Script for detecting potentially vulnerable Log4j jars [CVE-2021-44228] on Windows Server

Update 2021-12-18 – This looks like a much more competent script for detecting this vulnerability and there is a python version for Linux: Updated 2021-12-17 – Script is v1.4 and looks for .war files now too Original post below Inspired by the one-liner here: I wrote a script to expand on the command, … Read more

How to perform an offline audit of your Active Directory NTLM hashes

It’s read-only Friday so I decided to perform a offline audit of our Active Directory passwords. I found this great tool: which in turn is a fork of this tool: What I’m going to write here is mostly a repeat of these two Gitrepos with a few tweaks and corrections. To perform this … Read more

Event ID 20292 from DHCP-Server

Checking over our DHCP server we were seeing quite a few of these errors appearing in the ‘Microsoft-Windows-DHCP Server Events/Admin’ event log: Log Name: DhcpAdminEvents Source: Microsoft-Windows-DHCP-Server Date: 1/28/2019 10:23:49 PM Event ID: 20292 Task Category: DHCP Failover Level: Error Keywords: User: NETWORK SERVICE Computer: Description: A BINDING-ACK message with transaction id: 943568 was … Read more

Microsoft RAS VPN and VXLAN not quite working

I’m not overly knowledgeable about advanced networking but I figured I’d share this since I couldn’t find anything online about it at the time. We run a Microsoft Remote Access Server (RAS) for our VPN server. We provide L2TP primarily for users. Due to a limitation in the Windows VPN client our RAS server has … Read more