<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on Remko's Blog</title><link>https://remkoweijnen.nl/blog/tags/security/</link><description>Recent content in Security on Remko's Blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 07 Feb 2017 15:56:21 +0000</lastBuildDate><atom:link href="https://remkoweijnen.nl/blog/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>Blog improvements</title><link>https://remkoweijnen.nl/blog/2017/02/07/blog-improvements/</link><pubDate>Tue, 07 Feb 2017 15:56:21 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2017/02/07/blog-improvements/</guid><description>&lt;p&gt;When I started this blog in 2007 (wow that&amp;rsquo;s almost 10 years ago) I went for a cheap web hoster with a reasonable performance to host it.&lt;/p&gt;
&lt;p&gt;In the beginning performance was acceptable but over the years it has degraded and of course user experience standards have changed.&lt;/p&gt;
&lt;p&gt;I decided it was time to do something about it so I&amp;rsquo;ve moved the blog from a shared platform to my own server.&lt;/p&gt;
&lt;p&gt;This server is running on optimized flash storage  where most writes are DeDuplicated and never actually hits the flash disks:&lt;/p&gt;
&lt;p&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2017/02/image.webp" class="glightbox" data-type="image" data-gallery="post-3764"&gt;&lt;img loading="lazy" decoding="async" style="display: inline;" title="image" src="https://remkoweijnen.nl/blog/wp-content/uploads/2017/02/image_thumb.webp" alt="image" width="418" height="94" /&gt;&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Shodan, search engine for IoT or hackers delight?</title><link>https://remkoweijnen.nl/blog/2016/05/14/shodan-search-engine-for-iot-or-hackers-delight/</link><pubDate>Sat, 14 May 2016 15:36:22 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2016/05/14/shodan-search-engine-for-iot-or-hackers-delight/</guid><description>&lt;p&gt;Today I stumbled upon &lt;a href="https://www.shodan.io/"&gt;Shodan&lt;/a&gt;, a search engine for devices and services.&lt;/p&gt; &lt;p&gt;I decided to search for Citrix and this was the first page of results: &lt;br /&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2016/05/SNAGHTMLf942758.webp" class="glightbox" data-type="image" data-gallery="post-3688"&gt;&lt;img loading="lazy" decoding="async" title="SNAGHTMLf942758" style="display: inline" alt="SNAGHTMLf942758" src="https://remkoweijnen.nl/blog/wp-content/uploads/2016/05/SNAGHTMLf942758_thumb.webp" width="360" height="291" /&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;It's interesting to see that we get details such as the name of published applications. But it's possible to get even more details:&lt;/p&gt; &lt;p&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2016/05/SNAGHTMLf96a047.webp" class="glightbox" data-type="image" data-gallery="post-3688"&gt;&lt;img loading="lazy" decoding="async" title="SNAGHTMLf96a047" style="display: inline" alt="SNAGHTMLf96a047" src="https://remkoweijnen.nl/blog/wp-content/uploads/2016/05/SNAGHTMLf96a047_thumb.webp" width="344" height="235" /&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;&amp;#160;&lt;/p&gt;</description></item><item><title>Dumping passwords in a VMware .vmem file</title><link>https://remkoweijnen.nl/blog/2013/11/25/dumping-passwords-in-a-vmware-vmem-file/</link><pubDate>Mon, 25 Nov 2013 08:54:34 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2013/11/25/dumping-passwords-in-a-vmware-vmem-file/</guid><description>&lt;p&gt;&lt;img width="63" height="62" loading="lazy" decoding="async" title="image" alt="image" align="right" src="https://remkoweijnen.nl/blog/wp-content/uploads/2013/06/image_thumb2.webp" /&gt;&lt;a href="https://twitter.com/gentilkiwi" target="_blank"&gt;Benjamin Delpy&lt;/a&gt; the author of the well known mimikatz toolkit has released a very cool extension to WinDbg today.&lt;/p&gt; &lt;p&gt;In summary the extension can extract Windows passwords from memory dumps, hibernation files and Virtual Machine .vmem files (paging, snapshots).&lt;/p&gt; &lt;p&gt;Especially the ability to extract passwords from .vmem files was very interesting. So I decided to to test this out, so let's see how it works!&lt;/p&gt;</description></item><item><title>Scriptable Citrix Password Encoder</title><link>https://remkoweijnen.nl/blog/2013/03/19/scriptable-citrix-password-encoder/</link><pubDate>Tue, 19 Mar 2013 16:27:49 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2013/03/19/scriptable-citrix-password-encoder/</guid><description>&lt;p&gt;A while ago I &lt;a href="https://remkoweijnen.nl/blog/2012/05/13/encoding-and-decoding-citrix-passwords/"&gt;published&lt;/a&gt; a tool to Encode and Decode Citrix passwords. Today I am publishing a small update to this tool that makes it scriptable by adding a &lt;a href="http://en.wikipedia.org/wiki/Component_Object_Model" target="_blank"&gt;COM interface&lt;/a&gt;.&lt;/p&gt; &lt;p&gt;If you start the tool without parameters you will get the GUI, just like before:&lt;/p&gt; &lt;p&gt;&lt;img loading="lazy" decoding="async" title="Citrix Password Hasher by Remko Weijnen" alt="Encrypt | Decrypt Password | Hash | Citrix | Ctx1" src="https://remkoweijnen.nl/blog/wp-content/uploads/2012/05/image_thumb3.webp" width="419" height="84" /&gt;&lt;/p&gt; &lt;p&gt;To use the COM interface you first need to register the executable with the /regserver switch:&lt;/p&gt; &lt;p&gt;&lt;a class="glightbox thickbox" href="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/SNAGHTML185eb4ec.webp" data-type="image" data-gallery="post-3152"&gt;&lt;img loading="lazy" decoding="async" style="display: inline" title="Register CtxPass" alt="CtxPass /RegServer" src="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/SNAGHTML185eb4ec_thumb.webp" width="414" height="64" /&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;After the registration you can call it using any language that supports COM. To get you started I wrote a few examples&lt;/p&gt;</description></item><item><title>Java has discovered application components that could indicate a security concern</title><link>https://remkoweijnen.nl/blog/2013/03/19/java-has-discovered-application-components-that-could-indicate-a-security-concern/</link><pubDate>Tue, 19 Mar 2013 13:13:04 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2013/03/19/java-has-discovered-application-components-that-could-indicate-a-security-concern/</guid><description>&lt;p&gt;When starting a particular web based application Java popped up the following dialog:&lt;/p&gt;
&lt;p&gt;&lt;a class="glightbox thickbox" href="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/image1211.webp" data-type="image" data-gallery="post-3136"&gt;&lt;img loading="lazy" decoding="async" style="display: inline;" title="Warning - Security" alt="Java has discovered application components that could indicate a security concern" src="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/image12_thumb.webp" width="240" height="124" /&gt;&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;The dialog asks us if we want to Block potentially unsafe components so to continue we should click no. However users tend to not really read such messages and click Yes which leads to this error:&lt;/p&gt;
&lt;p&gt;&lt;a class="glightbox thickbox" href="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/image26.webp" data-type="image" data-gallery="post-3136"&gt;&lt;img loading="lazy" decoding="async" style="display: inline;" title="Connection Error" alt="Error connecting to Central Configuration" src="https://remkoweijnen.nl/blog/wp-content/uploads/2013/03/image_thumb26.webp" width="240" height="102" /&gt;&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Settings NTFS Permissions by SID in PowerShell</title><link>https://remkoweijnen.nl/blog/2011/09/02/settings-ntfs-permissions-by-sid-in-powershell/</link><pubDate>Fri, 02 Sep 2011 17:21:42 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2011/09/02/settings-ntfs-permissions-by-sid-in-powershell/</guid><description>&lt;p&gt;&lt;img style="margin: 0px 0px 0px 10px" align="right" src="http://t0.gstatic.com/images?q=tbn:ANd9GcTPzlU95MOmfR0YwGb55TQkoZENCxgxFUKqp6qqfMMaa9skPMT5gw" width="60" height="47" /&gt;I am currently creating a PowerShell script that creates a user with all needed Active Directory attributes, Exchange mailbox, (TS) Home- and Profile directories and so on.&lt;/p&gt; &lt;p&gt;In such a script you can easily get failures because of Active Directory replication. &lt;br /&gt; &lt;br /&gt;&lt;/p&gt;</description></item></channel></rss>