Navigating trough may different regulatory compliance is rough.  When they start to layer on top of each other when they have their own difference almost makes it impossible.

I really like what the folks over at Secure Controls Framework has done my combining all the controls into a blended model.  This is available for download in Excel Here, or via their Github Here

Windows Firewall rules for Fortinet SSO Collector

The Fortinet SSO Collector service will collect login information from all domain controllers, and forward user / machine / IP information to the FortiGate.

I recently installed new Windows 2022 Domain Controllers in core mode (No GUI).  For the SSO collector and agent communication firewall ports needed to be installed to allow the incoming communications.

References:

Fortinet Community #1

Fortinet Community #2

Fortinet Community #3

Fortinet Guru #1

Tail Windows Defender Firewall Log

 

Grab a NIC IP information and dynamically create a reset script

 I had a request to figure out how to record a NIC's IP information and make it easy to put the config back if required.  the result us a run-able $outfile PowerShell script to reset the settings.

Native Windows 10 packet Sniffer PKTMON

I had to troubleshoot connectivity issues from a Window 10 machine, and really did not want to install Wireshark.  Then I remember reading this document for the built in sniffer: pktmon | Microsoft Docs

 Basically here are the steps:

• Change directory to where you want the results to be saved (I.E. c:\temp)
• Add Filters for the IP you want to monitor for
• pktmon filter add -i 8.8.8.8
• pktmon filter add -i 9.9.9.9

• Start pktmon
• pktmon start –etw  (this will send to PktMon.etl file only)
• pktmon start --etw -l real-time (Will send to PktMon.etl file and the screen)
• Generate the traffic

• Stop pktmon
• pktmon stop

The native file PktMon.etl can only be read by Microsoft’s NetMon.  If you have WireShark installed you can run this command to convert it:

• pktmon pcapng pktmon.etl -o log.pcapng

 

Also for reference, the on screen verbose (-l real-time) of opening nslookup and connecting to 8.8.8.8 would look like this:

 

 

 

There are other options in the linked doc but to get a quick view of traffic, not bad….  Enjoy!

Get all active directory users properties

Need to grab all the properties for all your AD users? Here you go!

Rename Files to a random name

 I had a bunch of photos that I wanted to randomize on a photo frame.  The frame processes photos alphabetically by file name. Since the original filename had the date / time the picture was taken, meant there was no randomness to what was displayed.

I wrote this to change the filenames to a random number.

Remove WSUS GPO settings

Most companies deploy Windows Software Update Services (WSUS) via a group policy to keep all corporate systems updated.  However sometimes nerd in me wants the latest and greatest, before corporate approves them.  So run these commands in a Administrative Powershell Session.  This will remove the WSUS settings until the next GPO sync.

PCI Antivirus logs

QSA requested proof of Antivirus logging and the retention. Using the LET command I am grabbing the newest and oldest log entries as evidence.

PCI Requirement 2 - Proof MFA in use

I am going through a PCI audit and was requested that I prove that MFA was in use.  I used this Azure KQL against my log analytics workspace to show all sign ins and if MFA was checked.