Category: general

RSA 3072-bit vs ECC Certificates What’s Happening The Problem with RSA 3072 The Better Solution: ECC P-256 Security Equivalence Recommendation ✅ Use ECC P-256 for new deployments ⚠️ Use RSA 3072 only if: Bottom Line ECC P-256 gives you the same security as RSA 3072 with significantly better performance. Unless you have specific legacy requirements,...

When you visit a secure website (HTTPS), your browser needs to verify that the website’s security certificate is legitimate and hasn’t been compromised. This is like checking if an ID card is still valid and hasn’t been reported stolen. There are three main methods websites use to prove their certificates are trustworthy: Why This Matters...

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for BunkerWeb WAF on Hetzner server. Preparations Select Debian 12 as your system! Use the FQDN as servername! We will check the...

this is an installation instruction to set up your virtual private server at hetzner.de

As part of our commitment to building a more robust, resilient and diverse cybersecurity workforce, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people. Source: ISC2 The CC is an entry level cybersecurity certification. What does this mean for me? How can I join for the free...

here is a workflow to install fail2ban with a basic ruleset in a new debian server Now copy the following template restart the service

Take a look at https://github.com/Free-GPGMail/Free-GPGMail You can install it using homebrew:

# Temporarily set the execution policy to bypass for this session Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force # Check for the ExchangeOnlineManagement module and update or install as necessary $module = Get-Module -Name ExchangeOnlineManagement -ListAvailable if ($module -ne $null) { # Module is installed, attempt to update it Write-Host "ExchangeOnlineManagement module is installed. Checking for...

# Requires administrative privileges # Disable SSL 2.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable SSL 3.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.1 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Name...

If you want to add the PVSCSI-driver to your windows ISO Image for installation follow this link https://kb.vmware.com/s/article/84200 Here is the offline PDF https://blog.koeckeis-fresel.net/wp-content/uploads/How-to-add-PVSCSI-Driver-to-an-offline-Windows-Image-using-DISM-84200.pdf

When you have an internal Veeam-backup-server and you want to backup external linux-servers you need to create a destination NAT on the linux-server. Remember to add that line after every reboot if you do not save/restore iptables-rules during boot. You can choose the line with port-definition or just translate everything. Replace 127.0.0.1 with your external...

REM we want to know our external IP nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com exit dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short curl -k http://ipinfo.io/json

echo offsetlocal ENABLEDELAYEDEXPANSIONif exist "C:\Program Files\ESET\ESET Security\ekrn.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL)GOTO INSTALL :IS_INSTALLEDecho is installedeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- eset is already installed"GOTO DONE :INSTALLecho installing softwareeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0 -- eset is not installed -- installing now…" if not...

(Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\TeamViewer").ClientID

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN

PROTECT UNPROTECT

how to sign O365-Mails using DKIM Set-ExecutionPolicy RemoteSigned [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Install-PackageProvider -Name NuGet Install-Module -Name ExchangeOnlineManagement Update-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement $o365Cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection Set-ExecutionPolicy RemoteSigned Import-PSSession $Session Enable-OrganizationCustomization New-ManagementRoleAssignment -Role "Mailbox Import Export" -SecurityGroup "Organization Management" Remove-PSSession $session Disconnect-ExchangeOnline # DKIM...

echo off setlocal ENABLEDELAYEDEXPANSION if exist "C:\Program Files\Google\Chrome\Application\chrome.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL_UPGRADE) GOTO INSTALL_UPGRADE :IS_INSTALLED echo is installed eventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- Google Chrome is already installed - Upgrading" GOTO INSTALL_UPGRADE :INSTALL_UPGRADE echo installing software eventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0...

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

You need to adapt the DC (Domain-Controller) IP-address create the hidden share on the DC (%dc%\bitlocker_keys$) create a GPO with the needed defaults and name it Bitlocker_01_defaults

@echo off@echo Start: %date% %time%echo %computername%manage-bde -status %systemdrive% -pIf errorlevel 0 goto error0If errorlevel -1 goto error-1Goto end:error0echo %systemdrive% is encryptedGoto end:error-1echo %systemdrive% is not encryptedGoto end:end@echo End: %date% %time%exit

sudo /Applications/TeamViewerHost.app/Contents/Helpers/TeamViewer_Assignment -assignment_id 12345678-blahblah

Creates a registry entry to allow access to admin share

net user /add adminusernet localgroup Administrators adminuser /add

if not exist c:\temp (mkdir c:\temp) if not exist c:\temp\OpenVPN-2.5.6-I601-amd64.msi ( curl -C - -o c:\temp\OpenVPN-2.5.6-I601-amd64.msi https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.6-I601-amd64.msi) REM if exist "%programfiles%\OpenVPN\Uninstall.exe" (start /wait "%programfiles%\OpenVPN\Uninstall.exe") REM {E5931AF4-2A8F-48A5-AFC8-CE9B79C4B19D} OpenVPN 2.5.1-I601 amd64 msiexec.exe /x {E5931AF4-2A8F-48A5-AFC8-CE9B79C4B19D} /qn REM {E5931AF4-2A8F-48A5-AFC8-0E8A268358A0} OpenVPN 2.5.2-I601 amd64 msiexec.exe /x {E5931AF4-2A8F-48A5-AFC8-0E8A268358A0} /qn REM {919FC393-C79F-4043-ABD6-E80F81D3DD58} OpenVPN Connect start /wait msiexec.exe /x {919FC393-C79F-4043-ABD6-E80F81D3DD58} /qn REM {8B4BC420-3DCB-4018-A345-B24F7DBC30C3} OpenVPN...