Top 10 Things You Can Do to Protect Your Computer from Ransomware

Photo by Andrea Piacquadio on Pexels.com

Introduction

Ransomware is a type of malicious software that encrypts your files and demands payment in exchange for the decryption key. It can cause significant damage to your computer, data, and personal information. In this blog post, we will discuss the top ten things you can do to help protect your computer from ransomware attacks.

Step 1: Keep Your Software Updated
One of the most effective ways to prevent ransomware infections is to keep all your software up-to-date. This includes operating systems, browsers, antivirus programs, and other applications. Regular updates often include security patches that fix vulnerabilities exploited by cybercriminals.

Step 2: Use Strong Passwords
Using strong passwords with a combination of uppercase letters, lowercase letters, numbers, and special characters can significantly reduce the risk of ransomware attacks. Avoid using easily guessable or commonly used passwords such as “password” or “123456.”

Step 3: Install an Antivirus Program
Installing a reputable antivirus program on your computer can help detect and remove ransomware before it has a chance to infect your system. Make sure to regularly update the antivirus software and scan your computer for any potential threats.

Step 4: Be Careful When Downloading Files
Avoid downloading files from untrusted sources, especially executable files or attachments from unknown senders. These files may contain ransomware or other harmful malware.

Step 5: Backup Your Data Regularly
Regularly backing up your data can help ensure that you have access to important files even if they become encrypted by ransomware. Consider using cloud storage services or external hard drives to store backups.

Step 6: Enable Two-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or phone call, in addition to your password.

Step 7: Be Wary of Phishing Scams
Phishing scams are attempts by cybercriminals to trick users into providing sensitive information like usernames, passwords, and credit card details. Always be cautious when clicking on links or opening emails from unfamiliar senders.

Step 8: Use a Firewall
A firewall helps monitor incoming and outgoing network traffic, blocking unauthorized connections and preventing ransomware from spreading across your network. Ensure that your firewall is enabled and configured correctly.

Step 9: Educate Yourself About Ransomware
Stay informed about current ransomware trends and tactics by reading news articles, attending cybersecurity workshops, and participating in online forums. Knowledge is power when it comes to protecting yourself against ransomware attacks.

Step 10: Consult With a Professional
If you’re unsure about how to implement these measures or need assistance with managing your cybersecurity, consider consulting with a professional IT consultant or cybersecurity expert. They can provide personalized advice tailored to your specific needs and help ensure that your computer remains protected from ransomware attacks.

Conclusion

Protecting your computer from ransomware requires a multi-faceted approach that involves keeping your software updated, using strong passwords, installing antivirus software, being careful when downloading files, regularly backing up your data, enabling 2FA, being wary of phishing scams, using a firewall, educating yourself about ransomware, and seeking professional help. By following these steps, you can significantly reduce the risk of falling victim to ransomware attacks and safeguard your valuable data and assets.

Incident Response Steps after a Data Breach

Data breach announcements seem to be quite common these days, with a cyber-attack an inevitable part of running almost any business. It is an often-quoted statistic that companies without a policy in place for a post-attack recovery have a 60% chance of going out of business in the six months following an event.

The important thing you can do today is prepare for the various types of cyberattacks and plan your response to a successful ransomware, data breach, or social engineering attack before it actually happens. As you attempt to plan your response to these attack scenarios, you’ll have a better idea if your environment can support the ability to identify and contain the threat as well as how you plan to recover control over your customer and employee data. If you have doubts about the ability of your team to operate during an attack, now is the time to resolve any issues and start training for the inevitable. Continue reading “Incident Response Steps after a Data Breach”

LevelDB and Chromium Browsers

LevelDB is a fast and lightweight key-value storage library that is used by many applications, including web browsers. In this blog post, we will briefly explain how LevelDB is used with Chrome and Edge browsers in Windows 10, and what benefits it provides to locating user data.

How it Works

Chrome browsers, including the Microsoft Edge browser, is based on Chromium. Chromium is the open-source project behind Google Chrome. Chromium uses open source LevelDB to store various types of data, such as bookmarks, history, cookies, cache, extensions, and more. LevelDB stores data in files called SSTables, which are organized in a hierarchical structure called LSM-tree. LevelDB also uses a write-ahead log (WAL) to ensure data durability in case of crashes or power failures.

One of the advantages of using LevelDB is that it supports fast and concurrent reads and writes, thanks to its efficient data structure and compaction algorithm. LevelDB also supports compression, encryption, and snapshots, which can reduce disk space usage, enhance security, and provide consistent views of the data.

Another advantage of using LevelDB is that it is cross-platform and portable. LevelDB works on Linux, Mac OS, Windows, FreeBSD, Android, iOS, and web browsers. It also supports Node-API, which means it can work with any future Node.js and Electron release. This makes LevelDB a universal and versatile storage solution for web applications.

Not just web browsers are using LevelDBs. Any application that uses the Chromium engine will also be storing data in files. This includes things built by multiple application frameworks including Electron and Qt. Some of the more popular applications that use Chromium as part of the software are:

• Microsoft Teams
• Slack
• Discord
• Signal
• WhatsApp (dedicated app, not Windows Store variant)

Forensic Utility

So now we have established that user data exists in a LevelDB database located on the user’s workstation, now we have to determine where on the disk drive this data is located and how to access the details of this data in human-readable format.

Once you locate a target folder, you’ll know it has a LevelDB by examining the file structure, since it will always look something like this:

You’ll see LevelDB is an on-disk key-value store where the keys and values are both arbitrary blobs of data. Each LevelDB database is located in a folder on the file system. The folder will contain some combination of files named “CURRENT”, “LOCK”, “LOG”, “LOG.old” and files named “MANIFEST-######”, “######.log” and “######.ldb” where ###### is a number showing the sequence of file creation (higher values are more recent). The “.log” and “.ldb” files contain the actual record data; the other files contain metadata to assist in reading the data in an efficient manner.

When data is initially written to a LevelDB database by the application (Google Chrome, Microsoft Edge, Microsoft Teams, etc.) it will be added to a “.log” file. The process of writing data to LevelDB could be adding a key to the database, changing the value associated with a key or deleting a key from the database. Each of these actions will be written to the current log as a new entry, so it is quite possible to have multiple entries in the log related to the same key. Each entry written to LevelDB is given a sequence number, which means that it is possible to track the order of changes to a key and recover keys that have been deleted.

Simply put, as the target application is used, the data is updated in a series of different LevelDb files. If the user is using a Chromium-based browser, there activity is recorded in various folders that are used to store browser history, stored passwords, extension data, browser notifications, etc.

The basic problem is these files will not be in human-readable format. You might open a file using Notepad and see some of the data, but you’ll not see all the data. The data is stored and compressed for speed, not so you can see the contents outside of the application using the data.

You can get LevelDB readers from multiple sources, but you’ll have to determine which reader suits your style and scenario best. Just search for “leveldb file reader” to help find a reader that works for you, but there are a few options available:

1. leveldb.net: This project provides .NET bindings to LevelDB and aims to make it work well on Windows. It allows you to interact with LevelDB databases using .NET. You can create, read, and write data to a LevelDB database.
2. DBViewer: While not specifically for Windows, DBViewer is a simple viewer written in C# to read LevelDB databases created by Minecraft: Bedrock Edition. Keep in mind that it runs only on Windows x64 platforms.
3. Leveldb-py: If you’re interested in viewing LevelDB databases using Python, check out Leveldb-py. It allows you to dump LevelDB data to a SQLite database or a CSV file.

Technical Details

If you want to know more about how the file structure is created and managed by LevelDB, this article is a good source of details.

There is a good series of articles here discussing some details around what files to look at and how to read the data.

As you re poking around looking for Chrome data, you’ll want to start here:

C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default

If you want to look for Edge data, you’ll want to start here:

C:\Users\<username>\AppData\Local\Microsoft\Edge\User Data\Default

As you start poking around, you’ll find there is a lot of available data around user activity that should be helpful in tracking user browser activity and even browser configuration.

 

Enabling Priority Accounts in O365

If you are an Office 365 administrator, you may want to enable Priority Accounts for some of your users. Priority Accounts are a feature that allows you to prioritize the delivery and protection of email messages for your most important or sensitive users, such as executives, VIPs, or key decision-makers. In the future, more apps and features will support priority accounts, and to start with, Microsoft has announced two capabilities: priority account protection and Exchange Online priority account monitoring including premium mail flow monitoring.

• Priority account protection – Microsoft Defender for Office 365 supports priority accounts as tags that can be used in filters in alerts, reports, and investigations.

A natural question might include “Aren’t all users a priority? Why not designate all users as priority accounts?” Yes, all users are a priority, but priority account protection offers the following additional benefits:

• • Additional heuristics: Microsoft analysis of mail flow in the Microsoft datacenters indicates that mail flow patterns for company executives are different than the average employee. Priority account protection offers additional heuristics that are specifically tailored to company executives that wouldn’t benefit a regular employee.
  • Additional visibility in reporting: In effect, information for all users (or all affected users) is already available in alerts, reports, and investigations. The priority accounts tag as a filter allows you to specifically target your investigations.
• Exchange Online priority account monitoring (note license requirements) – Making sure core functionalities of Exchange Online run smoothly is important for priority account users. Scenarios such as Exchange licensing, Mailbox storage, Message limit, subfolders per folder, folder hierarchy and recoverable items can be monitored.
• Premium Mail Flow Monitoring (note license requirements) – Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts.

Continue reading “Enabling Priority Accounts in O365”

10 Steps to Stopping Lateral Movement Attacks

 

It is estimated that over 75% of cyber-attacks come from outside your network. While every attack is unique and tactics may vary, the basic stages of an outsider attack are similar. During the attack, an attacker uses four basic steps to gain a foothold in your environment.

1. Attack the perimeter – Gain access through any perimeter protections to gain access to the internal resources of the network, like a user’s computer or a server-based resource on the internal network. This can be accomplished using a known vulnerability, or by convincing the user to run a program from an email link or attachment.
2. Malware Drop – Once they have access to an internal resource, they drop malware onto the endpoint and begin external communications to the compromised device, usually though a command-and-control system. Using the permissions of the current user, they gather intelligence about the network and attempt to elevate their permissions on that endpoint.
3. Lateral Movement – They now start looking for resources on other systems on the same internal network. As new systems are discovered, they are also compromised and start communicating with the attackers. They gather even more intelligence and try to elevate their permissions on all compromised systems. This effort can take days or months to complete.
4. Trigger Payload – Once your network and systems are owned by the attacker, they start exfiltrating and/or encrypting the files on the compromised internal resources. Game Over.

There are some common mitigation strategies your organization can implement to help prevent lateral movement (step 3 shown above) during an attack. You won’t always detect the initial compromise of an internal resource, but you can limit the damage that can be inflicted by implementing some basic security steps.

Here are 10 Steps to a reducing a lateral movement attack:

Continue reading “10 Steps to Stopping Lateral Movement Attacks”

Preventing a Database Breach

Photo by Sora Shimazaki on Pexels.com

One of the hardest things to do is prevent something from happening when you don’t know when it might happen or who will try to make it happen. As a Database Administrator, you have to be aware that a data breach might happen and take all reasonable precautions to prevent it from happening. According to the 2016 study by IBM, 60% of database attacks are insiders (people using approved network credentials) looking to access or steal corporate data.

There are some basic steps you should execute to help prevent unauthorized access to your database environment.

1. Enforce Privileges – As an employee starts their tenure at a company, they are usually given the exact correct privileges for their position. The longer the employee is with a company, the correct privileges start to vary from the effective privileges, until eventually the employee has the wrong access privileges.  You need to make sure those initial access rights are correct from day one, and that you periodically review the access rights for every employee. If there is any question about the correct privileges, you should contact their supervisor and document the correct level of access.
2. Database Discovery – People are busy, and don’t always pay attention when new database instances are created. The people who manage the databases are often not the people who install the software, so this can lead to an environment where there are unauthorized or poorly configured database instances. Database discovery is a crucial first step for avoiding security issues, so you should scan your environment for new database instances as often as possible. The amount of change in your environment will dictate how often you should search for new database instances, but the minimum is annually.
3. Connection Encryption – Encrypting the connection between the user and the database can help prevent man-in-the-middle attacks.
4. Strong Password – You should expect the same password strength for your databases as you expect on the network. If possible, use Windows Authentication instead of SQL Server Authentication. This will help enforce the same password strength as your network password, and you must verify that the network settings are using best practice strength requirements.
5. Detect Compromised Credentials – It is estimated that 60% of companies cannot detect compromised credentials, based on a study by solution vendor Rapid7. Since authorized individuals use databases in a predictable way, abnormal or unauthorized access will be detected and you can be alerted.  There are security appliances that can catch unusual or unwanted user access based solely on algorithm analysis, preventing a possible data breach.

Free Download: SQL Server Management Studio 19.2

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

Microsoft has announced the latest release of SQL Server Management Studio (SSMS) in November as a free download. SSMS 19.2 is now available.

Get it here:

Download – The version number for the latest release is 19.2.56.2

New in this release

New Item	Details
Azure Data Studio installation integration	The installation of SSMS installs Azure Data Studio 1.47.0.
Always Encrypted	Added support for secure enclaves with Azure SQL Database in the New Database dialog, Database Properties dialog, and Always Encrypted Wizard.
Always Encrypted	Improved performance for the Always Encrypted Wizard.
Azure SQL Managed Instance	Added the Page Verify database option on the Options page within Database Properties.
Client Drivers	Updated SSMS to use the latest driver versions for MSODBCSQL.MSI (17.10.5.1) and MSOLEDBSQL.MSI (18.6.7). The inclusion of these new versions could require users who also have older versions of the drivers to reboot after installing SSMS 19.2.
Connection	References to Azure Active Directory (Azure AD) updated to Microsoft Entra.
Connection	Updated F1 links for the Always Encrypted and Additional Connection Parameters pages in the Connection dialog.
Extended Events	Added support for Watch Live Data for event sessions created in Azure SQL Database and Azure SQL Managed Instance. For Azure SQL Database, you must specify the database name in the Connect to database field in the Connection Properties tab of the Connection dialog. The ability to Watch Live Data is currently in preview.
Extended Events	Introduced ability to use the XEvent Profiler for Azure SQL Database. For Azure SQL Database, you must specify the database name in the Connect to database field in the Connection Properties tab of the Connection dialog. The ability to use XEvent Profiler is currently in preview.
Extended Events	Exposed the histogram target for event sessions in Azure SQL Database.
Import Flat File	Updated Import Flat File wizard to improve file encoding detection.
General	Introduced on-demand logging of Azure API calls from SSMS enabling customer-facing monitoring and troubleshooting for Azure-connected features, which can be accessed within Tools -> Options -> Output Window.
General	Updated Help -> Technical Support and Help -> Send Feedback to direct to appropriate links.
Ledger	Added support for creating a Ledger database in Azure SQL Managed Instance.
Link feature for Azure SQL Managed Instance	Improved wizard for performing failover on Managed Instance link. Supports unidirectional failover to Azure and bi-directional failover between SQL Server 2022 and Azure SQL Managed Instance.
Link feature for Azure SQL Managed Instance	Improved wizard for creating the link between SQL Server and Azure SQL Managed Instance. Supports link creation from SQL Server to Azure SQL Managed Instance and from Azure SQL Managed Instance to SQL Server 2022.
Link feature for Azure SQL Managed Instance	Improved wizard for testing connectivity between SQL Server and Azure SQL Managed Instance. Creates a temporary testing endpoint if none exists and can be invoked from a database replica on either SQL Server or Azure SQL Managed Instance.
Link feature for Azure SQL Managed Instance	Always On High Availability menu is now available in Object Explorer for Azure SQL Managed Instance and lists established Managed Instance links.
Linked servers	Introduced Azure SQL resources browser in linked servers wizard facilitating linked servers setup for Azure SQL Managed Instance.
Object Explorer	Reduced load time for the New Database dialog in Azure SQL Database.
Object Explorer	Added support for the External File Format node under External Resources node for Azure SQL Database.
Query Editor	Introduced connection pooling for Intellisense to reduce the number of new connections made and keep connections open between refreshes.
SSIS	The IS Deployment Wizard now supports the Microsoft Entra Interactive Authentication Login method for Project Deployment.

Continue reading “Free Download: SQL Server Management Studio 19.2”

Securing Active Directory Accounts

Photo by Andrea Piacquadio on Pexels.com

Active Directory is a directory service that manages user accounts and other resources on a network. It is important to secure Active Directory user accounts to prevent unauthorized access, data breaches, and identity theft. In this blog post, we will describe the step-by-step process to secure Active Directory user accounts using best practices and tools.

Step 1: Enforce strong password policies. Passwords are the first line of defense for user accounts, so they should be complex, long, and unique. You can use the Group Policy Management Console (GPMC) to configure password policies for your domain, such as minimum length, complexity, history, and expiration. You can also use third-party tools to generate and manage strong passwords for your users.

Step 2: Enable multi-factor authentication (MFA). MFA adds an extra layer of security to user accounts by requiring a second factor of verification, such as a code sent to a phone or email, a biometric scan, or a hardware token. MFA can prevent attackers from accessing user accounts even if they have the password. You can use the Azure Active Directory (Azure AD) portal to enable MFA for your users, or use third-party solutions that integrate with Active Directory.

Step 3: Limit administrative privileges. Administrative privileges allow users to perform tasks such as creating, modifying, and deleting other user accounts, groups, and policies. These privileges should be granted only to trusted and trained users who need them for their job functions. You can use the principle of least privilege (PoLP) to assign the minimum level of access required for each user role. You can also use the Active Directory Administrative Center (ADAC) to create and manage administrative groups and roles.

Step 4: Monitor and audit user activity. Monitoring and auditing user activity can help you detect and respond to suspicious or malicious actions, such as unauthorized logins, password changes, or account modifications. You can use the Event Viewer or the Audit Policy tool to configure and view audit logs for your domain controllers and user accounts. You can also use third-party tools that provide advanced features such as real-time alerts, reports, and dashboards.

Step 5: Implement backup and recovery plans. Backup and recovery plans can help you restore your Active Directory environment in case of a disaster, such as a hardware failure, a ransomware attack, or a human error. You can use the Windows Server Backup tool or the Active Directory Recycle Bin to backup and restore your domain controllers and user accounts. You can also use third-party tools that offer more options and flexibility for backup and recovery.

By following these steps, you can secure your Active Directory user accounts and protect your network from potential threats. For more information and guidance on Active Directory security, you can visit the Microsoft Docs website.

Ransomware Response Procedures

Ransomware is a type of malicious software that encrypts your files and demands a ransom to restore them. It can cause serious damage to your data, your privacy and your finances. If you discover that your computer has ransomware, you need to act quickly and follow these 10 steps:

1. Disconnect your computer from the internet and any other devices. This will prevent the ransomware from spreading to other machines or contacting its command-and-control server.
2. Identify the type and variant of ransomware that infected your computer. You can use online tools such as ID Ransomware or other reputable sites to upload a ransom note or an encrypted file and get information about the ransomware.
3. Check if there is a decryption tool available for the ransomware that infected your computer. Some security researchers and companies have created free tools that can decrypt some types of ransomware. You can find a list of such tools on various security-related websites, like Avast, Emsisoft, Kaspersky, McAfee, Trend Micro, or other solutions.
4. If there is no decryption tool available, try not to pay the ransom. It may not be possible to recover the encrypted files, so you may feel the need to pay the ransom. Paying the ransom does not guarantee that you will get your files back, and it may encourage the attackers to target you again. Moreover, you may be breaking the law by funding criminal activity.
5. Remove the ransomware from your computer. You can use an antivirus or anti-malware program to scan your computer and remove any traces of the ransomware. You may need to boot your computer in safe mode or use a bootable USB drive to run the scan.
6. Restore your files from a backup, if you have one. The best way to recover from a ransomware attack is to have a backup of your important files that are stored offline or on a separate device. If you have such a backup, you can quickly restore your files after removing the ransomware from your computer.
7. Change your passwords and enable multi-factor authentication. The ransomware may have stolen your credentials or installed a keylogger on your computer, so you should change your passwords for all your online accounts and enable multi-factor authentication where possible.
8. Update your operating system and applications. The ransomware may have exploited a vulnerability in your software to infect your computer, so you should update your operating system and applications to the latest versions and apply any security patches.
9. Educate yourself and others about ransomware prevention. The best way to avoid ransomware is to prevent it from infecting your computer in the first place. You should learn how to recognize phishing emails, avoid clicking on suspicious links or attachments, and use reputable security software.
10. Report the incident to the authorities and seek professional help if needed. You should report the ransomware attack to the relevant authorities in your country or region, as they may be able to assist you or investigate the attackers. You should also seek professional help from a trusted IT expert or a security company if you need assistance with removing the ransomware or recovering your files.

5 Tips to Secure Digital Devices in High-Risk Situations

Traveling to a high-risk area can expose your electronic devices to hacking or data theft risks. Here are five recommended steps to secure your devices and protect your sensitive information.

1. Back up your data before you travel – Make sure you have a copy of your important files and documents in a secure cloud service or an external hard drive. Don’t bring the backup to the risky area, which will help preserve a copy of critical data if your data so you can restore your data if your device is lost, stolen, or compromised.
2. Encrypt your devices and use strong passwords – Encryption is a process that scrambles your data and makes it unreadable without a key or a password. You can encrypt your entire device or specific folders and files. Use a strong password that is hard to guess and different for each device and account. You can also use a password manager to store and generate passwords securely.
3. Disable or remove unnecessary features and apps – Some features and apps on your devices can make you more vulnerable to hacking or data theft. For example, Bluetooth, Wi-Fi, GPS, and NFC can be used to track your location or access your data without your permission. Disable or remove these features and apps when you are not using them or when you are in a public place.
4. Use a VPN and avoid public Wi-Fi networks – A VPN (virtual private network) is a service that creates a secure connection between your device and the internet. It encrypts your data and hides your IP address, making it harder for hackers or third parties to intercept or monitor your online activity. Avoid using public Wi-Fi networks, such as those in hotels, airports, or cafes, as they are often unsecured and can expose your data to hackers or malicious software.
5. Be vigilant and cautious – The most important step to secure your devices is to be aware of the potential risks and take precautions to avoid them. Do not leave your devices unattended or lend them to strangers. Do not open suspicious emails or attachments or click on unknown links. Do not download or install software from untrusted sources. Do not enter sensitive information on websites that are not secure (look for the padlock icon and https in the address bar). If you notice any signs of hacking or data theft, such as unusual activity, pop-ups, or messages, disconnect from the internet and scan your device for malware.

Disabling or Uninstalling Unnecessary Services and Apps in Windows 10

Windows 10 is a powerful and versatile operating system that offers many features and functionalities. However, not all of them are necessary or useful for every user. In fact, some of the services and apps that come preinstalled or run in the background can pose security risks or slow down your system performance.

In this blog post, we will describe which unnecessary services and apps you should disable or remove from Windows 10 for security reasons. We will also explain how to do it safely and easily.

What Are Windows Services?

Windows services are programs that run in the background and provide essential functions for the operating system, such as networking, security, printing, etc. They usually start automatically when you boot up your computer and run until you shut it down.

What Are Windows Apps?

Windows apps are applications that you can install from the Microsoft Store or other sources. They are designed to work with the modern user interface of Windows 10 and offer various functionalities, such as games, productivity tools, social media, etc.

Why Should You Disable or Remove Unnecessary Services and Apps?

There are several reasons why you may want to disable or remove unnecessary services and apps from Windows 10:

• Security – Some services and apps may have vulnerabilities that can be exploited by hackers or malware. For example, the Remote Desktop service can allow remote access to your computer if it is not configured properly. The Bluetooth service can expose your device to wireless attacks if you don’t use it. Some apps may also collect your personal data or display unwanted ads.
• Performance – Some services and apps may consume a lot of system resources, such as CPU, RAM, disk space, etc. This can affect your system speed and responsiveness, especially if you have a low-end device or multiple programs running at the same time.
• Privacy – Some services and apps may send your data to Microsoft or other third-party servers for various purposes, such as diagnostics, feedback, advertising, etc. This can compromise your privacy and expose your online activities to others.
• Storage – Some services and apps may take up a lot of disk space on your device, especially if they are rarely used or updated. This can limit your available storage space for other files and programs.

Which Services and Apps Should You Disable or Remove?

Continue reading “Disabling or Uninstalling Unnecessary Services and Apps in Windows 10”

10 Steps to Securely Configuring Windows 10

Windows 10 is the most popular operating system in the world, but it also comes with some security risks. If you want to protect your data and privacy, you need to configure Windows 10 for security. Here are 10 steps you can follow to make your Windows 10 more secure.

1. Update Windows 10 regularly – Windows 10 updates often include security patches and bug fixes that can prevent hackers from exploiting vulnerabilities in your system. To check for updates, go to Settings > Update & Security > Windows Update and click on Check for updates. If there are any available updates, install them as soon as possible.
2. Use a strong password and a PIN – A strong password is one that is long, complex, and unique. It should include a mix of uppercase and lowercase letters, numbers, and symbols. A PIN is a four-digit code that you can use to unlock your device instead of typing your password. To set up a password and a PIN, go to Settings > Accounts > Sign-in options and choose Password and PIN. Make sure you don’t use the same password or PIN for other accounts or devices.
3. Enable BitLocker encryption – BitLocker is a feature that encrypts your hard drive, making it unreadable to anyone who doesn’t have the right key. This can protect your data in case your device is lost, stolen, or hacked. To enable BitLocker, go to Settings > System > About and click on Device encryption. If your device supports BitLocker, you will see a Turn on button. Click on it and follow the instructions.
4. Use Windows Defender Firewall and antivirus – Windows Defender Firewall is a feature that blocks unauthorized network connections, preventing hackers from accessing your device or data. Windows Defender antivirus is a feature that scans your device for malware and removes any threats. To use Windows Defender Firewall and antivirus, go to Settings > Update & Security > Windows Security and click on Firewall & network protection and Virus & threat protection. Make sure they are both turned on and up to date.
5. Enable two-factor authentication – Two-factor authentication is a feature that adds an extra layer of security to your online accounts. It requires you to enter a code or use an app on your phone after entering your password, verifying your identity. To enable two-factor authentication, go to Settings > Accounts > Sign-in options and click on Security key or Windows Hello. Follow the instructions to set up your preferred method of two-factor authentication.
6. Use a VPN service – A VPN service is a feature that encrypts your internet traffic, hiding your IP address and location from prying eyes. This can protect your privacy and security when you use public Wi-Fi or access geo-restricted content. To use a VPN service, you need to download and install a VPN app from the Microsoft Store or a trusted website. Then, launch the app and connect to a server of your choice.
7. Disable unnecessary services and apps – Some services and apps that come with Windows 10 may not be essential for your needs, but they can consume resources and pose security risks. To disable unnecessary services and apps, go to Settings > Apps > Apps & features and click on the service or app you want to uninstall or modify. You can also go to Settings > Privacy and review the permissions that each app has access to.
8. Use a secure browser and extensions – A secure browser is one that protects your online activity from trackers, ads, and malicious websites. A secure extension is one that enhances the functionality of your browser without compromising your security or privacy. To use a secure browser and extensions, you can choose one of the following options:
   • Use Microsoft Edge, which is the default browser for Windows 10. It has features like SmartScreen, Tracking Prevention, InPrivate mode, and Password Monitor that can improve your security and privacy.
   • Use Google Chrome, which is the most popular browser in the world. It has features like Safe Browsing, Incognito mode, Password Checkup, and Sync that can improve your security and privacy.
   • Use Mozilla Firefox, which is the most privacy-focused browser in the world. It has features like Enhanced Tracking Protection, Private Browsing mode, Lockwise, and Monitor that can improve your security and privacy.
9. Backup your data regularly – Backing up your data is a feature that copies your files to another location, such as an external hard drive or a cloud service. This can protect your data from accidental deletion, corruption, or ransomware attacks. To protect your data regularly, go to Settings > Update & Security > Backup and click on Add a drive or Backup options. Choose where you want to store your backup files and how often you want to backup.
10. Educate yourself on cyber threats and best practices – The most important feature for securing your Windows 10 is your own knowledge and awareness. You need to learn how to recognize and avoid common cyber threats, such as phishing, malware, or social engineering. You also need to follow best practices, such as using strong passwords, updating your software, and locking your device when not in use. You can find more information and tips on how to secure your Windows 10 on the Microsoft website or other reputable sources.

Free Download: SQL Server Management Studio 19.1

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

The SSMS 19.x installation doesn’t upgrade or replace SSMS versions 18.x or earlier. SSMS 18.x installs side by side with previous versions, so both versions are available for use. However, if you have a preview version of SSMS 19.x installed, you must uninstall it before installing SSMS 19.1. You can see if you have the preview version by going to the Help > About window.

If a computer contains side-by-side installations of SSMS, verify you start the correct version for your specific needs. The latest version is labeled Microsoft SQL Server Management Studio 19

What’s new in 19.1

New Item	Details
Azure Data Studio installation integration	The installation of SSMS installs Azure Data Studio 1.44.
Always Encrypted	Added support for secure enclaves and in-place encryption in the Always Encrypted Wizard.
Azure SQL Managed Instance	Introduced visibility to the status of the Distributed Transaction Coordinator (DTC) service for Azure SQL Managed Instance. Object Explorer can be used to determine if DTC is enabled on the Azure SQL Managed Instance (within the Management node).
Backup/Restore	Added capability to restore backup files from S3-compatible storage to SQL Server 2022 and Azure SQL Managed Instance.
General SSMS	Updated File Version for ssms.exe to align with product version.
General SSMS	Removed deprecated hardware from the list of available service-level objects.
General SSMS	Changed the system browser setting, within Tools > Options > Azure Services, to default to True. The external browser will be used, instead of the legacy embedded browser.
General SSMS	Removed Vulnerability Assessment from SSMS.
Link feature for Azure SQL Managed Instance	Added Network Checker wizard, providing the capability to test the network connection and ports prior to creating the link.
Link feature for Azure SQL Managed Instance	Added an advanced network troubleshooting capability within the existing link creation wizard. This provides the capability to troubleshoot network connectivity issues while link creation is in progress.
Object Explorer	Removed script header text when selecting the top 1000 rows.
PowerShell	Added ability for users to choose the version of PowerShell to use when launched from SSMS.
PowerShell	Introduced more PowerShell options within Tools > Options > SQL Server Object Explorer > Commands.

Beginning with SQL Server Management Studio (SSMS) 18.7, Azure Data Studio is automatically installed alongside SSMS. Users of SQL Server Management Studio are now able to benefit from the innovations and features in Azure Data Studio.

Continue reading “Free Download: SQL Server Management Studio 19.1”

Technical Interview Questions

Technical interviews are an attempt by a hiring team to ask the correct questions of a candidate to determine if they would be a good technical fit for the open position.

These questions can sometimes uncover missing segments of knowledge that might identify opportunities for the candidate, or even disqualify the candidate for the open position. That is good information to know before you initiate the hiring process, but it can also help identify specific talents or abilities in a candidate that are above and beyond the minimum knowledge expected.

One of the obvious pitfalls of the technical interview is if the questioning turns into more of a trivia contest than a verification of expected knowledge.

One way to determine if a candidate knows how to solve a problem is to give them a problem and ask them to solve that problem during the interview. Sometimes the problem can be a specific technical issue, or a theoretical problem that is just to see if they can determine a simple solution using just the facts presented.

I have asked a simple question to candidates in the past that doesn’t really apply to the job opening they are applying for, but does provide insight into how they identify the issue, think through the possible answers, and provide them an opportunity to present their ideas.

Why is a manhole cover round?

You may never have thought of this question before, but why is a manhole cover round? You want the candidate to consider the possibilities and try to provide possible reasons for this design choice. It has nothing to do with the position they have applied for, but it will give a hiring manager an idea of how this person will respond to a problem that seems to come out of left field.

Do they think though the question or just respond with “I don’t know.” and quit? Have them speak about what they think about the question. Do they have an opinion about why they aren’t square, hexagon, or even oval in shape? Have they seen a manhole or know what they are used for in everyday life? Why do they think some manholes covers are not round?

Hopefully they can speak to possible reasons, which gives you the opportunity to ask how they would find a suitable response. If they just want to Google the answer, maybe ask them what else you might do to get a suitable answer if there isn’t a consensus on Google.

The possible correct answers are:

• Manhole covers are round because it is the best shape to resist the compression of the surrounding soil.
• Round manhole covers are easier to manufacture, move, and place than square or rectangular ones. The heavy covers can be easily rolled into position.
• Manhole cover the size to fit the opening cannot fall through the circular opening, unlike other shapes. No one wants a 100-pound manhole cover dropping onto their head.
• The cover doesn’t have to be aligned in any specific angle to be placed back onto the exposed manhole. Other shapes would require precise alignment.

Years ago, there was a candidate that guessed the covers are round because the men accessing the opening are also round. While this is funny, I don’t think that was a design consideration.

I hate interviews that turn into trivia contests, so I’d much rather be asked a tough question that allows me to show my ability to use my brain to find solutions instead of just demonstrating my ability to memorize technical trivia that anyone could easily look up.

Sources:
(1) Why Are Manhole Covers Round? | Mental Floss. https://www.mentalfloss.com/article/60929/why-are-manhole-covers-round.
(2) Why are manhole covers round? | Live Science. https://www.livescience.com/32441-why-are-manhole-covers-round.html.
(3) Why Are Manhole Covers Round? – ScienceABC. https://www.scienceabc.com/eyeopeners/why-manhole-covers-circular-not-triangular-square-rectangular.html.
(4) The Surprisingly Technical Reason That Manhole Covers Are Round. https://www.envirodesignproducts.com/blogs/news/the-surprisingly-technical-reason-that-manhole-covers-are-round.

Updating Cisco AnyConnect VPN Client

Cisco AnyConnect VPN client is software that allows you to securely connect to your organization’s network from any location. It is important to keep the VPN client updated to ensure optimal performance and security. In this article, we will show you how to deploy the updated Cisco AnyConnect VPN client to your users using the following steps:

1. Download the latest version of Cisco AnyConnect VPN client from the Cisco website. You will need a valid Cisco account and a license to access the download page. Choose the appropriate installer for your operating system and architecture (32-bit or 64-bit).
2. Log in to your Cisco Adaptive Security Appliance (ASA) device using a web browser or a SSH client. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Software.
3. Click Add and browse to the location where you saved the downloaded installer file. Select the file and click Upload. The ASA will verify the file and add it to the list of available AnyConnect packages.
4. Click Apply to save the changes. You can also optionally configure the ASA to automatically update the AnyConnect client on the user’s device when they connect to the VPN. To do this, go to Configuration > Remote Access VPN > Network (Client) Access > Group Policies and edit the default group policy or create a new one.
5. Under Advanced > AnyConnect Client, check the Enable Auto Update box and select the desired update method (User Controllable, Automatic, or Manual). Click OK and Apply to save the changes.
6. Inform your users that they can download and install the updated Cisco AnyConnect VPN client from the ASA web portal or from their existing client application. They will need to enter their credentials and accept the terms and conditions before proceeding with the installation.
7. Once installed, the users can launch the Cisco AnyConnect VPN client from their desktop or start menu and connect to your organization’s network using their credentials and any additional authentication methods required by your security policy.

How to Increase OneDrive Size

 

OneDrive is a cloud storage service that allows users to store and access their files from any device. OneDrive users have a default storage quota of 1 TB, but sometimes they may need more space for their work or personal files. We will explain how a global administrator in Azure can increase a user’s OneDrive size up to 5 TB.

To increase a user’s OneDrive size, the global administrator needs to follow these steps:

Continue reading “How to Increase OneDrive Size”

Check Email Addresses Listed in Active Directory

One of the tasks that administrators often need to perform is to verify that each active directory user account has a valid email address. This is important for ensuring that users can receive notifications, access online services, and communicate with other users. There are different ways to verify the email addresses of active directory users, but in this article, we will focus on one method that uses PowerShell.

PowerShell is a scripting language that allows administrators to automate tasks and manage systems. PowerShell can interact with active directory through the ActiveDirectory module, which provides cmdlets for querying and modifying objects in the directory. To use PowerShell to verify the email addresses of active directory users, we need to follow these steps:

Continue reading “Check Email Addresses Listed in Active Directory”

5 Common Types of Cyber Attacks

Cybersecurity is a crucial aspect of any organization that relies on digital systems and networks. Cyberattacks can cause significant damage to the reputation, operations, and finances of a business, as well as compromise the privacy and security of its customers and employees. Therefore, it is important to understand the different types of cybersecurity attacks, how they are used, and how they can be prevented.

In this blog post, we will discuss 5 common types of cybersecurity attacks that every organization should be aware of and prepared to remediate.

Types of Attacks

1. Malware
Malware is a term that encompasses various types of malicious software, such as viruses, worms, trojans, ransomware, spyware, adware, and more. Malware can infect a computer or device through phishing emails, malicious links, downloads, or removable media. Malware can perform various harmful actions, such as deleting or encrypting data, stealing information, spying on user activity, displaying unwanted ads, or hijacking system resources.

To prevent malware attacks, organizations should use antivirus software and firewalls, update their systems and applications regularly, avoid opening suspicious attachments or links, and educate their employees on how to recognize and avoid phishing emails.

Continue reading “5 Common Types of Cyber Attacks”

Different Ways to Reboot Windows 10 Computer

Rebooting a Windows 10 computer is a common and simple operation that can help you fix some software issues or apply the changes you have made to your computer. However, do you know how to reboot Windows 10 properly? In this blog post, I will show you four different ways to restart your Windows 10 computer in a professional and safe manner.

Many might find these instructions too simple or too well known to even list, but some users are just learning how to use Windows 10 and might find these instructions useful.

Method 1: Reboot in a Normal Way

This is the conventional and most widely used method. You can follow these steps to reboot your Windows 10 computer in a normal way:

1. Open Start on Windows 10.
2. Press the Power button and select Restart from the popup menu.
3. Wait for your computer to restart.

Alternatively, you can also use the Power User Menu to perform a normal restart of Windows 10. Here are the steps:

1. Right-click on the Start button or press the Windows key and the X key at the same time to open the Power User Menu.
2. Go to Shut down or sign out.
3. Select Restart from the popup sub-menu of Shut down or sign out.
4. Wait for your computer to restart.

Method 2: Reboot using Ctrl+Alt+Del

You can also use the keyboard shortcut Ctrl+Alt+Del to restart your Windows 10 computer. This method works on all Windows 10 computers. Here is how to do it:

1. Press Ctrl+Alt+Del at the same time on your keyboard to open the shutdown dialog box.
2. Click on the Power button that is on the lower-right side of your computer screen.
3. Select Restart from the pop-out menu.
4. Wait for your computer to restart.

Method 3: Restart from Command Prompt

The third method is to restart your Windows 10 computer from Command Prompt. This method requires you to use the shutdown command to reboot Windows 10. You can follow these steps to do it:

1. Open Command Prompt as an administrator. You can do this by typing cmd in the Start menu, right-clicking on Command Prompt, and selecting Run as Administrator.
2. In the Command Prompt window, type “shutdown /r” (without the quotes) and press Enter. This will initiate a restart of your computer.
3. Wait for your computer to restart.

Continue reading “Different Ways to Reboot Windows 10 Computer”

History and Status of the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was created in response to the rapid growth of credit card transactions in the 1990s causing thousands of small companies to start storing credit card data and processing consumer transactions on unprotected networks.  Since many of these small businesses didn’t know how to properly secure these credit card transactions, it also led to a rapid increase in data theft and a growing concern from banks and credit card companies about ways to protect their brand and consumer accounts. In an effort to resolve the growing concern around payment card fraud and cybercrime in general, industry leaders such as Visa, MasterCard, and American Express got together and created a global security standard to protect online card payments.

The PCI DSS standard was established to set basic guidelines and requirements around how businesses must create a safer cardholder data environment, using basic requirements to drive minimum requirements around security that would lead to more secure business systems. As the standard evolved and procedures more refined, PCI DSS became an internationally accepted standard for all merchants and service providers.

PCI DSS History

PCI DSS was introduced in December 2004, after Visa and other brands had introduced their own standards.  These brand-specific standards weren’t well received by merchants and service providers, since these were small companies that didn’t need the confusion of multiple standards.

Continue reading “History and Status of the PCI DSS”

How to Create a Secure Windows 10 Workstation for Beginners

If you are new to Windows 10 and want to create a secure workstation for your personal or professional use, this blog post is for you. In this post, I will show you how to set up a Windows 10 workstation with some basic security features that will help you protect your data and privacy. Here are the steps you need to follow:

Continue reading “How to Create a Secure Windows 10 Workstation for Beginners”

IT Security Manager Responsibilities

What are the day-to-day responsibilities of an IT Security Manager?

An IT Security Manager is a technology professional who oversees the security of an organization’s information systems and networks. They are responsible for planning, implementing, and monitoring security policies and procedures to protect the organization from cyber threats and ensure compliance with relevant regulations and standards.

An IT Security Manager requires a combination of technical skills, such as knowledge of network security, encryption, firewalls, antivirus software, etc., and soft skills, such as communication, leadership, problem-solving, teamwork, etc. An IT Security Manager typically has a bachelor’s degree in computer science, information technology, cybersecurity or equivalent business experience. They may also have relevant certifications (CISSP, CISM, Security+, CASP+, CEH, etc.) to demonstrate specific skills and knowledge. An IT Security Manager may work for various types of organizations, such as government agencies, corporations, nonprofits, educational institutions, etc., depending on their industry and size.

Continue reading “IT Security Manager Responsibilities”

Top 10 Cybersecurity Team Effectiveness Metrics

What are the top 10 metrics used to measure cybersecurity team effectiveness?

Cybersecurity is a vital aspect of any organization that relies on digital systems and networks. However, measuring the effectiveness of a cybersecurity team can be challenging, as there are many factors and variables involved. In this blog post, we will explore some of the most common and useful metrics that can help assess how well a cybersecurity team is performing and where they can improve.

1. Mean time to detect (MTTD) – This metric measures how quickly a cybersecurity team can identify a potential threat or incident. The lower the MTTD, the better, as it means that the team can respond faster and minimize the damage.
2. Mean time to respond (MTTR) – This metric measures how quickly a cybersecurity team can contain and resolve a threat or incident. The lower the MTTR, the better, as it means that the team can restore normal operations and reduce the impact.
3. Mean time to recover (MTTR) – This metric measures how quickly a cybersecurity team can restore the affected systems and data after a threat or incident. The lower the MTTR, the better, as it means that the team can resume business continuity and reduce the downtime.
4. Number of incidents – This metric measures how many threats or incidents a cybersecurity team has to deal with in a given period. The lower the number of incidents, the better, as it means that the team has a strong security posture and can prevent most attacks.
5. Severity of incidents – This metric measures how serious or damaging a threat or incident is for an organization. The lower the severity of incidents, the better, as it means that the team can mitigate most risks and protect the most critical assets.
6. Incident response rate – This metric measures how many threats or incidents a cybersecurity team can successfully handle in a given period. The higher the incident response rate, the better, as it means that the team has enough resources and capabilities to deal with all challenges.
7. Incident resolution rate – This metric measures how many threats or incidents a cybersecurity team can successfully resolve in a given period. The higher the incident resolution rate, the better, as it means that the team has effective processes and tools to eliminate all threats.
8. Cost of incidents – This metric measures how much money an organization loses due to threats or incidents in a given period. The lower the cost of incidents, the better, as it means that the team can minimize the financial losses and optimize the security budget.
9. Customer satisfaction – This metric measures how satisfied an organization’s customers are with its security performance and service quality. The higher the level of customer satisfaction, the better, as it means that the team can meet or exceed customer expectations and build trust and loyalty.
10. Employee satisfaction – This metric measures how satisfied an organization’s employees are with its security culture and environment. The higher the employee satisfaction, the better, as it means that the team can foster a positive and collaborative atmosphere and retain talent.

These are some of the most common and useful metrics that can help measure cybersecurity team effectiveness. However, they are not exhaustive or definitive, and each organization may have different goals and priorities when it comes to security. Therefore, it is important to customize and adapt these metrics according to each organization’s specific needs and context.

TIOBE Index for May 2023 – Which Programming Language is Most Popular?

Have you seen the latest TIOBE rankings report?

The TIOBE Programming Community index is an indicator of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third-party vendors. Popular search engines such as Google, Bing, Yahoo!, Wikipedia, Amazon, YouTube and Baidu are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written.

It has been stated before, programming language popularity is rather stable. If we look at the first 10 programming languages in the TIOBE index, then C# is the youngest of them all. C# started in 2000. That is 23 years ago! Almost every day a new programming language is born, but hardly any of them enter the top 100. At least not in their first 10 years. The only languages younger than 10 years in the current top 100 are: Swift (#14), Rust (#17), Crystal (#48), Solidity (#59), Pony (#71), Raku (#72), Zig (#88) and Hack (#92). None of them are less than 5 years old. In other words, it is almost impossible to hit the charts as a newbie. On the contrary, we see that golden oldies revive. Take for instance Fortran, which is back in the top 20 thanks to the growing demand for numerical computational power. So, if you have just invented a brand new language, please have some patience! — Paul Jansen CEO TIOBE Software

You can read the details of how and why languages are popular at the TIOBE website. If you are a developer, you will find this information interesting.

Continue reading “TIOBE Index for May 2023 – Which Programming Language is Most Popular?”

How to Detect a New Domain Controller in Your Network

Some malware can create a Domain Controller to infect your network and steal data. DCShadow is a late-stage kill chain attack that allows an attacker with compromised privileged credentials to register a rogue Active Directory (AD) domain controller (DC). Then the adversary can push any changes they like via replication — including changes that grant them elevated rights and create persistence. It can be extremely difficult to detect a new Domain Controller, so you need to know how to find one if you suspect an infection.

Overview

A domain controller is a server that manages the security and authentication of users and computers in a domain. A domain is a logical grouping of network resources that share a common name and directory database. A new domain controller can be added to a domain for various reasons, such as increasing redundancy, improving performance, or expanding the network.

However, a new domain controller can also pose a security risk if it is not authorized or configured properly. An unauthorized domain controller can compromise the security of the entire domain by granting access to unauthorized users or computers, or by intercepting and modifying network traffic. Therefore, it is important to detect and monitor any new domain controllers in your network.

In this blog post, we will show you how to detect a new domain controller in your network using some simple tools and techniques. We will assume that you have administrative privileges on your network and that you are familiar with basic Windows commands and PowerShell.

Use the Netdom Command

The netdom command is a Windows command-line tool that can be used to manage domains and trust relationships. One of the functions of the netdom command is to list all the domain controllers in a domain. To use the netdom command, you need to open a command prompt as an administrator and type the following command:

netdom query dc

This command will display all the domain controllers in your current domain. You can also specify a different domain name after the dc parameter if you want to query another domain. For example:

netdom query dc example.com

The output of this command will look something like this:

List of domain controllers with accounts in the domain:

DC1
DC2
DC3
The command completed successfully.

You can compare this output with your previous records or expectations to see if there is any new or unexpected domain controller in your domain. If you find one, you should investigate further to determine its origin and purpose.

Use the Get-ADDomainController PowerShell Cmdlet

The Get-ADDomainController PowerShell cmdlet is another tool that can be used to retrieve information about domain controllers in a domain. To use this cmdlet, you need to open a PowerShell window as an administrator and type the following command:

Get-ADDomainController -Filter *

This command will display all the domain controllers in your current domain along with some additional information, such as their name, site, operating system, IP address, and roles. You can also specify a different domain name after the -Server parameter if you want to query another domain. For example:

Get-ADDomainController -Filter * -Server example.com

The output of this command will look something like this:

DistinguishedName : CN=DC1,OU=Domain Controllers,DC=eexample, DC com
DNSHostName : DC1.example.com
Enabled : True
Name : DC1
ObjectClass : computer
ObjectGUID : 12345678-1234-1234-1234-123456789012
SamAccountName : DC1$
SID : S-1-5-21-1234567890-1234567890-1234567890-1000
Site : Default-First-Site-Name
OperatingSystem : Windows Server 2019
OperatingSystemVersion : 10.0 (17763)
Forest : example.com
Domain : example.com
IPv4Address : 192.168.1.1
IPv6Address : fe80::1234:5678:90ab:cdef%12
IsGlobalCatalog : True
IsReadOnly : False
IsSeized : False
Roles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}

DistinguishedName : CN=DC2,OU=Domain Controllers,DC=example, DC Com
DNSHostName : DC2.example.com
Enabled : True
Name : DC2
ObjectClass : computer
ObjectGUID : 23456789-2345-2345-2345-234567890123
SamAccountName : DC2$
SID : S-1-5-21-2345678901-2345678901-2345678901-1000
Site : Default-First-Site-Name
OperatingSystem : Windows Server 2019
OperatingSystemVersion : 10.0 (17763)
Forest : example.com
Domain : example.com
IPv4Address : 192.168.1.2
IPv6Address : fe80::1235:5678:90ac:cdef%12
IsGlobalCatalog : True
IsReadOnly : False
IsSeized : False
Roles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}

You can also use Event ID 4742 in your Security log to monitor the changes to your registered Domain Controllers. This event shows which user initiated the change, so you know which Domain Administrator account is being used to perform the attack.