Security

Read-Only Friday Nov 11, 2022

November 11, 2022 by ClaytonT Leave a Comment

With today being a holiday, and more holidays coming up in the last days of the year, send out reminders to your users to keep be extra careful when clicking on links. Attacks have been more minor so far this year, which makes me feel it’s going to ramp up shortly. For the parents, think of it when your child is quiet for too long by themselves… it usually means they are planning something or doing something they shouldn’t be doing. That’s how I feel about bad actors currently.

A few things to remind them:
- Do you normally get emails from that company service? (ie UPS, FedEx, PayPal, etc)
  - If not, don’t open it, and definitely don’t click on links or download an attachment
- Does that person normally send you links to click on? If they do, are they the type the current email is asking you to open?
  - I’ve seen it before when a company you normally work with gets compromised so spam/virus/malware protection doesn’t pick it up as it is coming from a real email, but the bad actor over took that users account and is sending links/attachments from it.
- Is the email the real identities email?
  - I know the name says it’s your president or CFO, but what is the real email sending it? It can be tougher seeing it quickly on a mobile device, but have them double check. Have them check those headers.
- Don’t respond to the email
  - When responding, you are showing them that the account is live, and they will keep on attempting to compromise that email address.
- If it looks real, contact the person/company from known number
  - If the email looks mostly real, but they don’t normally send you links, call the person/company from a known number. Nothing from that current email. If you normally contact them check previous emails or ask a coworker if they have a direct number. I would say check their website, but that could be compromised as well, so not always the best spot to get their number.

I’m sure all of these are pretty common, but it’s a great reminder for your users, especially with the end of the year rush starts happening.

What are some tips you would give to your end users?

Module Monday November 7, 2022

November 7, 2022 by ClaytonT Leave a Comment

It’s Monday…..

So here is a new module for today! This one is actually expanding on one liner Wednesday form last week.

This module is called “Password Solution” which allows you to easily search, review, and email users, managers, and IT about passwords expiring. You can even create specific templates to send out to depending on who is receiving it. He make makes it so easy, it makes it tough for a reason not to have something like this in place!

Another great feature is the dashboard that he provides you, which saves you a lot of time trying to make your own from the one liner last week.

PowerShell Gallery:
PasswordSolution/0.0.29

One-Liner Wednesday November 2, 2022

November 2, 2022 by admin Leave a Comment

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort-object ExpiryDate

Here is a one liner that find very useful and hope you do to.

You can customize it even more, but for now this one grabs all the AD User accounts that are expiring and the ones expiring first at the top. I love using this to stay in front of users passwords expiring then they can’t connect or if they are off network and is a rush to get it done.

You could even sent this up as a scheduled task and have it pull the next 2 weeks of users. Then either you reach out to them, it emails them, or it notifies your help desk to reach out to them to help change their password.

Or you could have it in your dashboard so you’d always see the next 2 weeks of users passwords expiring.

One-Liner Wednesday October 26, 2022

October 26, 2022 by ClaytonT Leave a Comment

One Liner Wednesday Cyber Security Edition

Want to see the top Malware that hits your 365 Exchange? Try this one liner out

Get-MailTrafficSummaryReport -Category TopMalware -StartDate 08-01-2022 -EndDate 10-25-2022 | Select-Object C1,C2 | out-gridview

This will give you the different types of malware Microsoft has found and how many times it found in since August 1. Then it will display it in a grid view that you can filter. I normally export to Excel/CSV to keep the data as it goes away after 90 days. Bigger organizations I’d recommend pushing it into a database for longer term analytics.

Check out Microsoft Docs and my 365 GitHub Repository for more ideas!

Microsoft Documentation:
Get-MailtrafficSummaryReport

365 Exchange Security Dasboard(Very early stages)
365 Exchange Security Dashboard

My Microsoft 365 GitHub Repository:
Powershell365

One-Liner Wednesday October 19, 2022

October 19, 2022 by ClaytonT Leave a Comment

New-TenantAllowBlockListItems -ListType Sender -Block -Entries emailaddress

Here is a super useful one liner that has come in handy more recently.

What this does is adds a user or domain to the tenant block list as it’s written below. If you need to add someone to the allow list, you can change -Block to -Allow. You can even change set a duration for both Blocking and Allowing.

Command:
New-TenantAllowBlockListItems

Example with Parameters:

Add-365Blocklist

Module Monday October 10, 2022

October 10, 2022 by ClaytonT Leave a Comment

It’s time for Module Monday….

Share Code not Secrets, I think says it best. I guess you probably want the name of the module now…It’s called PSSecretScanner which will search files/folders that you point it too and check if there are any passwords visible! Maybe you have some old code that you haven’t used in awhile, you might want to run this on it just to make sure younger you who may have been more naïve didn’t leave any plain text passwords! We’ve all been there!

PowerShell Gallery:
PSSecretScanner/1.0.9