Category: Microsoft Windows

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Active Directory, Microsoft Windows Server 2012

Add Active Directory Multiple Users in a Group

Add multiple User’s to a Group – PowerShell Script Import-module ActiveDirectory Import-CSV "C:\Scripts\GroupUsers.csv" | % { Add-ADGroupMember -Identity TestGroup1 -Member $_.UserName }Import-module ActiveDirectory Import-CSV "C:\Scripts\GroupUsers.csv" | % { Add-ADGroupMember -Identity TestGroup1 -Member $_.UserName } Don’t forget to create a GroupUsers.csv file with users login names.

Active Directory, General, Microsoft Windows Server 2012

Create Active Directory Users using csv file

This script allows to create Active Directory users using a CSV file and set specific password, email address, and add users to one group for each user. import-module activedirectory Import-Csv “C:\Users\admin\Desktop\file.csv” | ForEach-Object { $userPrincinpal = $_.”samAccountName” + “@company.Local” New-ADUser ` -Name $_.”user” ` -Givenname $_.”name” ` -Surname $_.”surname” ` -SamAccountName $_.”samaccountname” ` -Path $_.”path” …

Active Directory

Active Directory enumeration from non-domain system

ADEnumerator allows red teamers to query LDAP with a standard user account from a system not joined to a domain. It’s common that during a red team assessment you will harvest credentials from printers, files, etc. But sometimes you don’t know what these credentials do. Instead of throwing the one set of credentials you got …

Microsoft Windows

How to delete a folder in use

1. Start Process Explorer from SysInternals suite. 2. Press Ctrl+F to open Search window. 3. Search for the folder name that you want to delete but it’s in use. 4. Kill all the processes that use this folder. 5. Delete the folder. https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx https://technet.microsoft.com/en-us/sysinternals/bb842062

Information, Microsoft Windows, Programming, Windows Internals

Browse and query WMI

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks on remote computers but WMI also supplies management data to other parts of the operating system and products, for example System Center Operations Manager, formerly Microsoft Operations Manager …

Forensics, Malware Analysis, Microsoft Windows, Windows Internals

Dump PE file in C

The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files,[1] and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. – Wikipedia Other …