office 365 reports links

The weird of office 365 reports is you cannot get some reports from the admin portal. below is the links of these reports:

 

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=DLPPolicyMatchesForMail

https://admin.Protection.outlook.com/Reports/DisplayReport.aspx?reportId=DLPPolicyMatchesForMailByAction

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=DLPPolicyMatchesForMailByRule

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=MalwareDetections

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=RuleMatchesForMail

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=RuleMatchesForMailByAction

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=SentAndReceivedMail

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=SpamDetections

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=TopDLPPoliciesAndRulesForMail

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=TopRulesForMail

https://admin.protection.outlook.com/Reports/DisplayReport.aspx?reportId=TopSendersAndRecipients

However, it cannot handle the result that returns more than thousands lines, you will have to install an Excel add-on for it: http://www.microsoft.com/en-us/download/details.aspx?id=30716

Use NMAP to detect OPENSSL heartbleeding vulnerability

NMAP 6.46 (http://nmap.org/download.html) includes the openssl heartbleed script:

To use it, below is a sample command:

nmap -sV -v -p 0-65535 --script=ssl-heartbleed -iL ./hosts.txt -oX ./result.xml

Parameter description:

-sV: Probe open ports to determine service/version info

-v: Increase verbosity level

-iL : Input from list of hosts/networks

-oX: output scan in XML format.

A sample output as below:

If for some reason, you cannot install nmap 6.46, you can manually download ssl-heartbleed.nse from http://nmap.org/nsedoc/scripts/ssl-heartbleed.html and put it in the NMAP scripts folder. You may need tls library to run the heartbleed script. Download it from http://nmap.org/nsedoc/lib/tls.html and put it in NMAP nselib folder.

MS12-020 denial of service code test

The RDP Vulnerability attack code has been spread like a wild fire.  I just tested the code yesterday, it works really well even cross the Internet. I recorded the whole process. You can see how easy it is. Currently the code can only cause blue screen, but it might change to remote code execution soon. The clock is ticking. Install the patch in your computers. You can download the code from http://aluigi.org/adv/termdd_1-adv.txt

To check if the patches are already applied, use these 2 commands:

wmic qfe | find "KB2667402"

wmic qfe | find "KB2621440"

For more information: http://isc.sans.edu/diary.html?storyid=12808&rss and http://isc.sans.edu/diary.html?storyid=12805&rss