TryHackMe Blueprint - Cyber Security Write-Up

I decided to try a bit more Penetration Testing/Ethical Hacking. The following is a Write-Up regarding the TryHackMe room “Blueprint”. Tasks The only info that we have is: Do you have what is takes to hack into this Windows Machine? And the questions: “Lab” user NTLM hash decrypted root.txt So we can assume it’s a Windows machine. Discovery I booted up my Kali linux machine and created a folder on my Desktop to use as a workspace....

2024-09-24 · 6 min · Andreas Dieckmann

PowerShell NTFS Alternate Data Streams

The NTFS file system is used by default in Windows. And normally a file has only one associated normal data stream with the name :$DATA. But there are also the so-called “Alternate Data Streams” (ADS), which can contain additional data. These ADS are not visible in the Windows Explorer or most other applications. ADS are sometimes used by the system, but could also be used by attackers to hide data....

2024-08-30 · 3 min · Andreas Dieckmann

PowerShell Calculated Properties

If you export data via PowerShell (for example to a CSV file via Export-CSV), the original property names of the PowerShell objects are used. However, if these are not fully fitting for your purpose, you can also customize them. So-called “Calculated Properties” and the cmdlet Select-Object can be used for this. This can be used, for example, to Rename properties Format property values Create completely custom properties (e.g. by calling additional cmdlets) Output objects normally As a reminder: The selection of object properties with Select-Object is possible with the -Property parameter....

2024-08-21 · 7 min · Andreas Dieckmann

PowerShell: Filter Active Directory Computers

I recently worked on a client project, where I had to do some work around Active Directory Computers. I used PowerShell and some light filtering and processing. And now I share those examples, and hopefully someone finds them interesting or helpful. Maybe it will be me, who finds it interesting in the future. In that case: Moin Andi! 👋 Example 1: Filter Computer by Operating System Version The AD attribute OperatingSystemVersion holds the OS version with the build number in a format like this: 10....

2024-08-07 · 2 min · Andreas Dieckmann

Migrating from 11ty to Hugo

I recently upgraded this website to 11ty v2.0, but I needed more change. Initially I just wanted to create a basic Design with Terminal.css. But then I randomly stumbled over the Hugo Theme Gallery and found some beautiful themes! So I chose to use Hugo Papermod and migrate the Website to Hugo 🤓. Since I don’t really know JavaScript, so it doesn’t matter for me that Hugo uses Go instead. I never used Go as a programming language, but it sounds great....

2024-02-22 · 7 min · Andreas Dieckmann

OneDrive for Business - Delegation to Manager after employee leaves company

Normally when a user leaves the Company their OneDrive for Business site gets automatically delegated to their manager. That means the manager gets SharePoint Site Collection admin rights to the OneDrive site of their subordinate. Checking and Changing Access Delegation ⚠️ Access Delegation is enabled as default. The setting can be found and changed here: Go to More features in the new SharePoint admin center, and sign in with an account that has admin permissions for your organization....

2023-09-25 · 8 min · Andreas Dieckmann

Set PowerShell ConstrainedLanguage Mode per Group Policy

PowerShell Language Modes are a way to restrict the functionality of PowerShell to increase the security of a system. Of course, this is only one small piece in a larger security strategy, so this alone is not sufficient protection for a system. At the same time, it’s also a double-edged sword: Advantage: we remove a powerful tool from potential attackers. Disadvantage: We as administrators can no longer use PowerShell properly on a system either....

2023-05-20 · 6 min · Andreas Dieckmann

Exchange EAC stopped working after decomissioning all Mailbox Databases

I had this weird issue with a Exchange Server environment: The company had an Exchange Server 2016 DAG and migrated all User Mailboxes to Exchange Online. I then installed a fresh Exchange Server 2019 for Recipient Management and SMTP-Relay. To use the Exchange Server 2019 Hybrid License, I did not create a Mailbox Database. I removed all remaining System Mailboxes and Arbitration Mailboxes from the Exchange 2016 Servers. I decomissioned the DAG and uninstalled Exchange from the old Servers....

2023-05-16 · 3 min · Andreas Dieckmann

Use ntfy.sh with Home Assistant

Just a quick note if you want to use ntfy.sh with Home Assistant. Setup I added the following section to my /config/configuration.yaml file: 1 2 3 4 5 6 7 8 9 10 11 12 13 shell_command: ntfy: > curl -X POST --url 'https://ntfy.sh/{{ topic }}' --data '{{ message }}' --header 'X-Title: {{ title }}' --header 'X-Tags: {{ tags }}' --header 'X-Priority: {{ priority }}' --header 'X-Delay: {{ delay }}' --header 'X-Actions: {{ actions }}' --header 'X-Click: {{ click }}' --header 'X-Icon: {{ icon }}' Usage To send send a notification, I use this YAML action in an Automation....

2023-02-12 · 2 min · Andreas Dieckmann

Automate Exchange Online with Azure Automation in 2024

If you want to manage Exchange Online via Azure Automation, Managed Identities is what you should use (this statement was last checked in June 2024). Legacy approach In the past, RunAs Accounts or Plaintext Credentials (🤢) were also commonly used for this purpose, but this is now considered deprecated. RunAs accounts will be discontinued by fall 2023. And I don’t have to say anything about plaintext passwords, do I? You could still use App Registrations in Entra ID, but if you really just want to automate some Exchange settings via Azure Automation, it’s not really necessary....

2023-01-09 · 4 min · Andreas Dieckmann