Hacker - How to identify Time and Date DNS entry change

On a Microsoft domain if you want to understand when a DNS entry was changed you need to:

  1. Logon on DC
  2. ADSI Edit --> Default naming context
  3. You must go to CN=System, CN=MicrosoftDNS and search about relative entry
  4. Right Click --> Properties --> searching for Creation date and last modify

in case you want to enable DNS audit log you can read this article:

Microsoft - Mastering Microsoft Certification Exam Prep

Here they are some video tutorials about Microsoft Certification Exam preparation:

n this on-demand Microsoft Certification exam prep session, IT Pro and Microsoft Certified Trainer Timothy Warner and Microsoft Learning Senior Content Developer Christopher Chapman help you quickly ramp up on what you need to know to conquer Microsoft Certifications. Find out what they are, who they’re for, and how to become a better test-taker. Take a look at different kinds of questions and how to be prepared for them. Plus, get details on special deals, pricing, and registration, along with next steps in your Microsoft Certification journey.

1 | Mastering Microsoft Certification Exam Preparation Introduction
Get a course overview, and hear course prerequisites.

2 | Understanding Microsoft Certification
Find out what Microsoft Certifications are, who they are for, and where to find more information about them.

3 | Learning the Certification Study Pyramid
Hear about the three areas on which to focus to become a better test-taker.

4 | Developing Your Content Knowledge
Learn about the best ways to increase your content knowledge, whether through direct use of products, books, or online learning tools.

5 | Turning Theory into Practice
In this module you will see what your options are for practice exams so that you can apply all that you have learned up to now.

6 | Strengthening Your Test-Taking Skills
Learn about the different kinds of questions, how to analyze them, and how to be prepared for them.

7 | The Microsoft Testing Workflow
Get the details on special deals, pricing, and registration for exams, along with post-exam benefits.

8 | Next Steps
Learn what to do after you have passed your first Microsoft Certification.


Extra IT - How to stay calm

Some years ago I took note about this interesting linkedin article and now, I take occasion to share that.


Firewall - Zeroshell, Radious, captive portal, Router, Firewall, router

Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you can configure and administer it using your web browser. The main features of this Linux distribution for Network Appliances are listed below:
  • Load Balancing and Failover of multiple Internet connections;
  • UMTS/HSDPA connections by using 3G modems;
  • RADIUS server for providing secure authentication and automatic management of the encryption keys to the Wireless 802.11b, 802.11g and 802.11a networks supporting the 802.1x protocol in the EAP-TLS, EAP-TTLS and PEAP form or the less secure authentication of the client MAC Address; WPA with TKIP and WPA2 with CCMP (802.11i complaint) are supported too; the RADIUS server may also, depending on the username, group or MAC Address of the supplicant, allow the access on a preset 802.1Q VLAN;
  • Captive Portal to support the web login on wireless and wired networks. Zeroshell acts as gateway for the networks on which the Captive Portal is active and on which the IP addresses (usually belonging to private subnets) are dynamically assigned by the DHCP. A client that accesses this private network must authenticate itself through a web browser using Kerberos 5 username and password before the Zeroshell's firewall allows it to access the public LAN. The Captive Portal gateways are often used to provide authenticated Internet access in the HotSpots in alternative to the 802.1X authentication protocol too complicated to configure for the users. Zeroshell implements the functionality of Captive Portal in native way, without using other specific software as NoCat or Chillispot;
  • QoS (Quality of Service) management and traffic shaping to control traffic over a congested network. You will be able to guarantee the minimum bandwidth, limit the max bandwidth and assign a priority to a traffic class (useful in latency-sensitive network applications like VoIP). The previous tuning can be applied on Ethernet Interfaces, VPNs, bridges and VPN bondings. It is possible to classify the traffic by using the Layer 7 filters that allow the Deep Packet Inspection (DPI) which can be useful to shape VoIP and P2P applications;
  • HTTP Proxy server which is able to block the web pages containing virus. This feature is implemented using the ClamAV antivirus and HAVP proxy server. The proxy server works in transparent proxy mode, in which, you don't need to configure the web browsers of the users to use it, but the http requests will be automatically redirected to the proxy;
  • Wireless Access Point mode with Multiple SSID and VLAN support by using WiFi network cards based on the Atheros chipsets. In other words, a Zeroshell box with one of such WiFi cards could become a IEEE 802.11a/b/g Access Point providing reliable authentication and dynamic keys exchange by 802.1X and WPA protocols. Of course, the authentication takes place using EAP-TLS and PEAP over the integrated RADIUS server;
  • Host-to-lan VPN with L2TP/IPsec in which L2TP (Layer 2 Tunneling Protocol) authenticated with Kerberos v5 username and password is encapsulated within IPsec authenticated with IKE that uses X.509 certificates;
  • Lan-to-lan VPN with encapsulation of Ethernet datagrams in SSL/TLS tunnel, with support for 802.1Q VLAN and configurable in bonding for load balancing (band increase) or fault tolerance (reliability increase);
  • Router with static and dynamic routes (RIPv2 with MD5 or plain text authentication and Split Horizon and Poisoned Reverse algorithms);
  • 802.1d bridge with Spanning Tree protocol to avoid loops even in the presence of redundant paths;
  • 802.1Q Virtual LAN (tagged VLAN);
  • Firewall Packet Filter and Stateful Packet Inspection (SPI) with filters applicable in both routing and bridging on all type of interfaces including VPN and VLAN;
  • It is possible to reject or shape P2P File Sharing traffic by using IPP2P iptables module in the Firewall and QoS Classifier;
  • NAT to use private class LAN addresses hidden on the WAN with public addresses;
  • TCP/UDP port forwarding (PAT) to create Virtual Servers. This means that real server cluster will be seen with only one IP address (the IP of the virtual server) and each request will be distributed with Round Robin algorithm to the real servers;
  • Multizone DNS server with automatic management of the Reverse Resolution in-addr.arpa;
  • Multi subnet DHCP server with the possibility to fix IP depending on client's MAC address;
  • PPPoE client for connection to the WAN via ADSL, DSL and cable lines (requires a suitable MODEM);
  • Dynamic DNS client used to easily reach the host on WAN even when the IP is dynamic;
  • NTP (Network Time Protocol) client and server for keeping host clocks synchronized;
  • Syslog server for receiving and cataloging the system logs produced by the remote hosts including Unix systems, routers, switches, WI-FI access points, network printers and others compatible with the syslog protocol;
  • Kerberos 5 authentication using an integrated KDC and cross-authentication between realms;
  • LDAP, NIS and RADIUS authorization;
  • X509 certification authority for issuing and managing electronic certificates;
  • Unix and Windows Active Directory interoperability using LDAP and Kerberos 5 cross realm authentication.
Zeroshell is a Live CD distribution, meaning that it is not necessary to install it on the hard disk since it can operate directly from the CDROM on which it is distributed. Obviously, the database, containing all the data and settings, can be stored on ATA, SATA, SCSI and USB disks. Any security Bug Fixes can be downloaded from the automatic update system via Internet and installed in the database. These patches will be automatically removed from the database by subsequent releases of the Zeroshell Live CD already containing the updates.
It is also available a 512MB Compact Flash image useful if you have to boot your box from this device instead from CDROM for example in the embedded devices for network appliances. The Compact Flash image has 400MB available to store the configuration and data.
The name Zeroshell underlines the fact that although it is a Linux system (traditionally administrable from a shell), all the administration operations can be carried out via Web interface: indeed, after having assigned an IP address via a VGA or serial terminal, simply connect to the assigned address by means of a browser to configure everything.


Zeroshell è una distribuzione Linux per server e dispositivi embedded il cui scopo è fornire i principali servizi di rete di cui una LAN necessita. È disponibile nel formato di Live CD o di immagine per Compact Flash ed è configurabile ed amministrabile tramite un browser web. Di seguito sono elencate le principali caratteristiche di questa distribuzione Linux utile a costruire Net Appliance:
  • Bilanciamento e Failover di connessioni multiple a Internet;
  • Connessioni UMTS/HSDPA mediante modem 3G;
  • Server RADIUS per fornire autenticazione e gestione automatica delle chiavi di cifratura alle reti Wireless 802.11b, 802.11g e 802.11a supportando il protocollo 802.1x nella forma EAP-TLS, EAP-TTLS e PEAP; sono supportate le modalità WPA con TKIP e WPA2 con CCMP conforme allo standard 802.11i; il server RADIUS può inoltre, in base allo username, il gruppo di appartenenza o MAC Address del supplicant smistare l'accesso su di una VLAN 802.1Q assegnata ad un SSID;
  • Captive Portal per il supporto del web login su reti wireless e wired. Zeroshell agisce da gateway per la rete su cui è attivo il Captive Portal e su cui gli indirizzi IP (di solito appartenenti a classi private) vengono forniti dinamicamente dal DHCP. Un client che accede a questa network privata deve autenticarsi mediante un web browser con username e password Kerberos 5 prima che il firewall di Zeroshell gli permetta di accedere alla LAN pubblica. I gateway Captive Portal sono utilizzati spesso per fornire accesso a Internet negli HotSpot in alternativa all'autenticazione 802.1X troppo complicata da configurare per gli utenti. Zeroshell implementa la funzionalità di Captive Portal in maniera nativa, senza utilizzare altro software specifico come NoCat o Chillispot;
  • Gestione del QoS (Quality of Service) e traffic shaping per il controllo del traffico su reti congestionate. Si possono imporre vincoli sulla banda minima garantita, sulla banda massima e sulla priorità di un pacchetto (utile nelle connessioni realtime come le VoIP). Tali vincoli potranno essere applicati sulle interfacce Ethernet, sulle VPN, sui point to point PPPoE, sui bridge e sui bonding (aggregati) di VPN. La classificazione del traffico può avvenire anche mediante i filtri Layer 7 che permettono il Deep Packet Inspection (DPI) e quindi di regolare la banda e la priorità da assegnare ai flussi di applicazioni come VoIP e P2P;
  • HTTP Proxy con antivirus open source ClamAV in grado di bloccare in maniera centralizzata le pagine web contenenti Virus. Il proxy, realizzato con HAVP, potrà funziona in modalità transparent proxy, intendendo con ciò, che non è necessario configurare i web browser degli utenti per utilizzare il server proxy, ma, le richieste http verranno automaticamente reindirizzate a quest'ultimo. È ovvio, che in questo caso, la macchina che fa da proxy deve essere anche un gateway (router IP o bridge);
  • Supporto per la funzionalità di Wireless Access Point con Multi SSID utilizzando schede di rete WiFi basate sui chipset Atheros. In altre parole, un box Zeroshell con una di tali schede WI-FI può funzionare come Access Point per le reti IEEE 802.11 supportando i protocolli 802.1X, WPA per l'autenticazione e la generazione di chiavi dinamiche. Ovviamente l'autenticazione avviene tramite EAP-TLS o PEAP sfruttando il server RADIUS integrato;
  • VPN host-to-lan con protocollo L2TP/IPsec in cui L2TP (Layer 2 Tunneling Protocol) autenticato con username e password Kerberos v5 viene incapsulato all'interno di IPsec autenticato mediante IKE con certificati X.509;
  • VPN lan-to-lan con incapsulamento delle trame Ethernet in tunnel SSL/TLS, con supporto per VLAN 802.1Q e aggregabili in load balancing (incremento di banda) o fault tollerance (incremento di affidabilità);
  • Router con route statiche e dinamiche (RIPv2 con autenticazione MD5 o plain text e algoritmi Split Horizon e Poisoned Reverse);
  • Bridge 802.1d con protocollo Spanning Tree per evitare loop anche in presenza di percorsi ridondati;
  • Firewall Packet Filter e Stateful Packet Inspection (SPI) con filtri applicabili sia in routing sia in bridging su tutti i tipi di interfaccia di rete comprese le VPN e le VLAN;
  • Controllo mediante Firewall e Classificatore QoS del traffico di tipo File sharing P2P;
  • NAT per utilizzare sulla LAN indirizzi di classi private mascherandoli sulla WAN con indirizzi pubblici;
  • TCP/UDP port forwarding (PAT) per creare Virtual Server, ovvero cluster di server reali visti con un unico indirizzo IP (l'indirizzo del Virtual Server). Le richieste sul server virtuale saranno smistate sui server reali in Round-Robin (ciclicamente) preservando le connessioni e le sessioni già esistenti. Si può così ottenere il load balancing su web farm, cluster SQL e farm di calcolo;
  • Server DNS multizona e con gestione automatica della Reverse Resolution in-addr.arpa;
  • Server DHCP multi subnet con possibilità di assegnare l'indirizzo IP in base al MAC Address del richiedente;
  • Virtual LAN 802.1Q (tagged VLAN) applicabili sulle interfacce Ethernet, sulle VPN lan-to-lan, sui bonding di VPN e sui bridge composti da interfacce Ethernet, VPN e bond di VPN;
  • Client PPPoE per la connessione alla WAN tramite linee ADSL, DSL e cavo (richiede MODEM adeguato);
  • Client DNS dinamico che permette la rintracciabilità su WAN anche quando l'IP è dinamico. Gestione dinamica del record dns MX per l'instradamento SMTP della posta elettronica su mail server con IP variabile;
  • Server e client NTP (Network Time Protocol) per mantenere gli orologi degli host sincronizzati;
  • Server syslog per la ricezione e la catalogazione dei log di sistema prodotti da host remoti quali sistemi Unix, router, switch, access point WI-FI, stampanti di rete e altro compatibile con protocollo syslog;
  • Autenticazione Kerberos 5 mediante un KDC integrato e cross autenticazione tra domini;
  • Autorizzazione LDAP, NIS e RADIUS;
  • Autorità di certificazione X.509 per l'emissione e la gestione di certificati elettronici;
  • Integrazione tra sistemi Unix e domini Windows Active Directory in un unico sistema di autenticazione e autorizzazione mediante LDAP e Kerberos 5 cross realm authentication.
Si tratta di una distribuzione Live CD, intendendo con ciò che non è necessario installarla su hard disk poiché può funzionare direttamente dal CDROM su cui è distribuita. Ovviamente il database, contenente l'insieme dei dati e delle configurazioni, può essere memorizzato su dischi ATA, SATA, SCSI e USB. Eventuali Bug Fix di sicurezza potranno essere scaricati dal sistema automatico di update incrementale via Internet e installati nel database. Tali patch saranno automaticamente rimosse dal database da successive release del Live CD di Zeroshell che già contengono gli updates.
Oltre all'immagine ISO per CD è disponibile anche un'immagine per Compact Flash da 512MB (di cui 400MB dedicati alla memorizzazione della configurazione e dei dati) da cui è possibile il boot su sistemi che dispongono di un adattatore ATA CF come per esempio i dispositivi embedded per netwok appliance.
Il nome Zeroshell sottolinea che pur trattandosi di un sistema Linux (tradizionalmente amministrabile da shell), tutte le operazioni di amministrazione possono essere svolte tramite un'interfaccia Web: è sufficiente infatti, dopo aver assegnato un indirizzo IP tramite un terminale VGA o seriale, collegarsi con un browser all'indirizzo assegnato per configurare il tutto.

Windows 10 - Outlook pop3 problems with Clearos

During these days I faced a strange  behavior.

Here is situation:

  1. Windows 10 Professional/Enterprise pc.
  2. ClearOs domain.
  3. Outlook 201x and pop3 email.
We had problems configuring domain account and outlook with pop3

Problem did not happened when we configured outlook utilizing pc still joined to domain but with local account.

Credential manager was not accessible (trust relationship error).

Looking on internet it was a known issue that required register change.

After that problem was succesfully solved...


And add a new DWORD (32bit) subkey whit the following name "ProtectionPolicy" and set the value to 1.

Exchange and linked mailboxes

This youtube video well explain situation in case two forests/domains are in bidirectional trust and exchange server is in a single domain. 

To give ability to a single user to utilize exchange mailbox on other domain you need to take confidence with linked mailboxes concept:

This image, indeed it explain AD group differences:

Tips - Win 10 e virtual desktops

Working with virtual desktops in Windows 10
Windows 10 enables you to easily set up and switch between virtual desktops out of the box. Here are some keyboard shortcuts to help you get started:

Create a new desktop = WIN + CTRL + D
Switch to another desktop = WIN + CTRL + LEFT/RIGHT
Close the current desktop = WIN + CTRL + F4
Launch task view = WIN + TAB

[Update 2020.03.15]

more details:



There are two general settings for virtual desktop in Windows. Press Windows key + I to open Settings. Go to Systems, select Multitasking, then scroll down to Virtual desktops.

Both are automatically defaulted to Only the desktop I’m using but, depending on your preference, you can set each to show on all desktops"

Here they are some screenshots from this article:


Privacy - Two tools to completely wipe data and create USB/CD Live

Today I would like to mention two tools that are able to create a USB/CD live to boot and decide how to better wipe your data on your Hard drives.

Both of them are for free (Hardwipe is free for personal use):

1. CopyWipe™ is a utility for copying or securely overwriting (wiping/erasing) entire hard drives. 

CopyWipe for DOS - Self-booting diskette or CD/DVD.

CopyWipe for Windows - Console-based Win32 application.

PEBuilder Plug-In - CopyWipe on a Bootable Windows DVD.

Consider that on Ultimate Boot CD 4.11 this utility was included 



2. Hardwipe for Desktop is free for non-commercial use.

The Hardwipe Portable Edition provides a USB runnable alternative which can easily be combined with Windows PE to create a modern boot and nuke data sanitization solution with a graphical user interface.

Finally, Hardwipe's command line utility can easily be automated from the Windows Task Scheduler in order to prevent remnant data accumulation, offers total flexibility for power users.

Santization Commands
Hardwipe gives you the freedom to securely erase:

Physical Devices
Logical Volumes
Files & Folders
Recycler Bins
Free (unused) Drive Space
Windows Pagefile
Hardwipe provides read-back verification, report logs, and supports all major sanitization schemes, including: GOST R 50739-95, DOD 5220.22-M, Schneier and Gutmann.


Technical diagrams for SharePoint 2016

 These diagrams provide visual representations of recommended solutions for SharePoint 2016 in the form of models, which are poster-size documents.
These resources are available in Visio (.vsd) format (Visio 2010 or Visio 2016) or PDF format, and on Docs.com.

SharePoint Online, Azure, and SharePoint on-prem configurations
PDF file PDF  |  Visio file Visio | View the file in your browserDocs.com

This poster describes four architectural models:
  • SharePoint Online (SaaS) – Consume SharePoint through a Software as a Service subscription model
  • SharePoint Hybrid – Move your SharePoint sites and apps to the Cloud at your own pace
  • SharePoint in Azure (IaaS) – You extend your on-premises environment into Microsoft Azure and deploy SharePoint 2016 Servers there. (This is recommended for High Availability/Disaster Recovery and Test/Dev environments.)
  • SharePoint On-premises – You plan, deploy, maintain and customize your SharePoint environment in a datacenter that you maintain

more details: