IT Pro Tuesday #269

Welcome back to IT Pro Tuesday!

On the latest episode of the Security Swarm Podcast: “Monthly Threat Report – September 2023,” we analyze data from August and discuss the latest M365 security trends, email-based threats, and noteworthy happenings in the cybersecurity space.

We’re also looking for your favorite tips and tools we can share with the community… those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we’ll be featuring them in the coming weeks.

Disabling NTLM Authentication Guide is a blog series on how to navigate the complexities of moving from NTLM authentication to Kerberos—something strongly recommended by both security experts and Microsoft. Provides technical details on how to audit the use of NTLM as well as strategies for how to work with a team to get the job done. crazyadm1n explains, “I just finished leading a 15 month project to disable NTLM authentication (almost entirely) in our AD domain… Some of the issues I encountered almost made us give up and took a long time to figure out. I think the tactics and techniques I learned along the way could benefit others…”

Visual Syslog Server is an open-source Windows application for receiving and displaying syslog messages that can be helpful when configuring routers and Unix/Linux-based systems. Offers a live message view that features message switching, color highlighting, filtering, and customizable notification and action settings. shivellebits says it “works a charm on Windows for anyone looking for a free easy-to-install syslog.”

Microsoft Portals is a handy tool that can help a sysadmin find useful resources in the somewhat convoluted Microsoft ecosystem. This community-driven project conveniently lists addresses for the large constellation of MS admin sites in a single, organized location. ShittyExchangeAdmin says, “I keep it as a pinned tab in firefox.”

Hussein Nasser is a YouTube channel that offers fascinating discussions on a wide range of software engineering topics, along with lots of practical examples. deleted_account??? appreciates it “for analysis of recent outages for big companies, good breakdown of what went wrong, and an insight into the potential stack in use.”

PDF Tool provides an easy way to edit pdf files directly on your device—so you can be sure to keep the data secure. Expert_Candidate_579 sees it as “a privacy-first tool that lets you modify pdfs offline in your browser, no upload to server or cloud, no limits on editing, entirely for free.”

Whatmask is a compact program that helps with network configuration. With only a subnet mask as an argument, it returns the subnet mask in four different formats and the count of usable addresses within the range. Or, given an IP address within the subnet plus the subnet mask in any format, it prompts Whatmask to provide CIDR, Netmask, Network Address, Broadcast Address, Usable IP Address count, and First and Last Usable IP Address. Kindly suggested by WhereasHot310.

Steampipe is an open-source tool that simplifies the task of querying cloud services using SQL. Its user-friendly CLI replaces the inconvenient and inconsistent methods typically used to access cloud resources. LeatherDude raves, “Steampipe is f*cking amazing, if you manage a lot of cloud environments.… It’s a little work to set up in a big environment, but damn is it powerful once you get going. I’m querying assets across over 100 cloud environments in a few minutes with some basic SQL.”