Tag: Windows

Every Windows Security Event Log Documented

One of the things us log analysis types love is good documentation. It’s rare to find well-formatted, well-documented logs, so when we do find good log info, it’s like being a kid in a candy store. So without further ado,

Tagged with:

Three Things to Remember When Configuring Logging

You set up a centralized logging server. Check. You installed the OSSEC manager to analyze your logs in real-time. Check. You even managed to implement high availability. Good going! Now your ready to start configuring clients. It should be as

Tagged with: , ,

Administrators by Proxy

I have seen so many Windows servers with countless administrators, that it doesn’t even surprise me anymore. There seems to be a large disconnect between what management perceives the security of these systems to be and what the security staff

Tagged with:

Why Windows Can Always Lose Logs

Note: The following post applies to Windows versions prior to Vista. I have not researched how logging has changed in versions greater than Vista. I can only assume and hope that is has changed for the better in new versions.

Tagged with: ,

Windows Startup Locations

Pop quiz: how many places can an application install itself to ensure it will survive a Windows reboot? If you named the usual suspects like the run and autorun locations in the registry, you would be correct, but have mentioned

Tagged with:

DropMyRights, DropYourRights, Everyone DropRights!

Prior to Windows Vista, Microsoft’s default posture in Windows was to let the user have admin rights. That meant that not only did the user have admin rights, but so did the malware when it took advantage of one of

Tagged with: ,

You’ll Take Vista and Like It!

Awhile back I bought a new Toshiba laptop. I got a great deal and it looked like it would serve my needs just fine. I knew exactly how I was going to use it. When powering new computers on for

Tagged with: , , , ,