Category: Windows – Security

“Just enable MFA. It’s easy.”

🔒 Secure Bits 💡 “𝗝𝘂𝘀𝘁 𝗲𝗻𝗮𝗯𝗹𝗲 𝗠𝗙𝗔. 𝗜𝘁’𝘀 𝗲𝗮𝘀𝘆.” Sure… if you can rely on cloud identity. A lot of environments can. But 𝗺𝗮𝗻𝘆 – often the most critical ones – 𝗰𝗮𝗻𝗻𝗼𝘁 be connected to the internet at all. And that changes everything. In fully 𝗼𝗻-𝗽𝗿𝗲𝗺 / 𝗼𝗳𝗳𝗹𝗶𝗻𝗲 Windows environments, MFA often ends up being […]

New RDP dialogs

🔒 Secure Bits 💡 𝗡𝗲𝘄 𝗥𝗗𝗣 𝗱𝗶𝗮𝗹𝗼𝗴𝘀 — 𝗵𝗮𝘃𝗲 𝘆𝗼𝘂 𝘀𝗲𝗲𝗻 𝘁𝗵𝗲𝗺? With the 𝗔𝗽𝗿𝗶𝗹 𝟮𝟬𝟮𝟲 security update, the Remote Desktop Connection app (MSTSC) shows new warnings when you open .𝗥𝗗𝗣 𝗳𝗶𝗹𝗲𝘀. The point is simple: remind people that RDP files can be used for phishing / tricking users, and force you to explicitly approve what the file is trying to […]

Capturing Network Traffic on Windows Server

🔒 Secure Bits 💡 𝗖𝗮𝗽𝘁𝘂𝗿𝗶𝗻𝗴 𝗻𝗲𝘁𝘄𝗼𝗿𝗸 𝘁𝗿𝗮𝗳𝗳𝗶𝗰 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 There is an issue on a Windows Server, and I need to capture network traffic to understand what is happening. The first thought is usually: ➡️ Let’s install 𝗪𝗶𝗿𝗲𝘀𝗵𝗮𝗿𝗸 🚫 But that does not always work. In many environments I work in — especially critical […]

Do you know what proper logging in Windows looks like?

🔒 Secure Bits 💡 𝗗𝗼 𝘆𝗼𝘂 𝗸𝗻𝗼𝘄 𝘄𝗵𝗮𝘁 “𝗽𝗿𝗼𝗽𝗲𝗿 𝗹𝗼𝗴𝗴𝗶𝗻𝗴” 𝗶𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗹𝗼𝗼𝗸𝘀 𝗹𝗶𝗸𝗲? Most environments I see struggle with this. Logging is often left 𝗱𝗲𝗳𝗮𝘂𝗹𝘁, 𝗻𝗼𝗶𝘀𝘆, 𝗼𝗿 𝘀𝗶𝗺𝗽𝗹𝘆 𝗺𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗲𝗱 — which means you either miss real attacks… or you drown in useless events. That’s why I built 𝗧𝗵𝗿𝗲𝗮𝘁𝗟𝗼𝗴. 🎯 ThreatLog helps you 𝗱𝗲𝗽𝗹𝗼𝘆 𝗮 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹 𝗔𝘂𝗱𝗶𝘁 𝗣𝗼𝗹𝗶𝗰𝘆 + 𝗦𝘆𝘀𝗺𝗼𝗻 […]

RDP certificate warning

𝗗𝗲𝗳𝗮𝘂𝗹𝘁 → 𝗛𝗮𝗿𝗱𝗲𝗻𝗲𝗱 Real configs. Real fixes. Windows & AD security. Have you ever seen this 𝗥𝗗𝗣 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝘄𝗮𝗿𝗻𝗶𝗻𝗴? Do you know 𝘄𝗵𝗮𝘁 𝗶𝘁 𝗺𝗲𝗮𝗻𝘀? It means the certificate presented by the target during RDP 𝗶𝘀𝗻’𝘁 𝘁𝗿𝘂𝘀𝘁𝗲𝗱. Often it’s just a self-signed cert—which isn’t a huge problem: you can make it trusted or distribute your […]

Is your UAC set properly?

𝗗𝗲𝗳𝗮𝘂𝗹𝘁 → 𝗛𝗮𝗿𝗱𝗲𝗻𝗲𝗱 Real configs. Real fixes. Windows & AD security. 𝗤𝘂𝗶𝗰𝗸 𝘁𝗲𝘀𝘁: press Win + R → type msconfig.exe → Enter. Did the console open immediately? If yes, your 𝗨𝗔𝗖 𝗶𝘀𝗻’𝘁 𝗵𝗮𝗿𝗱𝗲𝗻𝗲𝗱. 🧨 𝗕𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁, UAC has exceptions for Windows binaries (Prompt for consent for non-Windows binaries)—attackers can abuse this behavior with known 𝗨𝗔𝗖 𝗯𝘆𝗽𝗮𝘀𝘀𝗲𝘀. […]

Updating Secure Boot certificates on Windows Server

🔒 Secure Bits 💡 𝗨𝗽𝗱𝗮𝘁𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗕𝗼𝗼𝘁 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲𝘀 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 — 𝗳𝗶𝗻𝗮𝗹 𝗻𝗼𝘁𝗲𝘀 (𝗺𝗲𝗿𝗴𝗲𝗱 𝗴𝘂𝗶𝗱𝗲) As promised, I merged all 3 parts of this Secure Boot series into one Field Notes document you can follow end-to-end. This process is not trivial: some servers go through smoothly, others hit issues depending on firmware / platform […]

New Microsoft procedure for Secure Boot Certificate Updates

🔒 Secure Bits 💡 𝗡𝗲𝘄 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗽𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲 𝗳𝗼𝗿 𝗦𝗲𝗰𝘂𝗿𝗲 𝗕𝗼𝗼𝘁 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝗨𝗽𝗱𝗮𝘁𝗲𝘀 I tested the new Microsoft procedure I shared last time (link in comments). I’ll be honest — I was a bit 𝗼𝘃𝗲𝗿𝘄𝗵𝗲𝗹𝗺𝗲𝗱 at first. There are multiple scripts, and I ran into a few “paper cuts”, so it’s still not as straightforward as […]

Secure Boot certificates are expiring pt. 3

🔒 Secure Bits 💡 𝗨𝗽𝗱𝗮𝘁𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗕𝗼𝗼𝘁 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲𝘀 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝘀 (𝘱𝘵. 3) Last puzzle in this series is 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴. Because as you can see, this process is 𝗻𝗼𝘁 𝘁𝗿𝗶𝘃𝗶𝗮𝗹 𝗼𝗿 𝘀𝘁𝗿𝗮𝗶𝗴𝗵𝘁𝗳𝗼𝗿𝘄𝗮𝗿𝗱. Some devices will go through smoothly, others will hit different errors depending on firmware / platform / history — and that’s the worst case. That’s […]

Secure Boot certificates are expiring pt. 2

🔒 Secure Bits 💡 𝗨𝗽𝗱𝗮𝘁𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗕𝗼𝗼𝘁 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲𝘀 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝘀 (𝘱𝘵. 2) I believe I had to go through the worst-case scenario after all: ✅ GPO trigger → KEK failure ✅ Broadcom idea (upgrade compatibility + delete/rename NVRAM) → VM fails to boot ✅ Fixed the VM → tried again → KEK failure […]