Archive for December, 2010


Covert Channels

The SANs Reading room always has some interesting stuff to read. I have not had much time lately to read but for months I’ve had Covert Channels open on one of my tabs and finally decided to read it. Very good read and got me playing around with some tools on my test machines. I recommend reading this.

Account lockout tool

This post is mainly for reference purpose. Have you ever had an network account that kept getting locked out and didn’t know why? EventCombMT is a tool provided by Microsoft (included with Microsoft Account Lockout Management Tools) that will allow you to search for lockout events and will identify the computer in which is causing the account to be locked.

It doesn’t tell you why, but once you have the computer which is causing it you can investigate further.