EXCHANGE   Exchange – New vulnerability that allows privilege escalation



A new vulnerability that affects Exchange on-premise servers has been discovered recently (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/). By making use of the high privileges Exchange servers have by default, the attacker would be able to escalate from any user with a mailbox to Domain Admin access.

According to Dirk-jan Mollema (see upper link), the vulnerability has been tested against …

  • Exchange 2013
Read more

Home Server icon   Home Server (3) – First steps configuring HP Microserver Gen8



Third post of the Home Server series in which I explain how I built my own server.
Visit the first post for details about the objectives of the project.

Maybe you have decided to have your own server and already you are owner of any model as HP Microserver Gen8. Surely there are many more to be done, but theseRead more

Checkpoint   Checkpoint – Database Revision Control



“Database Revision Control” is a really useful feature when you are going to make important and/or many changes in the firewall policy, objects…

To make an analogy, DRC are like snapshots (as in the case of VMWare of a virtual machine) of the policies, objects, etc … everything that contains the database of the management server of Checkpoint is backed … Read more

Security   Security – Create self signed SAN certificate with OpenSSL



This post explains how to generate self signed certificates with SAN – Subject Alternative Names using openssl. It is a common but not very funny task, only a minute is needed when using this method.

The example below generates a certificate with two SubAltNames: mydomain.com and www.mydomain.com

Create openssl configuration file

Create configuration file for openssh (In a Linux … Read more

Linux   Linux – Exim: Authenticated and TLS mail through smarthost



Exim is a very flexible and common MTA (mail transfer agent) in Unix systems.
This posts shows the way to configure Exim as client to send authenticated and encrypted (TLS) emails through a smarthost.

Lets suppose the smarthost email server is listening on port 587 for secure outgoing SMTP…

Configure exim to use the smarthost

To configure exim In … Read more

Security   Security – Convert PFX to PEM using Windows or Linux



For certain application, a job partner asked me to send him certain certificate with private key in PEM format. Normally I’m using PFX format, but with a little help of the openssl toolkit converting PFX to PEM is quite easy.

Windows

openssl for windows can be downloaded here: http://gnuwin32.sourceforge.net/packages/openssl.htm
After extracting the contents, inside the bin subfolder the openssl … Read more