Log4j Scanning and Detection

Lately, everyone has been talking about Log4Shell (CVE-2021-44228) and likely, if you’re reading this, you’re looking for info for what to do. Most people attempted to utilize Huntress’s Log4Shell tool (https://log4shell.huntress.com/) to show connections to a LDAP server they were hosting. Some people had issues with this as it was overburdened with requests (rightfully so) or didn’t want to, or aren’t allowed to send outbound traffic to a server they didn’t own. Continue reading

ADFS & CVE-2020-17049

Microsoft recently performed a patch for Kerberos and the KDC service on domain controllers. This would patch a heavy vulnerability in the Kerberos signing structure. However, this presented a problem with our domain joined Qumulo storage appliance, and disallowed any users from authenticating to SMB shares. In order to alleviate ourselves of the issue, we followed the instructions to disable the following registry key within HKLM\SYSTEM\CurrentControlSet\Services\Kdc\ by adding PerformTicketSignature set to DWORD 0. Continue reading

Initial Commit!

Finally getting to use this site! Been looking forward to creating some posts here to document travels of random sets of information. Hopefully to provide some steering for those who during their travels ended up in the same situation and went looking for info.