Google QUIC Protocol & How to block in Palo Alto

Google QUIC is a new protocol which is designed to make the web faster, QUIC stands for Quick UDP Internet Connection, commonly used in streaming media, VoIP services and gaming. This protocol is activated by default in Google Chrome and it’s also growing by a list of websites who have implemented this protocol. But why…



ADFS Claims depending on multiple conditions such as group membership and password expiry

In this post I will quickly demonstrate how to achieve a ADFS Claims depending on two different conditions. This specific case is about the password expiry claims that we only want to show for users that are member in a specific Active Directory group. First we need to add an Issuance Transform Rule where we…



Varonis DatAdvantage – Verify continuous communication with all domain controllers

When you are using Varonis to monitor your environment it’s important to make sure that you don’t miss any critical events. One weakness in the current version of Varonis that I found out about is that you won’t get any notification if the event collection from one domain controller stops to work and you will…



Netscaler – Configure Kerberos Authentication + LDAP Group/Attribute Extraction to achieve SSO for internal users

SSO to Netscaler hosted web services for internal users: A request we receive from time to time from our Netscaler customers is that they would prefer internal users (users connected to the company’s LAN/Wifi or through VPN) to automatically get SSO when they browse to a load balanced web system (https://sharepoint.mycompany.com). One way of doing…




Netscaler – Customizing messages when using ”Enhanced authentication feedback” with RfWebUI Theme

Some customers want to be able to provide more feedback to users when, for some reason, their logon to Netscaler fails or if the new password they specify during password change does not meet the AD’s password complexity requirements. Citrix has published the article https://support.citrix.com/article/CTX223404 that specifies how you can customize the message strings. However,…



Brief walk-through of Robocopy

I have stumbled upon technical scenarios which required special maneuvers requiring skills I did not possess. After some reading I was able to conclude that Windows environments have several ways to copy files from a to b: good old ctrl +c and ctrl +v, xcopy, Copy-Item and robocopy. I was aware of the first one,…



No more Basic Authentication for Exchange Online – what does that mean for us?

Microsoft recently announced that they are turning off Basic Authentication in Exchange Online on October 13, 2020. This means a year for customers to adapt. But what does this mean in reality? In short, no more Basic Auth for: ActiveSync POP/IMAP Remote PowerShell This also means you will not be able to use app passwords (which…



Citrix Virtual Apps and Desktops 1909

Autumn is around the corner and Citrix has blessed our cold season with a new release of Citrix Virtual Apps and Desktops. Below is a selection of changes implemented in release 1909: Director & Studio Machine Catalog tags Note: Only configurable from within PowerShell Delivery Group – Maximum delay timer for scheduled restarts can now be…



Level up your incident response with DatAlert and Varonis

Varonis offers a great product that can be used for threat detection and response. It will help you identify and handle security incidents faster and more effective and it’s called DatAlert. In this blog post I’m going to discuss some of its features. With the DatAlert Suite added to your existing Varonis environment you can…