Uninstall Sophos Endpoint Security on Multiple workstations Using batch file

Overview If you are planning to migrate the Sophos security software to another security product, you have to plan how to remove this Sophos software from all of the workstation. Here are the procedures for removing the Sophos Security software from all workstation via script and Active Directory GPO. Before you begin. Find the uninstall string. Sophos use the same software strings for the endpoint agent downloaded on the same version or tenant, but use a different string for different version....

February 19, 2024 · 4 min · by Chisqi

Updating/Upgrading Wazuh Services Component

Overview Updating and upgrading Wazuh Components are crucial to keep the software updated for better CVE vulnerability detections, bug fixes, and features. Here are the procedures to upgrade the Wazuh Component for standalone setup. Read the following before proceeding the upgrade: This procedures are for Wazuh Standalone setup only with CentOS Operating system. If you are using another OS, or using Wazuh cluster setup, there are multiple steps needs to be completed, follow the Officeial Upgrade Guidance for the details....

May 23, 2023 · 2 min · by Chisqi

Implementing 802.1x Authentication for wired and Wireless connections

Introduction 802.1X is a network access control (NAC) standard that provides an authentication framework for controlling access to network resources. It is a part of the IEEE 802.1 group of protocols, which defines how devices in a Local Area Network (LAN) communicate with each other. The main purpose of 802.1X is to ensure that only authorized devices or users are allowed to connect to a network, thereby enhancing network security. It operates at the link layer of the OSI model and is primarily used for wired and wireless Ethernet networks....

April 3, 2023 · 7 min · by Chisqi

Securing Linux with SSH key

Overview Using SSH keys instead of passwords enhances security, convenience, and management efficiency. They provide a more secure way to authenticate, especially in environments requiring robust security and automation. Accessing SSH with keys instead of passwords offers several advantages: Enhanced Security Strong Encryption: SSH keys use strong encryption algorithms, making them much harder to crack than passwords. RSA and Ed25519 keys provide high levels of security. Prevents Brute Force Attacks: SSH keys are immune to brute force attacks, as they are significantly more complex and longer than typical passwords....

March 23, 2023 · 4 min · by Chisqi

Wazuh Overview and Cheatsheet

Overview Wazuh is an open-source security information and event management (SIEM) tool. It is designed to help organizations detect and respond to security threats by providing log analysis, intrusion detection, vulnerability detection, and other security-related capabilities. Wazuh is built on top of the ELK (Elasticsearch, Logstash, and Kibana) stack and integrates with other security tools to provide a comprehensive security solution. Wazuh Components The Wazuh indexer is a highly scalable, full-text search and analytics engine....

February 23, 2023 · 3 min · by Chisqi

Deploying SetinelOne with GPO

Overview Installing SentinelOne on multiple computers can be accomplished using GPO or a PowerShell script. In this article, I’ll demonstrate the procedure for installing SentinelOne via GPO. As we know, a key needs to be added during installing SentinelOne. However, GPO does not provide a way to add the key during the installation process. Therefore, we need to modify the .msi package by creating an MST transform file using a tool called Orca....

April 23, 2022 · 2 min · by Chisqi

Reset Windows Password with Bitloker Enabled

Overview Have you ever forgot the computer password, and want to reset it? Typically, you just need to boot into Windows installer ISO, open cmd and rename the utilman.exe. However, you can’t do that if the bitlocker is enabled on that computer. You will need to disable the bitlocker first. On this article, I want to share how to disable the bitlocker and reset the forgotten password. This require either the Bitlocker Password or Bitlocker Recovery Key...

September 1, 2021 · 2 min · by Chisqi

Duo 2FA - Cheatsheet

Download necessary files and its checksum. https://duo.com/docs/checksums Every time you download the file, it is advised to check the downloaded file and its checksum to ensure there was no corruption that might be caused by unstable network connection during the download or storage failure. Powershell Get-FileHash [download-file] | Format-List Duo Authproxy Start authpoxy net start duoauthproxy Restart authpoxy net stop duoauthproxy && net start duoauthproxy Test Connectivity. [installed-directory]\authproxy_connectivity_tool.exe Reference: https://duo.com/docs/authproxy-reference#start-the-proxy...

April 23, 2021 · 2 min · by Chisqi

Windows Defender Antivirus

Overview. Windows Defender Antivirus is an antivirus and anti-malware software developed by Microsoft. It comes pre-installed on Windows operating systems, starting with Windows 8 and later versions. In early versions of Windows 10, Windows Security is called Windows Defender Security Center. Windows Defender is designed to protect your computer from various types of threats, including viruses, malware, spyware, and other potentially unwanted software. Key features and functions of Windows Defender: Virus & threat protection Monitor threats to your device, run scans, and get updates to help detect the latest threats....

April 12, 2019 · 3 min · by Chisqi

Windows Disable printscreen key and USB

Introduction For the security reasons, we can disaable the printscreen key and disable the USB on a computer to protect the convidential internal data from being copied by the users. Disable Print Screen : Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout] "Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,00,00,2a,e0,00,00,37,e0,\ 00,00,54,00,00,00,00,00 Disable USB : Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbstor] "Type"=dword:00000001 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "DisplayName"="USB Mass Storage Driver" "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\ 00,52,00,2e,00,53,00,59,00,53,00,00,00 "massfilter"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbstor\Enum] "Count"=dword:00000001 "NextInstance"=dword:00000001 "0"="USB\\Vid_0930&Pid_6544\\001D92D8F17DC93064210588"

June 2, 2010 · 1 min · by Chisqi