Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CalCom

Understanding Process Level Token

Every program running on a system needs specific permissions to access files, networks and other resources. A process level token acts as an ID for each program determining what it is allowed to do and access on the system. Tokens are critical for certain Windows functionalities, such as Task Scheduler, which uses this privilege to manage processes on behalf of different users.

NIS 2 and EU Cybersecurity Act: Mandatory System Hardening

The NIS2 Directive is the European Union’s flagship cybersecurity law, poised to significantly strengthen cyber defenses across the EU when it takes effect on 17 October 2024. This upgraded version of the 2016 NIS Directive (NIS1) not only introduces stricter rules but also broadens its reach, covering more sectors and businesses, ensuring comprehensive protection and a stronger security posture.

NetBT NodeType Configuration for Hardening

NetBT (NetBIOS over TCP/IP) is a network protocol used to integrate NetBIOS services into the TCP/IP protocol suite. NetBT settings are specific to each interface and include the NetbiosOptions setting and the NameServerList. These settings can be configured individually for each interface using the answer file. NetBT is essential for integrating legacy systems, enabling older applications and devices that rely on NetBIOS to communicate seamlessly with modern TCP/IP networks.

Disable LLMNR Protocol for Network Security

LLMNR (Link-Local Multicast Name Resolution) is a protocol used by legacy operating systems for name resolution without a DNS server, compatible with both IPv4 and IPv6. It is included in Windows Vista, Windows Server 2008, Windows 7, 8, and 10, and some Linux distributions. Introduced by Microsoft to enhance network resource resolution, LLMNR allows devices to multicast name queries on a local network if the DNS server fails to resolve a name.

Anonymous Logon: Understanding the Security Battleground with NT Authority

Anonymous logon refers to a type of network access where a user can log in to a system or network resource without providing any authentication credentials such as a username or password. This type of access is typically granted to allow basic, unauthenticated access to certain resources for public use or for specific purposes.

Log on as a Batch Job Rights & Security Setting

Log on as a batch job policy determines the accounts permitted to sign in through a batch-queue tool like the Task Scheduler service. When you schedule a task using the Add Scheduled Task Wizard, assigning it to run under specific credentials, that user is granted the right to log on as a batch job. At the designated time, the Task Scheduler service logs in the user as a batch job rather than an interactive user, executing the task within the user’s security parameters.

Understanding Structured Exception Handling Overwrite Protection (SEHOP)

Structured Exception Handling Overwrite Protection (SEHOP) is a security safeguard setting within Windows designed to prevent malicious actors from exploiting the Structured Exception Handler (SEH) overwrite. By preventing this exploit, SEHOP helps to ensure programs run smoothly and securely. Structured Exception Handler(SEH) is a mechanism within software that’s responsible to keep the program running smoothly in the event of an error.

Fix CrowdStrike's BSOD with Hardening

CrowdStrike, is a prominent cybersecurity technology company that provides security services for endpoints, cloud workloads, identity, and data. They are well-known for their Falcon Sensor Software designed to protect against cyberattacks. On Thursday, July 18 2024 there was a crash on Microsoft systems related to an update in Falcon Sensor software. This update involved a single file that added extra logic for detecting bad actors.

Australian Cyber Security Strategy for Hardening

Australia aims to be the world leader in cyber security by 2030 using the Australian Cyber Security Strategy that was released on 22 November 2023. With the cost of cybercrime on Australian businesses growing by up to 14% per annum, the Cyber Security Strategy seeks to improve cyber security, manage cyber risks and better support citizens and Australian businesses to manage their cyber environment by using six cyber shields and actions to be taken.

RDS: Do not allow clipboard redirection

Hardening the “RDS: Do not allow clipboard redirection” settings is a fundamental step in server hardening. Hardening servers can be a painful procedure. Hardening remote services such as RDS is one of the most critical operational components when hardening servers as it have immediate impact on user and application functionality. Endless hours, and resources are invested in this process. However, despite the efforts, hardening often causes damage to production server environments.