Author Archives: Tom Aafloen

About Tom Aafloen

IT Security Advisor @ Onevinn

Get free SSL certificates with Let’s Encrypt

I have previously blogged about how you can get a free SSL certificate from the Certification Authority called WoSign, but they have been misbehaving lately (see details here) and some big companies like Apple, Google and Mozilla are actually considering … Continue reading

Posted in Okategoriserade | 2 Comments

Links from my Windows Security and ATA session

A few days ago I spoke about IT security in general and Advanced Threat Analytics in particular at Microsoft’s headquarter in Stockholm. I showed a few sites and was asked to share them. So here they are: Norse Norse is … Continue reading

Posted in Okategoriserade | 1 Comment

SSL Certificates and SAN – What domain names are valid?

An SSL certificate has a field called Subject. The Subject field contains the domain name that the certificate is valid for. Subject can only contain one domain name: The field Subject can have more information, like the screenshot below, but … Continue reading

Posted in Certificates, PKI, SAN, SSL | Tagged , , , | Leave a comment

Get a free publicly trusted SSL-certificate

This blog post will guide you through the steps of obtaining a publicly trusted SSL certificate with up to 5 domain names, at no cost. There are no hidden costs, ads or referrals involved. You do need to be able … Continue reading

Posted in Certificates, PKI | Tagged , , , | 6 Comments

My Advanced Threat Analytics session (in swedish)

About a month ago I gave a talk about Microsoft Advanced Threat Analytics (ATA) at TechX, a Microsoft event here in Sweden. The session is now posted on YouTube and available for everyone to see. Please note that the talk … Continue reading

Posted in Okategoriserade | Leave a comment

Installing CA via PowerShell : “-Whatif” not working

I just installed a CA server for testing, and noticed something strange. First I installed the binaries with the cmdlet Add-WindowsFeature, without any issues: When I was about to install and configure the CA role with the Install-AdcsCertificationAuthority cmdlet, I … Continue reading

Posted in Okategoriserade | Leave a comment

Require SSL on NDES admin site via PowerShell

Best Practices from Microsoft when deploying Network Device Enrollment Service (available here) states: “Always set up the administrator site with SSL-only configuration. (Disable http access to this site.)” This is to protect the sensitive One Time Passwords that are transmitted … Continue reading

Posted in CA, Certificates, NDES, PKI, SCEP | Tagged , , , | 6 Comments

Forced password change at next logon and RDP

If your AD account has the “User must change password at next logon” option enabled: and you try to logon to a RDP session (with correct credentials): you might encounter this error message: “You must change your password before logging … Continue reading

Posted in Okategoriserade | 75 Comments

Keep your OneDrive storage size

A while back Microsoft announced that the storage in the free version of OneDrive will be decreased from 15 GB to only 5 GB. The bonus storage of 15 GB extra when activating Camera Roll Backup in OneDrive will also … Continue reading

Posted in Okategoriserade | Leave a comment

AppLocker Bypass Checker

One of the Default Rules in AppLocker allows everyone to execute everything in the folder C:\Windows: The reasoning behind this must have been that a non-admin Windows-user should not have write permissions anywhere in that folder. But as it turns … Continue reading

Posted in AppLocker | 14 Comments