%SystemRoot%System32 Secrets: AzMan

To be honest, I had been thinking of it as of some unneeded tool for quite a long time before I had a close look on the console and its abilities. I was wrong. It is really powerful instrument to manage or delegate permissions for an application. It is as powerful that I’m only teasing you in this article, before creating one or more big articles about it. Imagine, you need a person to have a full control over some Hyper-V virtual machine, including the right to delete it, but the only thing he or she is not to do … Continue reading %SystemRoot%System32 Secrets: AzMan

The case of jammed permissions

Once I got a request ticket from one of our administrators whom are delegated some permissions in their parts of AD to. The person told me that he didn’t have permissions for some accounts. Well, no problem: I investigated the issue, found that the inheritance on that record was broken and I fixed it – one checkbox and “OK” button – big deal! The next day I received another request… for the same person. The inheritance was broken again! Ok, I’m not a newbie, I even know something about adminCount, adminSDHolder and SDProp. So I went and checked if the … Continue reading The case of jammed permissions

%SystemRoot%System32 Secrets: Auditpol

This command is very useful in case you need to fine-tune audit. For example you cannot set “Audit directory service changes” without setting “Audit directory service replication” using only GUI, because “There is no Windows interface tool available in Windows Server 2008 to view or set audit policy subcategories”. therefore, you need auditpol badly in case you need to set those subcategories. You also need it in order to script changes to or audit of SACL. You need it also to backup or restore those policies quickly (say you need to turn some auditing settings on for some time and … Continue reading %SystemRoot%System32 Secrets: Auditpol

Malware: how comes we are infected?

It was not the first time I had the same argue: some of my peers and even colleagues still think that the major infection method for client computers is through some kind of vulnerabilities which don’t involve stupidity. I believe (and I have some brothers in arm in my belief) that abovementioned “stupidity”, or let’s say lack of education and carelessness is the major threat. What am I talking about? Well… Some of the sources tells us that most of successful malware installs itself using USB sticks, shared drives or some kind of other user-involving technologies. For example, in MS … Continue reading Malware: how comes we are infected?

IPv6: hopes, disappointments…

  This scary gadget screenshot (26th of December here) tells us that it is only a question of a month, may be, two to run out of IPv4 addresses. Well, not exactly “we”. It is IANA who will run out of it. Of course, some time since then it will affect some customers who want to buy their own autonomous system, and large providers and sooner or later – end users. I won’t do any predictions about the time it will become a real problem (you know, there were too many of these predictions) but now it is more than … Continue reading IPv6: hopes, disappointments…

IPD Guide: Beta for malware response

I love those IPDs. You don’t know what “IPD guide” stands for? Well… I suggest it to be for “I Plan Darn good”. MS, all of a sudden, thinks that it is for “Infrastructure Planning and Design guide”. Anyway, what has been just issued is a beta for one more process: answer to a malware infection in your organization (I bet I can adopt it for home usage too, but it can wait). Why is it important to have such a plan (we do have one, by the way )? Well… It is like everything with security: if something went … Continue reading IPD Guide: Beta for malware response

To disclose or not to disclose

The second topic I’d like to raise in connection with the vulnerability in VMWare products is almost Shakespearean one. What should do a person or an organization in case they found a vulnerability? Tell the vendor and publicly disclose at the same time? Only publicly disclose? Notify the vendor and wait for a patch? There is a bunch of strategies, as you can see. As usual everyone has its own point of view on the problem. Microsoft, for example, follow theirs Coordinated Vulnerability Disclosure Policy. That does mean that they want the time to create and test a fix before … Continue reading To disclose or not to disclose

On the issue of downloading files from untrusted sites #2

As I promised, I am going to describea couple of ideas I perceived while I was going through the vulnerability in VMWare products. Here is the first one. More than a year ago I wrote about the threats of downloading OS from p2p networks and one of my Russian readers told me that it is quite safe if you know the correct hash value for the ISO image. Unfortunately, my recent post about the vulnerability has just rendered such an opinion as not very correct. You see, when the file is downloaded from some p2p network, it is sometimes accompanied … Continue reading On the issue of downloading files from untrusted sites #2

Vulnerability in VMWare Workstation installer. Not a 0-day anymore.

The only reason for mentioning the vulnerability is… Bragging. Yes, I’m going to brag about the first vulnerability I had discovered and reported before the CVE was issued =,,) I found several vulnerabilities earlier, but all of them already had a CVE published, so it was useless. The vulnerability in VMWare Workstation and Player installer allowed criminal to launch any code you may embed into a .htm page. Well, the page must be placed in the same directory where the installer is placed and it will shoot your computer only if you are installing the new version, but, hey, it’s … Continue reading Vulnerability in VMWare Workstation installer. Not a 0-day anymore.

x64 attacks, part II

When I wrote about the surge of 64-bit platform which had come to the client computers I didn’t think about one obvious things: as some platform becomes mass and popular, it attracts all sorts of ill-minded persons to it. In our age it means that all the instruments that hackers use to do what they do will become adapted to the new reality. Unfortunately it is happening whether I think about it or no (maybe someone else had thought about it? Quit it, then ). Guys from MS have reported that we have received a 64bit version of Alureon malware. … Continue reading x64 attacks, part II