Attack Computer Wiz

A Security & Technology Weblog

From their website:

"The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations."

A discounted training voucher can be found at the below link, limited time only:

user Posted by John "Mike" Wright

| More

In some cases users in an Active Directory environment may see repeated lockouts after a recent password change. This is commonly associated with forgetting their new password, forgetting that they are logged onto another machine or server somewhere, or their old credentials are cached.

If after you have rebooted the machine, checked domain logs to try to figure out where accounts may be logged in, deleted Temporary Internet Files and you are at your whits end, cached credentials may likely be your culprit.

On your affected machine, run the blow command and delete any cached credentials that appear. This would especially be relevant if you are using a Proxy server.

rundll32.exe keymgr.dll, KRShowKeyMgr

user Posted by John "Mike" Wright

| More

System Center Endpoint Protection (SPEC) may not install via SCCM policy if a conflicting application exists and cannot be uninstalled. This is commonly associated with an existing Antivirus application.

In order to find what the conflict is;

  1. Open regedit 
  2. Navigate to \HKLM\SOFTWARE\Microsoft\CCM\EPAgent 
  3. Look at “StateEventMessage” where you will find a message similar to the below:
System Center Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was unable to remove one or more programs that conflict with System Center Endpoint Protection. To install System Center Endpoint Protection you must manually uninstall the following programs and then run the wizard again. Error code:0x80041108. Programs: Trend Micro OfficeScan Client

In this example, the Trend Micro OfficeScan Client was installed and for whatever reason, SCEP could not remove it. At this point you will need to manually remove the conflicting application and re-initiate a policy refresh to the SCCM server.

Navigate to Control Panel, open the Configuration Manager client, clicked on the Actions tab, and force each action to run.

After a while the new SCEP icon will appears as expected.

user Posted by John "Mike" Wright

| More

Open an elevated Command Prompt and type the appropriate lines for your need.

Replace FQDN with the Fully Qualified Domain Name of your KMS server:

Windows 7, Windows 8, Windows 8.1, Server 2008/2008R2 and Server 2012/2012R2:

  1. CD \Windows\System32 
  2. cscript slmgr.vbs /skms FQDN 
  3. cscript slmgr.vbs /ato 

Office 2010 32 bit

  1. CD \Program Files (x86)\Microsoft Office\Office14 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 
Office 2010 64 bit

  1. CD \Program Files\Microsoft Office\Office14 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 
Office 2013 32 bit

  1. CD \Program Files (x86)\Microsoft Office\Office15 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 

Office 2013 64 bit

  1. CD \Program Files\Microsoft Office\Office15 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act
If your product is still not activating, you may have KMS configuration issues. A good place to start looking for problems is to run the below command on the same machine that you ran the above commands. This will tell you when and what KMS server your client is trying to activate.

  1. cscript ospp.vbs /dhistoryacterr

user Posted by John "Mike" Wright

| More

Here is the registration link:

Use one of the codes below to get your free Expo only pass. Be sure to visit the vendor whose code you used.

I will be updating them as I get them.

Duo Security - Booth #2518 - EC4DURY
F5 Networks - Booth #1801 - EC4F5NET
Proofpoint - Booth #1527 #520 and #3615 - SC4PROOFB or EC4PROOFE
APCOM - Booth # 632 - EC4APCON
OPSWAT - Booth #2531 - EC4PSWT

user Posted by John "Mike" Wright

| More