Posts by Wayneh_nz 12 publicly visible posts • joined 20 Feb 2017
If you want to test if your exchange server is vulnerable edit this. If you see an auth window you are. If you get denied you are not.
https://owa.contoso.com/Autodiscover/autodiscover.json@PowerShell
To mitigate it you can follow these steps
Import-Module WebAdministration
Invoke-WebRequest -UseBasicParsing -Uri 'https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite\_amd64\_en-US.msi' -OutFile "$env:windir\temp\rewrite.msi"
Start-Process -FilePath "$env:windir\system32\msiexec.exe" -ArgumentList '/i', "$env:windir\temp\rewrite.msi", '/qn'
Start-Sleep -Seconds 15
$name = 'Block AutoDiscover 0-Day'
$inbound = '.*autodiscover\.json.*\@.*Powershell.*'
$site = 'IIS:\Sites\Default Web Site\Autodiscover'
$root = 'system.webServer/rewrite/rules'
$filter = "{0}/rule[@name='{1}']" -f $root, $name
Add-WebConfigurationProperty -PSPath $site -filter $root -name '.' -value @{name = $name; patternSyntax = 'Regular Expressions'; stopProcessing = 'False' }
Set-WebConfigurationProperty -PSPath $site -filter "$filter/match" -name 'url' -value $inbound
Set-WebConfigurationProperty -PSPath $site -filter "$filter/action" -name 'type' -value 'CustomResponse'
Set-WebConfigurationProperty -PSPath $site -filter "$filter/action" -name 'statusCode' -value 403
Set-WebConfigurationProperty -PSPath $site -filter "$filter/action" -name 'statusReason' -value 'Forbidden'
Here in New Zealand, our QR code contact tracing app, provided by the government does a couple of things differently, the data is stored on your device, the QR Code is registered to the physical location, the app sends the business name and user name to the contact tracing provider, once there has been a notification that the contact tracing needs to contact some one that has been to that location, they then get the app to notify the contact tracing of the day and time that a particular user has been, if it does not correspond with the timeline requested, the data is purged, and the people that match get a phone call, and told to take a test and isolate.
All public transport has a card, (like an oystercard in the UK) and all vehicles have a unique code, so we can trace individual travel,
and like Scott26 above, we have gotten good enough, that I have seen someone scanned someones else's phone, while they were scanning the code at the door.
Expanding foam in the sirens dulls the sound a bit. Spraying a little cooking oil into the sirens stops the expanding foam from sticking, as demonstrated by the burglars that broke into my neighbors house and got expanding foam all over themselves, trying to quieten down the siren.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
