internal traffic can't be trusted without verification. Every connection must be authenticated, authorized, and encrypted. IPSec (Internet Protocol Security) is a key enabler. In this article, I'll implement IPSec in a Domain with certificates using the Microsoft Platform Crypto Provider is the Key Storage Provider (KSP) that allows certificates and their private keys to be stored in the TPM.

The Security System detected an authentication error for the server cifs/DomainController. The failure code from authentication protocol NTLM was "The authentication failed since NTLM was blocked (0xc00004189)".

The concept of a private key in BitLocker differs from that of traditional asymmetric encryption, where two keys (a private key and a public

TPM security features excel at defending against physical attacks, but they can’t stop remote exploits, credential theft, or network-based t

We'll examine how threat actors—often referred to as hackers—can escalate privileges when weak file, directory, or registry permissions

Hey PowerShell enthusiasts! Ever wondered how to beef up your script security? Not every system gets the luxury of a Certificate...

The unquoted paths vulnerability is a security flaw that occurs when a software application or service running on a system references...

Introduction Reporting on AppLocker rules is crucial to maintaining security. It provides insight into allowed and blocked applications,...

This post walks through how to use PowerShell to set up targeted delegation for DNS, creating the right AD groups with clear scopes and following Microsoft’s recommended naming conventions.

This article focuses on the initial setup of Ivanti Endpoint Manager and Endpoint Security Application Control, agent deployment and policy. This will provide the bases for the next round of 'verses' articles having thoroughly abused Windows Applocker, WDAC and GPO.

In this article, I'll describe the process of Code Signing PowerShell scripts from a Microsoft CA. I'll not cover how Code Signing adds security, simply put Code Signing doesn't provide or was intended to provide a robust security layer.

This is a supplement to the Applocker vs Malware article that you should read first @ https://www.tenaka.net/applocker-vs-malware I've...

This article will demonstrate a typical delegation for adding a computer object to an OU and how to tweak the delegation to prevent access to the ms-Mcs-AdmPwd attribute and how this can leak Local Admin passwords.

Labs don't tend to follow the best practices or any security standards, they're quick dirty installations for developing and messing around. Here's some food for thought the next time you're wanting to test Applocker or Windows Defender Application Control (WADC) aka Device Guard, you may wish to at least patch.

Prevent lateral movement of hackers around the domain searching for escalation points to elevate to Domain Admins. Preventing escalation via cached or actively logged on privileged accounts can be accomplished with segregated tiers between Workstations, Servers and Domain Controllers.

For the past 5 or 6 years local Applocker policies have been created with Powershell scripts and since Jan 2021 (ish) importing and...

How are you managing your local administrator passwords? Are they stored in a spreadsheet on a network share, or worse, is the same password used everywhere? Microsoft LAPS (Local Administrator Password Solution) could be the answer. LAPS is a lightweight tool that, with a few simple GPO settings, automatically randomizes local administrator passwords across your domain. It ensures each client and server has a unique, securely managed password, removing the need for spreadshe