https://2849e3c5.tplant.pages.dev/ Recent content on Tom Plant Hugo en-us Mon, 11 Mar 2024 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/intune-error-codes/ Mon, 11 Mar 2024 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/intune-error-codes/ Microsoft Intune can manage a wide range of features across multiple operating systems - and when things go wrong, it can produce some pretty obscure error codes. I’ve pulled together this list of error messages from a few different sources to help with troubleshooting. And if this list doesn’t help, try these lookups: Win32/HRESULT MsiExec Windows Installer Windows Update Entra ID (aka Azure AD). These codes start with AADSTS Code Code (hex) Code (lower hex) Message Description 131328 0x20100 0x20100 The administrative template setting failed to be configured. https://2849e3c5.tplant.pages.dev/blog/building-a-ctf/ Sat, 30 Dec 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/building-a-ctf/ After a few years of working on the PECAN+ cybersecurity event, it’s about time I did a writeup. No challenge solutions though - you’ll have to wait for PECAN+ 2024! Introduction PECAN+ started as a cyber training weekend for high-school students, run by Edith Cowan University and the Australian National University. Over time it evolved into a training day and fully-fledged Capture The Flag (CTF) competition with around 500 students from across the country. https://2849e3c5.tplant.pages.dev/blog/nsg-allow-m365/ Fri, 31 Mar 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/nsg-allow-m365/ Azure network security groups (NSGs) provide IP-based traffic filtering for subnets and VM network interfaces (NICs). But services like Microsoft 365 use a large and frequently-changing IP space, so writing IP-based rules is challenging. Azure Firewall can provide HTTP filtering (and DNS with the Premium SKU), but it’s an expensive and often overkill solution. Recently I deployed a hybrid Exchange environment in Azure, which requires inbound SMTP and HTTPS traffic. Within minutes I received hundreds of malicious requests from all over the internet (observed via NSG traffic analytics). https://2849e3c5.tplant.pages.dev/blog/intune-hardening-secedit/ Tue, 28 Feb 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/intune-hardening-secedit/ The ACSC Windows Hardening guide is widely used in Australian organisations, particularly government entities. However, it was originally written for Active Directory Group Policy, and some settings don’t convert well to other management solutions like Microsoft Intune. So I built a set of Intune policies and scripts to speed up implementation. Recently Michael Dineen from Microsoft had a similar idea, and publicly released a set of policies on GitHub. These policies are fantastic for anyone looking to implement ACSC best practices with Intune, but they don’t cover some tricky edge cases like certain local security policies. https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-2/ Tue, 31 Jan 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-2/ For background info on tenant restrictions, check out my previous post. Cloud Identity Service Taking a look in Event Viewer, there’s a new log Microsoft-Windows-TenantRestrictions/Operational with some events: 1004: The endpoint sync service (cloudidsvc) started succesfully [sic]. 1005: The endpoint sync service (cloudidsvc) succesfully [sic] synced the latest list of endpoints. That service has an interesting description: Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-1/ Thu, 27 Oct 2022 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-1/ The Windows 11 ADMXs released a while back, and there’s an interesting new category - “Tenant Restrictions”. It shares a name with an Azure AD feature for restricting endpoints to specific tenants, but that typically requires a beefy TLS decryption appliance and expensive supporting infrastructure (VPNs etc). The ADMX category only has one policy, “Cloud Policy Details” (ID trv2_payload), but fortunately it has a detailed description: This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory. https://2849e3c5.tplant.pages.dev/blog/corctf-2021/ Sun, 22 Aug 2021 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/corctf-2021/ A jeopardy CTF (CTFtime event) by Crusaders of Rust. I didn’t have much time so focused on the lower-level web chals, but it felt like a solid intermediate to hard CTF with great difficulty and category distribution. Didn’t have any OSINT or forensics though :( web/devme an ex-google, ex-facebook tech lead recommended me this book! https://devme.be.ax Just like TechLead, the linked site was flashy but mostly empty. Only this email input field stood out. https://2849e3c5.tplant.pages.dev/blog/winja-ctf-2021/ Mon, 08 Mar 2021 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/winja-ctf-2021/ A hack quest CTF by nullcon, good variety of difficulty and categories. Keeping track of the map interface was painful though. Are Yaar Points: 120 In a village there were 4 best friends one of them was Ramlal whose favorite dish was ‘pulihora’. He was a farmer and with lot of hardwork and passion he became CEO of a Software Organization. https://twitter.com/kulkarniramlal The Twitter account linked to a GitHub profile, containing a single repo. https://2849e3c5.tplant.pages.dev/blog/teams-lms/ Sun, 14 Feb 2021 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/teams-lms/ Prologue With Queensland adopting the ATAR assessment system, digital assessment storage was one of many new requirements to tackle. We were lagging behind other schools with no existing LMS, but this was a blessing in disguise - we weren’t locked into a non-compliant vendor. Time was running out, so Microsoft Teams was chosen to become a short-term repository/learning management system. Nothing is cheaper than free (so I was told), and the SharePoint backend would be easy to migrate if/when needed. https://2849e3c5.tplant.pages.dev/blog/custom-msa-alias/ Sun, 14 Feb 2021 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/custom-msa-alias/ Unlike Microsoft 365 Business, where adding email domains is “just a few clicks away”, Microsoft 365 Personal/Family only supports GoDaddy for both registration and DNS. This is a huge red flag to anyone who’s had the misfortune to use GoDaddy, so here’s my workaround. Credit to this Reddit comment for the basis of this writeup, and DomainConnect’s documentation for verifying the DNS records. Getting Started Requirements: A Microsoft 365 Personal or Family subscription A domain (tplant.