Thursday, December 17, 2015

Another TechMentor done! (Orlando 2015)

TechMentor Orlando 2015 just sent me the feedback!

I think you should really consider putting Techmentor on your schedule if it's not there already! This time the event had double the amount of people compared to last year. Sessions were a bit more traditional 75 minute each. 

I presented four sessions so I kept my self busy :) Sessions were:

- Windows Internals Black Belt: Memory Management Thursday, November
- Windows Internals Black Belt: Security
- Windows 10 - The Important New Features
- Windows Internals Black Belt: Become a Troubleshooting Ninja

Some stats: (Average score by speakers at the conference in RED / My score in order listed above GREEN
1. Speaker Effectiveness: (1-5, 5=Excellent; 1=Poor)
a. Style and delivery 4.52  5.00, 4.97, 4.76, 4.94
b. Knowledge of subject 4.73 / 5.00, 4.97, 4.87, 4.94
c. Speaker open to my specific problems/questions 4.58 / 4.94, 4.93, 4.68, 4.85
2. Content Effectiveness: (1-5, 5=Excellent; 1=Poor)
a. Consistency with agenda description 4.60 / 5.00, 4.97, 4.79, 4.79
b. New information/update/clarification 4.52 / 5.00, 4.97, 4.79, 4.85
c. Met my expectations 4.43 / 5.00, 5.00, 4.74, 4.79
3. Your overall rating of this session: (1-5, 5=Excellent; 1=Poor) 4.49 / 5.00, 5.00, 4.79, 4.85
4. The level of the session was appropriate: (1. Yes 2. No) 1.05 / 1.00, 1.00, 1.00, 1.00
5. Would you recommend the session to others? (1. Yes 2. No) 1.08 / 1.00, 1.00, 1.03, 1.03
6. Did you feel this session was a product or corporate sales pitch? (1. Yes 2. No) 1.94 / 2.00, 2.00, 1.97, 1.91

 Sami is the best speaker. I have heard at TechMentor this year. He leaves me wanting more. You need to increase his track.
 Excellent session a lot of useful information covered.
 Great session. Should be longer sessions since there was a lot of information to cover.
 This presenter is awesome. Best presenter of the show easily !!!

 Sami is very good. He always has so much information, but needs more time.
 learned a lot! Extremely knowledgeable speaker. Very impressed with presentation!
 Absolutely great speaker! I learned so much very informative and entertaining.
 Very informative and well delivered presentation.
 Sami is the best speaker that I heard while here.
 Sami is top notch! The best information every time!
 very informative.
 Great presentation.
 Sami was awesome as expected.

 Great session, but needed a bigger room
 Presentation style is very appreciative. Kept me informed and wanting to know more. Applied real like
examples that I can relate to.
 Fantastic delivery.
 Most I have ever laughed while actually learning something.
 Great session very informative.
 Pragmatic big picture approach is a nice change.
 Good presentation on windows 10.
 Wonderful presentation style.
 "Best session so far
 Please Keep getting big names in the industry at this show"
 great presentation and engaging
 Learned about things that actually matter
 Great session.
 Sami is one of the greatest technical presenters I've ever seen. His presentations are always engaging and extremely informative.
 Hilarious!
 awesome presenter, kept the room going and interested from start to end.

 Damien was hilarious his delivery of Win10 new items made you laugh and curious at the same time. Great job Sami!
 Excellent content and presentation.
 Awesome content in this session.
 Sami is a great speaker. The topics discussed were very informative learned a lot and thoroughly enjoyed.
 Great speaker!
 Best speaker I ever heard.
 Sami has a fun and relaxed approach to highly technical material which makes the point very effectively.
 Very entertaining and full of information.
 Excellent class!
 One of the best so far.
 Fantastic session. Great speaker! I wish everybody I work with could experience this guy.
 Very funny speaker, relates well to his audience, humor and meaty system hacking stuff.
 wish we had more time.
 Well informed and leaving with knowledge I know I can used right away. Entertaining speaker. Always looking forward to attending his sessions.
 wish I had better screenshots or capture of demos. Sami is always a favorite. he needs a longer session.
 Great session!
 very engaging presentation. would definitely recommend the speaker and will look for his presentations in the future.
 Very good information.
 great session
 Wonderful session with great material.
 Not terrible. There have been worse and less useful sessions.
 There was not as much practical troubleshooting as I expected. The long segment about drivers seemed like a diversion.

 At this point Sami is hands down the best speaker here. Highly recommend you continue to bring him back

Wednesday, December 16, 2015

The Explainables - Case #1

I've heard about so many cases that are left Unexplained that I decided to publish a series called "The Explainables". If I get a chance I try to get a session like this to Ignite as well.

In this series I'll post cases that my students send me that they have solved by using the skills they learned on my classes.

The first one is from Robert Danielsson. Thank you so much for sending this. I hope you feel good being able to solve a case like this especially seeing the forums and how many haven't been able to troubleshoot it - that is until you came along :)



The Case

OS Windows Server 2012 / 2012 R2
We had a customer that had Backups that failed all the time on a Webserver
The Error message was these:

Event Source : MSMQ
Event ID: 2227
Failed backups,Backup failed during event OnPrepareSnapshot. Error 0x80070003
Also in vssadmin list writers the MSMQ writer is in failing state with time-out error.

I have tried it all,
* Add new disk for VSS Storage
* Reregistred VSS dll's
* Sfc /scannow
* Checkdisk
* Took recording with procmon on a system that worked with similar configuration and compared it with the system that had problem with no luck.
* Vacuum cleaning the internet on solutions but still no luck.

Going through the procmon recording now that I know what caused the problem I see that I have 1 entry that is causing the problem, 1 entry out of 100 000 :(

So if you have the time, do this on a Windows Server 2012 / 2012 R2
1. Install IIS
2. Move Default Website to another disk
3. Install WindowsBackup
4. Install MSMQ with all options
5. Backup Server
6. Examine the Application Log, you will now have the MSMQ 2227 event.

If you don’t have the time read the solution here :)

(My post is at the bottom ; Rodani)

Wish you a merry Christmas and hopefully I will attend on your course (Step 2 troubleshooting) in Stockholm next year.

Monday, December 7, 2015

Windows Security seminar in Tallinn!

On Thursday I did a 30 minute webinar on Hacking Windows and how to prevent it. I LOVE doing this and because I never get to showcase everything I know about the topic I finally found a partner that will let me do what I love for a WHOLE DAY :)

Please read along and let me tell you what that day will be about and what you will learn and be able to take home with you.

That's the link for my training on the 12th of February 2016. The Early-Bird price of 119€ will be available until the 20th of December 2015. There's also a group trip organized from Finland and if that interests you you can find out more here:

Now that NSA, Microsoft and Gartner have all stated that proactive security is a mandatory move for all companies and that keeping your end users to least privilege only - it's more than important that you see what I have to show you!

What I will go through as real life demonstrations:

  • Make sure you understand that reactive security like Antivirus is not enough to protect you anymore next year
    • How current malware works and how to fight against it
  • Pass-The-Hash and Pass-The-Ticket attacks
    • How to do this attack
    • How to block it with Windows 10 or Windows 7
    • How to correctly setup administrative accounts in a company
  • Attacking API's and why Runas-tools are unsecure
    • API Monitoring - Who to spy on API calls
    • How to do Runas the real way
  • How to get admin rights to a computer
    • How to attack an un-encrypted machine
    • How to attack a BitLocker protected machine
    • How to configure encryption correctly
  • How to get Domain Admin rights to a company
    • How to protect against admin level elevation
  • How to bypass BitLocker
    • How to prevent it
  • How to bypass UAC
    • How to correctly use UAC and why it's mandatory
  • How to abuse privileges
    • How to steal any logged on users identity
    • How to bypass all access control on files
  • How to bypass company policies
    • How to block Group Policy
    • How to fight against blocking policies
    • How to reach the principle of Least Privilege
  • How I protect my computer and networks
    • How to configure least privilege
    • How to configure whitelisting
Can't wait to see many of you in Estonia! A beautiful and inexpensive city to enjoy!