LM Hashes

Posted Posted in System Hardening, Windows

LM hashing is a compromised hashing function and has been since early 2000. In this post I cover how to remove passwords stored in LM format. Google is your friend and has numerous articles on LM hashes here. Likewise, Microsoft also published a detailed article on LM hashes here. The Problem Password […]

Windows RDP Hardening

Posted Posted in System Hardening, Windows

RDP (Remote Desktop Protocol) misconfigurations are commonly identified by vulnerability scanners, most often consisting of: Network Level Authentication (NLA) Disabled Terminal Services Encryption Level is Medium or Low, or Terminal Services Encryption Level is not FIPS-140 Compliant I created a four minute video explaining and fixing these issues here. More can […]

SMB Signing Disabled

Posted Posted in SMB, System Hardening, Windows

SMB Signing Disabled Server Message Block (SMB) signing is a method to digitally sign SMB packets, allowing the recipient of the SMB packets to confirm their authenticity. Microsoft have a great write up here. The Problem SMB signing is either not enabled or not required by default. This default configuration […]

Fixing SSL/TLS Config Issues Windows Server – IISCrypto

Posted Posted in System Hardening, Windows

This post is all about the software IISCrypto and how to fix SSL/TLS issues. You can also find walk through video is here. During the last 2 posts, I covered how to fix certain SSL/TLS issues using manually by using native Windows functionality. These posts are linked below: https://www.phr33fall.co.uk/ciphers/ https://www.phr33fall.co.uk/ssl-tls-issues-server-2012/ Software is […]