Information about joeware mixed with wild and crazy opinions...
https://thedfirreport.com/2020/10/08/ryuks-return/ This isn’t the first I have read about AdFind being used by bad actors, it won’t be the last. I first started hearing about AdFind being used in exploits and recon work roughly 2.5 or so years ago when IR teams and Security Researchers started emailing me about it and asking for hashes of […]
Thoughts? [Tue 08/18/2020 0:24:46.40] E:\DEV\cpp\vs\AdMod\Debug>adfind -f ou=tobedeleted -jsdenl AdFind V01.53.00cppBETA Joe Richards (support@joeware.net) July 2020 Using server: LO-DC4.lockout.test.loc:389 Directory: Windows Server 2019 (10.0.17134.1) Base DN: DC=lockout,DC=test,DC=loc dn:OU=tobedeleted,DC=lockout,DC=test,DC=loc [OWNER] LOCKOUT\Domain Admins [GROUP] LOCKOUT\Domain Admins [DACL] (FLAGS:INHERIT) [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];inetOrgPerson;;BUILTIN\Account Operators [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];computer;;BUILTIN\Account Operators [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];group;;BUILTIN\Account Operators [DACL] OBJ […]
Another common thing that people want to do from the command line with AdFind | AdMod is to clear the “Protect object from accidental deletion” setting that is implemented with a deny delete ACE on the object, specifically [DACL] DENY;;[DEL TREE][DEL];;;Everyone As mentioned previously, the Security Descriptor is a BLOB so you have to deal […]
I recently received an email of: <SNIP> I have a bunch of previously sensitive&protected accounts where I like to enable inheritance.. Is it possible to remove protected inheritance flag with admod? <SNIP> The quick answer to the direct question is yes, there is an easy way to turn inheritance back on for an arbitrary object […]
Out of curiosity how many people need to run my tools on pre-Windows Server 2008 machines? I.E. Windows 2000, XP, 2003, etc? I was just alerted this last week by a random Russian user that AdFind doesn’t run ON Windows Server 2003 X64. I did some testing and that is correct, in fact it won’t […]
While Microsoft put a weak “important’ rating on CVE-2020-0601 the NSA (yes that NSA) has called it critical and severe. And since they found it, I am going to lay my bets with them. Microsoft’s bulletin says it is code signing issues, NSA and others in the social media circles says it is much deeper. […]
So try two… When I updated the web pages last night, I apparently updated a page that didn’t have the newer download mechanism in it so ended up breaking the download for AdFind. So you have gotten to experience a nice unhappy face page instead when trying to download. That was corrected a few hours […]
The latest version of AdFind, V01.52.00, is now released. You can find it at http://www.joeware.net/freetools/tools/adfind/ If the website shows V01.51.00 then use CTRL-F5 to update your local browser cache. File information [Sat 01/11/2020 21:17:29.63]+ E:\DEV\cpp\vs\AdFind\Release>filever adfind.exe —– W32i APP ENU 1.52.0.5064 shp 1,619,968 01-11-2020 adfind.exe [Sat 01/11/2020 21:17:40.58]+ E:\DEV\cpp\vs\AdFind\Release>adfind -appver AdFind V01.52.00cpp Joe Richards […]
I have stripped out the debugdebugs and the expiration code as I am thinking at the moment that this will be the last build of V01.52.00 barring any bug reports that are serious enough to deal with… I will use it at work for a week and see if there are any issues and if […]
Looks like wordpress updated something… Everything has gone cuckoo! Edit: For some reason the color schemes and some of the displayed stuff is different for a logged in user versus a guest. Trying to sort it out. 🙂 Edit2: This should be all sorted out now, if things look weird, comment here. Rating 4.33 out […]
[joeware – never stop exploring… :) is proudly powered by WordPress.]
