Enable Remote Work with Ordig and WireGuard VPN for Windows

Ordig is a system that enables sysadmins to get WireGuard VPN up and running in their environment quickly. Ordig automates the installation process on both the VPN server and windows clients. Necessity is the mother of invention. Ordig was created to promote social isolation in response to COVID-19. I don’t want my colleagues showing up … Continue reading “Enable Remote Work with Ordig and WireGuard VPN for Windows”

Improving Windows Defender Update Efficacy

Today we’re going to talk about the best (and worst) methods for Windows Defender definition/intelligence updates and how to configure them. This post from SwiftOnSecurity got me thinking about the way we handle our fallback for definition/intelligence updates, and while I was originally planning on a broader coverage of things like exclusions and other policy … Continue reading “Improving Windows Defender Update Efficacy”

Assess your Active Directory before someone else does (BloodHound)

Hey all, back again with another AD assessment tool. Last week I talked about PingCastle which covers some areas that Bloodhound does and some areas that it does not, so I’d highly recommend going through that one first, and then move to Bloodhound to address escalation paths and things that may have been missed by … Continue reading “Assess your Active Directory before someone else does (BloodHound)”

Seize the opportunity of failure – conduct a Blameless Postmortem

When failure happens we are often quick to just fix the issue and move on. After all, failure is inevitable. If people didn’t fail at things, all of us would be out of a job. I’m a firm believer that there is no substitute for experience. But that doesn’t mean experience is the only way … Continue reading “Seize the opportunity of failure – conduct a Blameless Postmortem”

Assess your Active Directory before someone else does (PingCastle)

Hey all, two of my favorite Active Directory auditing tools have been updated in the past couple of weeks – PingCastle and BloodHound! First up is PingCastle which is what I’ll cover today, and then I’ll try to cover BloodHound tomorrow. Both of these tools are used to audit AD and can give you some … Continue reading “Assess your Active Directory before someone else does (PingCastle)”

The On the Ground Impact of California Bill SB-327

As many vendors appear to be unable to secure their systems unless compelled, we’ve wondered if or when, legislation would come, that would actually move the needle somehow in the K12/EDU security space. Now with the California’s SB-327 we have actually seen movement. The bill calls for many different types of security enhancements to software … Continue reading “The On the Ground Impact of California Bill SB-327”

Finding Phish in Office 365

Imagine this scenario. Your logs show A dozen accounts logging in from the same unknown source IP with the same user agent on the same day. This activity is not normal for this group of people. You know you have a compromise on your hands. So you do what needs to be done and you … Continue reading “Finding Phish in Office 365”

Using Shodan.io to protect your school district

A huge shout out to Eric Arline for raising awareness on this. I had heard Shodan provided free accounts to education, but I was always under the impression it was higher education only. Next thing I know, Harold Gale was nice enough to ask the following: So, let’s talk about Shodan Monitor If you aren’t … Continue reading “Using Shodan.io to protect your school district”

Using transport rules as a security tool (Part 3)

This is Part 3 of our series on using transport rules as a security tool. Previous articles are linked in the table below: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rulesPart 3 – Reducing the haystack (you are here) Refining transport rules Hopefully you aren’t like me with … Continue reading “Using transport rules as a security tool (Part 3)”

Using transport rules as a security tool (Part 2)

This is Part 2 of our series on using transport rules as a security tool. Each article will be linked in the table below as they are published: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rules (you are here)Part 3 – Reducing the haystack Spam / Phishing Campaigns … Continue reading “Using transport rules as a security tool (Part 2)”