joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

10/28/2023

Welp, it was good for a while but…

by @ 2:50 pm. Filed under general

…Microsoft, you have become so damn annoying with Windows Defender and other things that I am looking to turn it off permanently because I, not you, gets to be the arbiter of what I want on my machine and if I say leave this on my machine, I shouldn’t have to retell you over and over and over and over again.

Not only that, I am now looking to completely replace my Windows Laptops with FreeBSD laptops. It brings me no joy to say that as a near 20 year Microsoft MVP but you always wanted us to be honest about when MSFT is doing a shit job and well… In many areas and in many ways, you are absolutely doing a shit job. If I can find a manufacturer that actually builds decent quality laptops that come pre-loaded and fully supported with FreeBSD, I will start buying them exclusively for my home. I will sill have virtual Windows servers for testing things for work until I find alternative solutions for that as well but I am likely going to be removing all Windows from my personal life.

In the meanwhile I am looking into this.

https://www.makeuseof.com/permanently-disable-microsoft-defender-windows-11/

Rating 4.33 out of 5

10/14/2023

AdFind V01.62.00 released

by @ 7:59 pm. Filed under general

I released V01.62.00 last night to fix a crash bug introduced in V01.61.00 from integrating some of the joe only private ldap query tool functionality because some of the core functionality was different enough to be problematic.

If you ran into that crash bug, my deepest apologies. Smile 

  joe

Rating 4.60 out of 5

10/8/2023

Final compiles for AdFind V01.61.00 and AdMod V01.28.00 and…

by @ 5:45 pm. Filed under general

I just performed the final compiles and final commits for AdFind V01.61.00, AdMod V01.28.00, and joe’s private LDAP query tool because MSFT has their head up their ass in going after AdFind and I need a tool around that doesn’t just disappear when they decide to take it because they know better than anyone else what should be allowed on Windows machines and casually ignore that AdFind has never caused any damage and that PowerShell is used regularly to harm companies. This tells you the level of intelligence going on in the MSFT Antimalware/Antivirus space. They could be redefining how Antimalware and Antivirus are handled but clearly have no one smart enough to do it. If they ran the rest of the world there would be no pressure cookers, cars, bats, knives, guns, sticks, or rocks.

I should have the new versions of AdFind and AdMod up on the website in the next 1-7 days I expect.

   joe

Rating 4.67 out of 5

Bard learns better than most people.

by @ 12:19 pm. Filed under general

image

image

image

Rating 4.33 out of 5

Microsoft AI should probably replace the folks over at Microsoft Defender Analysis

by @ 12:04 pm. Filed under general

image

The first bit is of course wrong, AdFind cannot bypass any security in place.

The second bit is of course right, AdFind is not malware despite what Windows Defender says. I expect this goes back to some person at Microsoft who doesn’t understand what software is nor how it works and has never, on their own, ever produced anything of value that people liked to use. Smile

Rating 4.50 out of 5

9/18/2023

Nara is blogging now!

by @ 9:31 pm. Filed under tech

My good friend, former coworker, and someone I trained for several years on the topics of Active Directory, Windows, and just troubleshooting the world at scale with basic fundamentals is now blogging the cool and fun stuff he is digging into which is usually a mix of Windows, AD, Azure AD (ok Entra ID), and GCP. You can check him out at

https://blog.naraware.net

Tell him I said hi! 🙂

joe

Rating 4.20 out of 5

5/6/2023

New Versions of AdFind and AdMod Posted

by @ 6:59 pm. Filed under tech, updates

I know I know, I have said this a few times, I will not be building new versions of AdFind / AdMod and releasing them, but here I am again, releasing new versions of AdFind/AdMod.

Note, AdFind is STILL not malware, regardless of what any security tool or security “expert” says. If your company blocks the download or running of it, go talk to your Security folks and tell them to stop it because the tool isn’t dangerous. In fact, if they want to block something, tell them to block PowerShell, that is actually dangerous.

Check out their individual download pages for the changes. Mostly bug fixes though I have started adding some more Red Hat IPA decodes (time decodes) to AdFind. If you see issues, let me know, my previous test bed is now unavailable and I haven’t built a new one yet.

If your browser won’t download it, check out https://blog.joeware.net/2023/02/22/6166/

Rating 4.67 out of 5

4/29/2023

And we are back…

by @ 12:21 pm. Filed under general

I am not entirely sure what happened but it took out the blog for a few days, looks like from 2023-04-24T155831 until just a few minutes ago as I troubleshot the operation. I didn’t realize there was a problem until yesterday at work I went looking for a specific post to send to someone and it said, yeah no, not today. I spent roughly an hour this morning working on it. If you run into it not working, feel free to email me at support@joeware.net to alert me.

I tracked the issue down to an included file in .user.ini (the file hasn’t changed since December 2022). The path listed there for an include file was wrong (extra duplicated folder in the path /hermes/walnacweb04/walnacweb04 vs /hermes/walnacweb04) and I would have expected that to break back in December. I am guessing there was some back end file system shuffling going on that I am not privy too (Someone Else’s Servers) nor alerted about being mucked with. Thankfully (thanks entirely to me) I know how to troubleshoot functionally and am not limited to, like so many, troubleshooting by asking everyone what changed in their areas.

When I first looked, none of the startup type files had been changed in some time so I created a new test index.php with a simple print “Hello world”; and it also errored out so I theorized it was something being auto-included and had to go looking for what it could possibly be. Generally speaking, I am not happy to see any kind of deep hardcoded paths like that, why doesn’t it handle it in a more dynamic way where the only hardcoding is at the level that I manage… So up in the /joeware.net/blog/htdocs level.

Anyway, apologies to anyone out there that came here looking for something and was disappointed because the site was down. I don’t get paid for this but I do try to keep it running because I see the amount of usage the site has, still has.

  joe

Rating 4.67 out of 5

4/23/2023

Live HIP is coming to you in NYC in August AND IT IS FREEEEEE!

by @ 12:39 pm. Filed under general, tech

Be there or be square, sign up fast!!!

https://www.accelevents.com/e/hip-global-2023?aff=MC

For those of you who remember the glorious days of DEC and TEC, HIP is that but v2. Many of the same old faces and some fun new ones to boot.

I would love to be there myself but I was already booked from last year to be somewhere else the week of August 23rd/24th so I had to bail, HOWEVER, one of my engineers will be there presenting some cool stuff on Security Descriptors that you may find very interesting (I would love to hear back the feedback after the fact so I can tweak my mentoring/training as needed).

HIP is put together by Semperis which I have mentioned before is one of the ONLY vendors out there that I will evangelize/stump for because I know much/most of the high level folks in that company and likely so do you if you spent time back in the day going to DEC/TEC conferences. Extremely bright and helpful people, all of them. They also have a FREE bad ass powerful AD Indicator of  Exposure tool called Purple Knight that is great. I have been using it for a couple of years now for testing things and for telling people to download and use to tighten up their security or after someone has been breached to see if they can sort out the AD specific persistence methods. I keep meaning to write up an extensive post on it because it is so good and cool but I keep getting tied up with other stuff. But trust me, it is damn cool and anyone running AD now a days DEFINITELY needs it to look over their environment. When I first ran it was surprised by how detailed it was, and then I did my joe thing and I spent a good amount of time going through the report line by line writing up input for Semperis to make it even better. Running this tool is like having some of the best people in the industry looking your Active Directory over for problems. Download it, run it. https://www.purple-knight.com/

And again, if you can get to NYC in August, go to HIP. You will not regret that time at all and if I ever have helped you with my tools or information I have freely shared for the last couple of decades, please go just to cheer on my engineer. Smile 

   joe

P.S. I am polishing up some final updates on AdFind and AdMod so should be releasing within a month or maybe two. That engineer I mentioned found a record 3 bugs in AdMod in one day that I had to deal with and 4 that one week. That is the level of intelligence in play.

Rating 4.71 out of 5

4/5/2023

joeware isn’t malware. Google says so.

by @ 11:30 pm. Filed under general

2023-04-05-joeware-not-malware-google

Rating 4.60 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]