yet another it blog
Many times when inspecting logs you may encounter security identifiers (SID) instead of usernames. What if you would like to know the account behind this security identifier? This can be easily done with few line of PowerShell. Simple and quick.
Azure portal limits secrets to expire every 2 years. Using PowerShell you can bypass this limit and create secrets past 2 years limit First install Azure AD PowerShell module if not already installed. Install-Module AzureAD After installation connect to Azure AD and run following commands to create new secret. In our example we create secret …
Continue reading “Generate long Azure application secrets using PowerShell”
Organizations using WordPress as content management software (CMS) can take advantage of all security features implemented to Azure AD such as conditional access when logging into WordPress. This way access to WordPress could be limited to trusted devices only. Implementing SSO is easy as there are various OpenID plugins available. I am using a plugin …
Continue reading “Microsoft Entra ID (Azure AD) Single Sign-On (SSO) to WordPress”
When you are trying to enable live migration on Hyper-V you get error message stating “Error applying live migration changes. Failed to modify service settings” This might be result of server crash. Luckily this is easily fixed by renaming (or deleting) corrupted policy file from folder C:\Windows\System32\GroupPolicy\Machine Rename Registry.pol to Registry.pol_old or similar and apply …
A lot of malware uses common tools built into Windows for downloading payloads from remote servers. (Image Copyright Sophos Labs) Many of Antivirus and intrusion detection systems can block these kind of activities but similar protection can be done for no additional costs with Group Policy & Windows Firewall. Blocking PowerShell and other tools from …
Continue reading “Block malware with Windows Firewall and Group Policies”
Running Minecraft on a raspberry Pi 4 is fun and simple. Device is powerful enough to host several players and plugins. I set up one for my son and his friends and it has been running ever since without any issues. First install ubuntu on a SD-card. After editing the file plug SD-card to Raspberry …
Continue reading “Installing Minecraft server on a Raspberry Pi 4”
I recently purchased Edgerouter X to serve as a router and as a firewall for our network at our summer house. Previously I had Raspberry Pi acting as a endpoint for VPN tunnel but it only allowed me to access resources from home network to summer house. But not the other way around as Raspberry …
Continue reading “Site-to-site tunnel between Ubiquiti Edgerouter X and Sophos XG firewall”
I have been running Raspberry Pi device on my summer cabin as an MotionEye server for multiple security cameras. From time to time I need to make some changes to settings on these cameras but I do not want to open remove management over public internet or use provided cloud services. Instead I decided to …
Continue reading “Raspberry PI as VPN endpoint for Sophos XG Firewall”
With version 18 Sophos brings changes to RADIUS settings on XG Firewall. We now have possibility to set timeout for authentication and this allows us to use Azure MFA for 2-factor authentication. Here is few simple steps how to enable this on network policy server and on XG Firewall. If you do not have MFA …
Continue reading “How to use Azure MFA With Sophos XG Firewall”
Postfix can be configured to relay outbound emails trough SendGrid service by adding few lines to postfix configuration. First create API key in SendGrid service. Go to API keys, crate new API key and set access permission to “Restricted Access” and only allow “Mail send” as we wont be needing any other access rights. Copy …