A boy can dream, can't he?

windows10 why are you suddenly in chinese...? 0_0

WHAT THE FUCK

I GOT THE FUCKING QUAD BLUESCREEN AND SUMMONED MISSINGNO???? WHY DOES IT LOOK LIKE THAT

I would like to note all I was doing was coding and my internet went out on the pc right before it froze and crashed like this

Entra ID Lateral Movement And Expanding Permission Usage

Abusing Intimate Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments: (In)tune to Takeovers

Recently, a client received assistance from the Mandiant Red Team in visualizing the potential consequences of an advanced threat actor breach. In order to compromise the tenant’s installed Entra ID service principals, Mandiant migrated laterally from the customer’s on-premises environment to their Microsoft Entra ID tenant during the evaluation.

Using a popular security architecture that involves Intune-managed Privileged Access Workstations (PAWs), we will discuss in this blog post a new method by which adversaries can move laterally and elevate privileges within Microsoft Entra ID by abusing Intune permissions (DeviceManagementConfiguration.ReadWrite.All) granted to Entra ID service principals. We also offer suggestions and corrective actions to stop and identify this kind of attack.

A pretext

The client had a well-developed security architecture that adhered to the Enterprise Access model suggested by Microsoft, which included:

An Active Directory-based on-premises setting that adheres to the Tiered Model.

A Microsoft Entra Connect Sync-synchronized Entra ID environment that synchronizes on-premises identities and groups with Entra ID. PAWs, which were completely cloud-native and controlled by Intune Mobile Device Management (MDM), were used to administrate this environment. They were not connected to the on-premises Active Directory system. To access these systems, IT managers used a specific, cloud-native (non-synced) administrative account. These cloud-native administrative accounts were the only ones allocated Entra ID roles (Global Administrator, Privileged Role Administrator, etc.).

A robust security barrier was created by separating administrative accounts, devices, and privileges between the Entra ID environment and the on-premises environment:

Because Entra ID privileged roles are associated with unique, cloud-native identities, a compromise of the on-premises Active Directory cannot be utilized to compromise the Entra ID environment. This is an excellent practice for Microsoft.

An “air gap” between the administration planes of the two environments is successfully created by using distinct physical workstations for administrative access to cloud and on-premises resources. Attackers find it very challenging to get through air gaps.

Strong Conditional Access regulations imposed by Privileged Identity Management assigned roles to the administrative accounts in Entra ID, necessitating multi-factor authentication and a managed, compliant device. Additionally, Microsoft recommends these best practices.

Attack Path

One of the objectives of the evaluation was to assign the Mandiant Red Team the task of obtaining Global Administrator access to the Entra ID tenant. Mandiant was able to add credentials to Entra ID service principals (microsoft.directory/servicePrincipals/credentials/update) by using a variety of methods that are outside the purview of this blog post. This gave the Red Team the ability to compromise any preloaded service principal.

There are a number well-known methods for abusing service principal rights to get higher permissions, most notably through the usage of RoleManagement.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All rights for Microsoft Graph.

However, the Mandiant Red Team had to reconsider their approach because none of these rights were being used in the customer’s environment.

Mandiant found a service principle that was given the DeviceManagementConfiguration after using the superb ROADTools framework to learn more about the customer’s Entra ID system.Go ahead and write.Permission is granted.Image credit to Google Cloud

The service principal is able to “read and write Microsoft Intune device configuration and policies” with this authorization.

Clients running Windows 10 and later can execute the unique PowerShell scripts used by Intune for device management. Administrators have an alternative to configuring devices with settings not accessible through the configuration policies or the apps section of Intune by using the ability to run scripts on local devices. When the device boots up, management scripts with administrator rights (NT AUTHORITY\SYSTEM) are run.

The configuration of Device Management.Go ahead and write.To list, read, create, and update management scripts via the Microsoft Graph API, all permissions are required.

The Microsoft Graph API makes it simple to write or edit the management script. An example HTTP request to alter an existing script is displayed in the accompanying figure.PATCH https://graph.microsoft.com/beta/deviceManagement/ deviceManagementScripts/<script id> { "@odata.type": "#microsoft.graph.deviceManagementScript", "displayName": "<display name>", "description": "<description>", "scriptContent": "<PowerShell script in base64 encoding>", "runAsAccount": "system", "enforceSignatureCheck": false, "fileName": "<filename>", "roleScopeTagIds": [ "<existing role scope tags>" ], "runAs32Bit": false }

The caller can provide a display name, file name, and description in addition to the Base64-encoded value of the PowerShell script content using the Graph API. Depending on which principle the script should be run as, the runAsAccount parameter can be set to either user or system. RoleScopeTagIds references Intune’s Scope Tags, which associate people and devices. The DeviceManagementConfiguration can likewise be used to construct and manage them.Go ahead and write. Permission is granted.

The configuration of Device Management.Go ahead and write.By changing an existing device management script to run a PowerShell script under Mandiant’s control, Mandiant was able to go laterally to the PAWs used for Entra ID administration with full authorization. The malicious script is run by the Intune management script when the device reboots as part of the user’s regular workday.

By implanting a command-and-control device, Mandiant could give the PAWs any instructions. The Red Team obtained privileged access to Entra ID by waiting for the victim to activate their privileged role through Azure Privileged Identity Management and then impersonating the privileged account (for example, by stealing cookies or tokens). By taking these actions, Mandiant was able to fulfill the assessment’s goal and gain Global Administrator rights in Entra ID.

Remediation and Recommendations

To avoid the attack scenario, Mandiant suggests the following hardening measures:

Review your organization’s security principals for the DeviceManagementConfiguration.ReadWrite.All permission:  DeviceManagementConfiguration should be handled by organizations that use Microsoft Intune for device management.Go ahead and write.Since it grants the trustee authority over the Intune-managed devices and, consequently, any identities connected to the devices, all permissions are considered sensitive.

Mandiant advises businesses to routinely check the authorizations given to Azure service principals, with a focus on the DeviceManagementConfiguration.Along with other sensitive permissions (like RoleManagement), there is the ReadWrite.All permission.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All.

Businesses that manage PAWs with Intune should exercise extra caution when assigning Intune privileges (either via DeviceManagementConfiguration).Use Entra roles like Intune Role Administrator or ReadWrite.All.

Enable Intune’s multiple admin approval: Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes. By doing this, an attacker would be unable to use a single compromised account to create or alter management scripts.

Think about turning on activity logs for the Microsoft Graph API: Graph API Activity logs, which provide comprehensive details about Graph API HTTP requests made to Microsoft Graph resources, can be enabled to aid in detection and response efforts.

Make use of the features that Workload ID Premium licenses offer: With a Workload-ID Premium license, Mandiant suggests using these features to:

Limit the use of privileged service principals to known, reliable places only. By guaranteeing that only trustworthy places are used, this reduces the possibility of unwanted access and improves security.

Enable risk detections in Microsoft Identity Protection to improve service principal security. When risk factors or questionable activity are found, this can proactively prohibit access.

Keep an eye on service principal sign-ins proactively: Monitoring service principal sign-ins proactively can aid in identifying irregularities and possible dangers. Incorporate this information into security procedures to set off notifications and facilitate quick action in the event of unwanted access attempts.

Mandiant has a thorough grasp of the various ways attackers may compromise their target’s cloud estate with some hostile emulation engagements, Red Team Assessments, and Purple Team Assessments.

Read more on Govindhtech.com

Windows 10 Screensavers Coupon Code

Uscenes24 is our winter sale for Cyber Monday, offering 24% off all products until the end of November at http://Uscenes.com 👍

my computer just shat itself and became a paperweight

It's not even loading the recovery screen. If anyone knows how to help pls tell me (windows 10)

Imagine chatting seamlessly with an artificial intelligence capable of creating interactive and personalized conversations. Not only does it answer your questions, but it also immerses you in stories like a role-playing game (RPG). Thanks to Oobabooga, this experience is now possible, all from your computer. In this article, I’ll guide you through Oobabooga, explaining its unique features, main functions, and how you can install it on Windows 10 to embark on this digital adventure yourself.

I know most of y'all use mobile for tumblr, but to ppl who use windows10 laptops, I'm having screen troubles.

The laptop I use is a windows10 Lenovo laptop. I was using it for a couple of hours and then I tried logging in to a google account with its own profile on Chrome and suddenly, my laptop screen started glitching pink and green.

I don't think it's a hardware issue because I opened my laptop and everything was fine. Whenever it started glitching, it seems like it's laggy and not something hardware related--I tried adjusting the angle of the screen and massaging the screen like Youtube said but it still didn't fix it.

Reseting my laptop is out of the question because there's important files(believe me, it's more important than the saved rare bowie videos I have here).

The screen would start glitching pink and green on interval as well. It's functional, but as a video editor, it's stressing me out.

I tried these things already:

Cmd - mrt

clearning cache

The only thing that's often effective is uninstalling and re-installing chrome(I use it for school and personal stuff that's why I gotta reinstall it.)

I found a suspicious activity in the task manager called "COM surrogate" and deleted it

Installed AVAST antivirus

Installed SMADAV antivirus

It's bad and really glitchy after turning it off or leaving it idle, or when I connect my laptop to HDMI.

Please, please, please--if you've had the same problem before and solved this, or basically know how to fix it, please I need your helppp

AMD Xilinx Vivado: Free Download and Setup on Windows 11 / 10

Subscribe to "Learn And Grow Community"

YouTube : https://www.youtube.com/@LearnAndGrowCommunity

LinkedIn Group : linkedin.com/company/LearnAndGrowCommunity

Blog : https://LearnAndGrowCommunity.blogspot.com/

Facebook : https://www.facebook.com/JoinLearnAndGrowCommunity/

Twitter Handle : https://twitter.com/LNG_Community

DailyMotion : https://www.dailymotion.com/LearnAndGrowCommunity

Instagram Handle : https://www.instagram.com/LearnAndGrowCommunity/

Follow #LearnAndGrowCommunity

Win10 覚え書き ～ フォルダ表示の固定

新しく導入した（中古）パソコンのフォルダ表示が Windows の初期設定状態で、フォルダの内容によって勝手に表示方法を変えてしまいます。私には余計なお世話です。

フォルダの表示内容を固定するにはレジストリエディターでレジストリをいじる必要があります。パソコンを導入する度に毎度こんなことをしてたのかと今さらながらに思いました。

目的：フォルダーを「全般」表示に固定する

１ フォルダの種類

フォルダ内の何も表示がない場所を右クリック →［このフォルダーのカスタマイズ］→ フォルダーの種類から［全般］を選択

２ レジストリの書き換え

その前に（フォルダ表示の固定とは無関係）

… 左下のウインドウズマークを左クリック［スタート］→ スクロールバーを下に下げて →［Windows システム ツール］→［ファイル名を指定して実行］→［スタートにピン留めする］

レジストリエディター（regedit）を起動

↓ アドレスバーに「HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell」をコピペして Enter キーを押して移動。 

 （以下も文字列の記入はコピペ可）

↓ ［Shell］の中にある［BagMRU］と［Bags］を削除。… 右クリック →［削除］を選択して［はい］で削除実行。

↓ ［Shell］を右クリック →［新規］から［キー］を選んでクリック → 記入欄に「Bags」を書き込んでＯＫ。

↓ 同じように、新しくできた［Bags］の中に「AllFolders」キーを作成。

↓ さらに、作成した［AllFolders］の中に新しく「Shell」キーを作成。

↓ その［Shell］を右クリック →［新規］から［文字列値］を選んでク���ック → 記入欄に「FolderType」を書き込んでＯＫ。

↓ 続けて、その［FolderType］を右クリック →［修正］を選んでクリック → ［値のデータ］欄に「NotSpecified」を記入してＯＫ。

↓ そのままもしくは修正内容を確認して、

レジストリエディターを終了（保存作業などはありません）

… 念のためパソコンを再起動させ、手順１をもう一度やって、表示させたい内容（全般表示他）になってるフォルダーから［表示］→［オプション］→［表示］→［フォルダーに適用］ですべてのフォルダーに適用させました。（表示レイアウトやオプションもいじってます）

How to Install MACOS and Any PC Using a Windows Computer | COMPLETE GUIDE, Step by Step!

This is an inbuilt Windows tool, accessed via the task manager (Press control+alt+del) and then go to the startup tab pic below

Now if you don't see this click more details

and you should be able to see the more tabs

Some useful programs to disable on start-up if your computers running slow and or lower powered are things like Spotify, Steam and Discord and these programs can quite intensive when they start up and when you have them plus all of the things the computer needs to work, things can grind to a halt

My solution for bloatware is this: by law you should hire in every programming team someone who is Like, A Guy who has a crappy laptop with 4GB and an integrated graphics card, no scratch that, 2 GB of RAM, and a rural internet connection. And every time someone in your team proposes to add shit like NPCs with visible pores or ray tracing or all the bloatware that Windows, Adobe, etc. are doing now, they have to come back and try your project in the Guy's laptop and answer to him. He is allowed to insult you and humilliate you if it doesn't work in his laptop, and you should by law apologize and optimize it for him. If you try to put any kind of DRM or permanent internet connection, he is legally allowed to shoot you.

With about 5 or 10 years of that, we will fix the world.

Windows 11 Finalmente Supera a Windows 10 a Nivel Mundial

Un hito importante ha sido alcanzado en el ecosistema de Microsoft: Windows 11 ha superado oficialmente a Windows 10 en cuota de mercado a nivel global. Este logro, largamente anticipado, marca el fin de la era de dominio de Windows 10, que se prepara para su fin de soporte en octubre de este año. Sin embargo, el panorama en España revela una tendencia preocupante (Fuente Gstatcounter). El…

How to Turn On or Off Airplane Mode in Windows 10 👍 Step-by-Step Guide

In this step-by-step tutorial, learn how to quickly enable or disable Airplane Mode in Windows 10. Whether you're trying to conserve battery, disconnect from all networks, or reconnect to Wi-Fi and Bluetooth, this video walks you through the process with ease.

Simple Steps 1. Right-click on the "Start Icon" and choose "Settings" from the dropdown. 2. In the dialog box that opens, click on "Network & Internet". 3. In the left side pane, click on "Airplane Mode". 4. Toggle on or off airplane mode.

Orijinal Yazılımın Tek Adresi: keybudur.com

✔ Yazılım Lisanslarını Uygun Fiyatla Al ✔ Hemen Aktivasyon ✔ Sorunsuz Kullanım 👉 keybudur.com

only thing i like about Windows 11 is the new notepad and snipping tool, but even the snipping tool's new shapes tool doesn't work for me :/