blog.icewolf.ch

Let's talk about IT!
posts - 1958, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Tuesday, January 25, 2022

PFX Certificate Password Recovery Tool (Brute Force)

Hi All,

A customer recently could not remember the Password of the PFX File.
I was curious and searched for a PFX Password Recovery Tool.

I created a PFX with a Password
  • 9 chars
  • uppercase chars
  • lowercase cars
  • numbersspecial caracter

Certificate Password Recovery Tool


I startet the Tool on Friday 14 January 23:41:41



After about 9 Days there where tested 569'890'000 diffrent combinations. And we're still at 5 Characters.


Conclusion:
If you have a weak password or know parts of the Password - this might work for you in an acceptable time.
If it is a secure Password and you don't know anything, it will take simply too much time.
It's not that hard to create a new CSR and issue a new Certificate.

Regards
Andres Bohren


posted @ Tuesday, January 25, 2022 11:18 PM | Filed Under [ Security ]

Threat Explorer in Microsoft 365 Defender got a refresh

Hi All,

I am pretty sure, i did not read anything about this refresh of Explorer in Microsoft 365 Defender (Security Admin Center) ttps://security.microsoft.com/threatexplorer


It has also been renamed from "Threat Explorer" just to "Explorer".
What i absolutely love about this, is that the default now points to "All email" instead of "Malware" like before.


You sill have a lot of Filtering possibilities


And also the Chart view has diffrent Filtering options


A quick check in the Advanced Hunting shows, that here also were made some changes


After a Moment (15-30 Minutes) i was able to execute the Querys again.



Regards
Andres Bohren


posted @ Tuesday, January 25, 2022 9:05 PM | Filed Under [ Security Microsoft365 ]

MicrosoftTeams PowerShell Module 3.1.0 released

Hi All,

Just a few days ago, Microsoft has released the MicrosoftTeams PowerShell Module v3.1.0 to the PSGallery.
Here are the Release notes


Time to uninstall the old Modules and get the new one. Unfortunately i had still code open, that's why 3.0.1-Preview couln't be uninstalled in the first place-

Get-Module MicrosoftTeams -ListAvailable
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams
Uninstall-Module MicrosoftTeams


Now Install the MicrosoftTeams PowerShell Module from the PSGallery
Find-Module MicrosoftTeams
Install-Module MicrosoftTeams


Let's see how long it takes to load the Module. I am impressed, it's like half of the time than the previous modules, but still not as fast as te 2.x.x Versions.

Measure-Command -Expression {Import-Module MicrosoftTeams}


As you can see the Module is loaded

Get-Module


The

Get-CsOnlineUser | ft UserPrincipalname, SipAddress, EnterpriseVoiceEnabled, HostedVoiceMail
Get-CsOnlineVoiceUser


Get/Set-CsUserCallingSettings are still Preview Commands and not included in this GA Version of the PowerShell Module

Get-CsUserCallingSettings

Get-Command *CsUserCallingSettings


Get-Team
Get-CsOnlineUser -Identity a.bohren@icewolf.ch | fl *Ent*, *host*, *voice*, *um*


Regards
Andres Bohren


posted @ Tuesday, January 25, 2022 8:43 PM | Filed Under [ PowerShell MicrosoftTeams ]

Azure File Sync Agent 14.1 has been released

Hi all,

On the last Microsoft Patchday, i've seen, that a new Azure File Sync Agent has been released. The Title is "Azure File Sync Agent v14.1 Release - November 2021 (KB5001873)" - but when you check the download Link it is from mid December.


When i check the Storage Sync Service in Azure Portal, i can see that i'm using the Agent Verion 13.0. The Download Link to the New Version also comes handy.




I've installed the new Agent via Windows update. After a Reboot i can see that the new Version of Azure File Sync Agent is working.



Regards
Andres Bohren


posted @ Tuesday, January 25, 2022 7:35 AM | Filed Under [ Azure ]

Android 12 and Android Security Patch 2022.01 released for OnePlus 9

Hi All,

I have got me a OnePlus9 Smartphone in May 2021. So far Android Patches coming about all two Months. Last Android Patch was 2021-11-01 for that Phone.

Today i got a big update that also contained Android 12 and Android Patchlevel 2022.01





Regards
Andres Bohren



posted @ Tuesday, January 25, 2022 1:42 AM | Filed Under [ UM/Mobile ]

Monday, January 24, 2022

Your datacenter move for Exchange is complete

Hi Everybody,

In June 2020 i applied for the Data residency move to the newly created M365 Datacenter Location in Switzerland


Today i had the following Message in the M365 Message Center



I've checked the Data location. As you can see the Exchange Data has been moved to Switzerland ūüėć



Regards
Andres Bohren


posted @ Monday, January 24, 2022 8:50 PM | Filed Under [ Exchange Microsoft365 ]

Sunday, January 23, 2022

Upload file to SharePoint Online with PnP.PowerShell

Hi All,

A few weeks ago i had to upload a File to a SharePoint Site with a PowerShell Script.
In this Blog Article i explain how i did it.

All you need is

Here is the File i want to upload and replace with my PowerShell Script (Documents/Project/Script/AADUsers.csv)


Azure AD Application

You need to create an Azure AD Application. Copy the Application ID, you will need that later for the PowerShell Script


The Application need to have a ClientSecret. Copy the ClientSecret, you will need that later for the PowerShell Script.
Sadly you can't use Certificates with PnPPowerShell for Authentication.


You don't need any Permissions. These will be set in the Sharepoint Site.



SharePoint Permission

Go to the Sharepoint Site you want to Upload open the "/_layouts/appinv.aspx" and enter the App ID and klick on lookup.
https://[tenant].sharepoint.com/sites/[siteName]/_layouts/appinv.aspx


Now we add the Permission. It has to be done with an XML File

Add-in permissions in SharePoint
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint

http://sharepoint/content/tenant                     #Tenancy
http://sharepoint/content/sitecollection             #Site Collection   
http://sharepoint/content/sitecollection/web        #Website
http://sharepoint/content/sitecollection/web/list    #List

In this Example the Following XML is Sufficient

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="FullControl"/>
</AppPermissionRequests>


On the next Page we select "Documents" and hit "Trust it"


You can't change the Settings. But under the Site Settings > Site collection App permissions you can view the Applications


As mentioned, you can't edit. Simply delete the App.


PowerShell Script

And here is the PowerShell Script to Upload a File with PnPPowerShell

###############################################################################
# Upload file to SharePoint with PnP.PowerShell
# 23.01.2022 - Andres Bohren
###############################################################################
#Variables
$AppID = "0d1c73de-c74d-4b06-8a35-e53c8e190258"
$ClientSecret = "YourClientSecret"
$SiteURL = "https://icewolfch.sharepoint.com/sites/DemoTemplate/"
$FileURL = "Freigegebene Dokumente/Project/Script/AADUsers.csv"

#Connect-PnPOnline
Write-Output "Connect-PnPOnline"
Connect-PnPOnline -Url $SiteURL -ClientId $AppID -ClientSecret $ClientSecret -WarningAction Ignore
Get-PnPContext

#Items in Folder
$RelativeURL = "Freigegebene Dokumente/Project/Script"
$Items = Get-PnPFolderItem -FolderSiteRelativeUrl $RelativeURL
$Items

#Upload File
$CSVFile = "C:\GIT_WorkingDir\PowerShellScripts\SharePoint\AADUsers.csv"
Write-Output "Uploading CSV to Sharepoint"
$FolderObject = Get-PnPFolder -Url $RelativeURL
$Upload = Add-PnPFile -Path $CSVFile -Folder $FolderObject
If ($Upload -ne $null)
{
    Write-Output "File sucessfully uploaded"
}






Regards
Andres Bohren


posted @ Sunday, January 23, 2022 2:35 PM | Filed Under [ Microsoft365 ]

Microsoft Teams Export assigned Phonenumbers to CSV

Hi All,

Did you ever wanted to have a List of all assigned Phone Numbers in Teams?

For CallQueues and Autoattendant you can find the List of ResourceAccounts in Teams Admin Center (TAC) under Voice > Resouce accounts


Sadly, the same does not apply for Users. Under "Phone Numbers" you will find only a List of Numbers if you're using Operator connect.


For the Users you have to go to Users > Manage users. But here are all Users not only the ones with Phone Numbers


Maybe you can use a Filter. Best fit would probably to query the voice routing policy - given you have set that for every user correctly.


I found a handy Script from Andrew Morpheth on Github

The Script will export all Numbers to a CSV


Make sure you have these Azure AD Roles assigned:
Skype for Business Administrator
Teams Administrator


Otherwise you will run into this Error


Here is the Export.

Sadly the Callqueues and Autoattendands are listed double (Type User and CallQueue/Autoattendant)
But hey, i think the Script is still handy



Regards
Andres Bohren

posted @ Sunday, January 23, 2022 9:53 AM | Filed Under [ MicrosoftTeams ]

Saturday, January 22, 2022

M365 Import List from Excel File

Hi All,

Did you know, that you can create a Microsoft List in M365 from an Excel?

I have created this Example Excel


From the Office 365 Portal in the Browser i open Lists


Here i create a "New List"


I select "From Excel"


The Excel File has to be on your OneDrive


If the Table is not yet properly formated you need to fix that


With the klick on the above "Open" the Excel File will loaded in Excel Online. You then Select the Data and "Format as Table". Then close Excel Online



Now your are able to fix some collumn Namens an check the Type


Give the List a Name and Save it


And here you go: A List imported from Excel


With "New" you can add new Entrys


You will find your Lists under "My Lists"



Regards
Andres Bohren


posted @ Saturday, January 22, 2022 8:34 PM | Filed Under [ Microsoft365 ]

Friday, January 21, 2022

DANE - DNS based Authentification of Named Entities

Hi All,

You might have stumbled over the Microsoft Anouncement of DNSSEC/DANE for Exchange Online.
In this Blog i would like to explain how it works in detail


Microsoft 365 roadmap


What is DANE?

DANE is the abbreviation for "DNS based Authentification of Named Entities".

Dane is defined in the RFC6698
The DNS-Based Authentication of Named Entities (DANE)
Transport Layer Security (TLS) Protocol: TLSA
https://datatracker.ietf.org/doc/html/rfc6698

Requires a TLSA DNS Record. In the RFC above there is this Statement:
TSLA Record ("TLSA" does not stand for anything; it is just the name of the RRtype)

Maybe that's true. I would consider it as a TLS Anchor.

Kind of HTTP Public Key Pinning (HPKP) Pinning for SMTP.
Interesting Note is that, HPKP is already depreciated and not supported anymore in any browser.

How does DANE work?

In short, these are the Steps that are performed
  • MX Lookup
  • DANE Lookup (TLSA Record for the Mailserver Hostname)
  • Connect to the Mailserver and get the TLS Certificate
  • Check if the Certificate matches the Hash of the TLSA Record


MX Lookup

As an Mailserver or Exchange Admin, you will be familiar with MX Lookups. There are many ways to do it.

With the Windows command prompt

nslookup -type=mx hostpoint.ch


With Powershell cmdlets

nslookup -type=mx hostpoint.ch
Resolve-DnsName -Name hostpoint.ch -Type MX



Via DNS over HTTPS

$Domain = "hostpoint.ch"
$json = Invoke-RestMethod -URI "https://dns.google/resolve?name=$Domain&type=MX"
$MX = $json.Answer.data
$MX



DNSSEC

But wait, didn't you say that the DNS Zone has to be Secured with DNSSEC?
Yes that's true. But how can i check that?

DNSSEC Analyzer



Another interesting Method is to use DNS over HTTPS with Powershell.
The DNS Zone hostpoint.ch is protected with DNSSEC, while the DNS Zone icewolf.ch is not.

$Domain = "hostpoint.ch"
$json = Invoke-RestMethod -URI "https://dns.google/resolve?name=$Domain&type=MX"
$json

As you can see there are some Flags in the Rest Response. AD = true is what we are looking for.
  • TC: TrunCation (truncated due to length greater than that permitted on the transmission channel)
  • RD: Recursion Desired
  • RA: Recursion Available
  • AD: Authentic Data
  • CD: Checking Disabled

My DNS Zone icewolf.ch is hosted on Azure DNS. Interesting sidenote is that Azure DNS does not support DNSSEC at this time


TLSA DNS Record

The TLSA DNS Record looks like this
_<Port>._tcp.<Servername> IN TLSA <Certificate usage> <Selector> <Matching Type> <Fingerprint>


Certificate Usage (0 - 3)

0 The Hash belongs to the Certificate Authority who is allowed to issue Certificates for this Host. The Client must trust this CA (Trusted Root CA or Trusted Subordinate CA)
1 The Hash belongs to the Servercertificate. It has to be from a CA that the Client trusts.
2 The Hash belongs to the Certificate Authority who is allowed to issue Certificates for this Host. The Client must thrust this CA even its not in the List of the Trusted Root CA or Trusted Subordinate CA of the Client
3 The Hash belongs to the Servercertificate and the Client shall trust it without having a look at the Certificate Chain

Selector (0 or 1)

0 Hash will be from the complete Certificate
1 Hash will only be from the Public Key and the algorithm

Matching Type (0-2)

0 Hash contains the full certificate
1 Hash contains a SHA-256 hash
2 Hash contains a SHA-512 hash

Let's check with the Windows command promt - that does not know that resource Record

nslookup -type=tlsa _25._tcp.mx.hostpoint.ch


Let's check with the Powershell Commandlets - same here, the Resource Type is not known

Resolve-DnsName -Name _25._tcp.mx.hostpoint.ch -Type TLSA


Let's try with DNS over HTTPS - here it works

$TLSAQuery = "_25._tcp.mx.hostpoint.ch"
$json = Invoke-RestMethod -URI "https://dns.google/resolve?name=$TLSAQuery&type=TLSA"
$TLSA = $json.Answer.data
$TLSA



If you're working on Linux, that's your command:

Install the Bind utils
sudo yum install bind-utils

DNS Query
dig _25._tcp.mx.hostpoint.ch IN TLSA +short


Most of the DNS Providers out there currently do not support tho create TLSA DNS Records

Even in the Control Panel of Hostpoint  (Remember it does support DNSSEC and has published it's own TLSA Record) it's not possible to publish a TLSA Record.

Same applies also to Azure DNS


Normally you can check any DNS Record with MXToolbox.com - not for TLSA Records. At least not for the moment. I guess that will change soon.


But there are alternatives like this one

DANE SMTP Validator



or this one


Mail Server Certificate

It's now time to get the Mailserver Certificate. A while ago i've created a Powershell Script for getting the SMTPCertificate.

\Get-SMTPCertificate.ps1 -ServerName $Mailserver -Port 25 -SendingDomain icewolf.ch -CertificateFilePath C:\GIT_WorkingDir\PowerShellScripts\mx.hostpoint.ch.cer


Create the Hash

To be honest, i was strugeling with that part. None of my effords in creating a SHA-256 Hash of the Certificate / Certificate Public Key did match the Hash in the TLSA Record.

It's not as simple as creating a SHA-256 Hash.

# The GetSpkiFingerprint method returns the SPKI Fingerprint suitable for use in pinning.
#  (See RFC 7469.)  An SPKI Fingerprint is defined as the output of a known cryptographic hash
#  algorithm whose input is the DER-encoded ASN.1 representation of  the Subject Public Key Info
# (SPKI) of an X.509 certificate.  The first argument specifies the hash algorithm and may be
# "sha256", "sha384", "sha512", "sha1", "md2", "md5", "haval", "ripemd128",
# "ripemd160","ripemd256", or "ripemd320".   
# The second argument specifies the encoding, and may be "base64", "hex",


But you can use Certutil with the *.cer File

certutil.exe -dump C:\GIT_WorkingDir\PowerShellScripts\mx.hostpoint.ch.cer


Or create a PowerShell Script around certutil

###############################################################################
# Hash with Powershell and Certutil
###############################################################################
$dump = certutil.exe -dump C:\GIT_WorkingDir\PowerShellScripts\mx.hostpoint.ch.cer
$line = $dump | Select-String -pattern "pin-sha256-hex"
$Line = $Line.Tostring()
$SpkiFingerprint = $line.Split(" ")[1]
$SpkiFingerprint



Or use openssl

openssl x509 -in hostpoint.cer -pubkey -noout | openssl pkey -pubin -outform DER | openssl sha256



Summary
The requirements for DANE are pretty high with DNSSEC and a TLSA Record.
Administrators need to understand how to create these DNS Records and how to rollover when a certificate expires.
Anyway i am exited to see that Exchange Online will support DANE soon.
So prepare yourself to be able to troubleshoot if something isn't set up correctly.

Regards
Andres Bohren


posted @ Friday, January 21, 2022 11:38 AM | Filed Under [ Exchange ]

Powered by:
Powered By Subtext Powered By ASP.NET