CISCO. Wifi Security. ISOLATION

Purpose

Isolate the elements of a Wi-Fi network from each other.

In Cisco-managed wireless environments (such as those using Wireless LAN Controllers, or WLCs), client isolation refers to preventing devices connected to the same wireless network from communicating directly with each other. This is typically achieved through features like:

• P2P Blocking (Peer-to-Peer Blocking): Found in the advanced settings of a WLAN profile. When enabled (e.g., set to Drop), it blocks direct communication between WiFi clients connected to the same access point managed by the same WLC.

• AP Isolation (common in consumer-grade or SMB routers): Prevents clients connected to the same access point from seeing or interacting with each other. This is useful in public or shared environments like cafés, hotels, or conferences, where you want to prevent attacks like ARP spoofing or traffic sniffing.

Steps

While there isn’t a literal command called ISOLATION, the effect is achieved through configurations such as:

• P2P Blocking Action in the WLAN settings → can be set to Drop or Forward.

• On switches, a similar effect is achieved using switchport protected, but in WiFi it’s handled at the SSID and controller level.

recommended for

• In public or shared networks where clients shouldn’t interact.

• In enterprise environments with strict security policies.

• To protect IoT or smart devices that don’t need to communicate with each other.

by GoN | Published: Oct 2025 | Last Updated:

TOOLS. EXELS joins columns

 Excel Spanish version.

Purpose

Os pongo algunos ejemplo útiles para unificar información siguiendo diferentes criterios.

Exemples

Para unir los valores de la columna B cuando en la columna A aparece el texto "Submitted Data",:

=UNIRCADENAS(";" ; VERDADERO ; FILTRAR(B1:B100 ; ESNUMERO(HALLAR("Submitted Data" ; A1:A100))))

 

Para unir los valores de la columna B cuando en la columna A aparece el texto "Submitted Data" y en la columna D aparece "1-ESP",

=UNIRCADENAS(";" ; VERDADERO ; FILTRAR(B1:B100 ;(A1:A100="Submitted Data")*(D1:D100="1-ESP")))

 

Para unir los valores de la columna B cuando en la columna A NO aparezca el texto "Submitted Data"

=UNIRCADENAS(";" ; VERDADERO ; FILTRAR(B1:B100 ; A1:A100<>"Submitted Data"))

  

Para unir los valores de la columna B cuando en la columna A NO aparezca el texto "Submitted Data" y en la columna D aparezca "1-ESP"

=UNIRCADENAS(";" ; VERDADERO ; FILTRAR(B2:B1500 ;(A2:A1500<>"Submitted Data")*(D2:D1500="1-ESP")))

by GoN | Published: Oct 2025 | Last Updated:

Mobile Security. Business manager. Justify changing your phone.

Recommendation for replacing the cell phone of a senior official in the company.

In companies, especially large ones, very few people have access to privileged information. Occasionally, security breaches or important data leaks occur, the source of which is impossible to trace.

Many of our executives not only manage business issues through their phones, but sometimes also participate in other forums as consultants, managers, politicians, etc.

In these cases, the cell phones they use are not just personal tools, but strategic resources for operational continuity and ensuring functional availability in crisis scenarios.

The mobile devices of senior executives are prime targets for malicious actors. Regularly updating them allows us to eliminate potential malware persistence that goes undetected with conventional antivirus, prevent hardware vulnerabilities (such as compromised chips or outdated firmware) from remaining in use, and ensure that devices are free of physical or logical backdoors that could have been introduced during international travel, Wi-Fi access (especially uncontrolled ones), or in uncontrolled environments. In short, it's about eliminating accumulated attack vectors.

Newer mobile models incorporate more secure processors, with dedicated security enclaves, and better support for encryption, advanced biometrics, and multi-factor authentication. In regulated environments (ISO 27001, ENS, GDPR, etc.), this practice can be considered a proactive measure for protecting personal and corporate data.

The cost of a security incident on an executive mobile phone can be exponentially higher (data breach, blackmail, loss of reputation) than replacing the device.

In some companies, whether to use the latest model or as a precaution, this practice is done sporadically.

 

by GoN | Published: Oct 2025 | Last Updated:

WINDOWS. Security. Purple Knight Audit Report

Purpose

Perform a light audit of the AD and obtain a health score

Steps

Install Purple Knight: https://www.semperis.com/purple-knight/ 

by GoN | Published: Oct 2025 | Last Updated:

WINDOWS. PS. SECURITY. Users do not require pre-authentication

Purpose

Here's a PowerShell script that will allow you to get the list of users who do not require pre-authentication in your environment.

Steps

# Importar el módulo de Active Directory

Import-Module ActiveDirectory

# Obtener todos los usuarios que no requieren autenticación previa

$usuariosSinAutenticacionPrevia = Get-ADUser -Filter {UserAccountControl -band 0x20000} -Properties DisplayName, UserPrincipalName

# Mostrar la lista de usuarios

$usuariosSinAutenticacionPrevia | Select-Object DisplayName, UserPrincipalName | Format-Table -AutoSize

by GoN | Published: Jun 2025 | Last Updated:

WINDOWS. PS. SECURITY. SPN. Service Principal Name

Purpose

PowerShell script that will allow you to verify if a SPN (Service Principal Name) exists in the domain that allows you to generate a TGS (Ticket Granting Service) ticket. This script searches Active Directory for registered SPNs and displays those that meet the criteria.

Steps

# Importar el módulo de Active Directory

Import-Module ActiveDirectory

# Definir el SPN que deseas buscar

$spn = "HTTP/*"

# Buscar cuentas de servicio con el SPN especificado

$cuentasConSPN = Get-ADObject -Filter {ServicePrincipalName -like $spn} -Properties ServicePrincipalName, Name

# Verificar si se encontraron cuentas con el SPN

if ($cuentasConSPN) {

    Write-Output "Se encontraron las siguientes cuentas con el SPN '$spn':"

    $cuentasConSPN | Select-Object Name, ServicePrincipalName | Format-Table -AutoSize

} else {

    Write-Output "No se encontraron cuentas con el SPN '$spn'."

}

By GoN | Published: Jun 2025 | Last Updated:

AD. Windows. Files

 Purpose

Search my shared resources for the words "contraseña|password|contrasenya" and report it to me in a file.

I'm looking for words to ask the user to save their passwords in a secure place like Keepass.

Steps

# Función para obtener el propietario de un archivo o carpeta
function Get-Owner {
    param (
        [string]$Path
    )
    $acl = Get-Acl -Path $Path
    $owner = $acl.Owner
    return $owner
}
# Función para obtener los permisos de escritura de un archivo o carpeta
function Get-WritePermissions {
    param (
        [string]$Path
    )
    $acl = Get-Acl -Path $Path
    $permissions = @()
    foreach ($access in $acl.Access) {
        if ($access.FileSystemRights -match "Write") {
            $permissions += $access.IdentityReference
        }
    }
    return $permissions -join ", "
}
# Crear el archivo CSV y añadir encabezados
$csvPath = "resultado.csv"
"Nombre,RutaCompleta,RutaRelativa,Propietario,PermisosDeEscritura" | Out-File -FilePath $csvPath -Encoding UTF8
# Función para recorrer la estructura de directorios de una ruta de red
function Search-Path {
    param (
        [string]$NetworkPath
    )
    Get-ChildItem -Path $NetworkPath -Recurse | ForEach-Object {
        if ($_ -match "contraseña|password|contrasenya") {
            $owner = Get-Owner -Path $_.FullName
            $writePermissions = Get-WritePermissions -Path $_.FullName
            $relativePath = $_.FullName.Substring($NetworkPath.Length)  # Obtener la ruta relativa
            $result = "$($_.Name),$($_.FullName),$relativePath,$owner,$writePermissions"
            $result | Out-File -FilePath $csvPath -Append -Encoding UTF8
        }
    }
}
# Recorrer las rutas de red
Search-Path -NetworkPath "\\server1\d$"
Search-Path -NetworkPath "\\server2\r$"
Search-Path -NetworkPath "\\server4\r$"
Write-Host "El archivo resultado.csv ha sido creado con éxito."

 By GoN | Published: Jun 2025 | Last Updated:

ISC2 International Information System Security Certification. Cetified in Cybersecurity

    Adding a new certification to my CV 

by GoN | Published: Jun 2025 | Last Updated:

ADVANCED CYBERSECURITY IN OPERATIONAL TECHNOLOGY ENVIRONMENTS

   Adding a new certification to my CV 

by GoN | Published: May 2025 | Last Updated:

WINDOWS. Host. Performance report

 Purpose

Use a command to get a detailed performance report for a host

Steps

Command: perfmon /report

Command: Some screenshots:

By GoN | Published: Mar 2025 | Last Updated:

WINDOWS. AD. OSINT. Locate privileged users

Purpose

Locate and discover privileged user in Active Directory. Locate privileged users in the AD, either by direct association or by nesting to a group with special privileges.

Steps

[*] AD users have a property that is set to one if you have direct nested privileges in any AD group.

COMMAND: Get-ADUser administrador -properties *

[*] List All users

Command: Get-ADUser -Filter {AdminCount -eq 1} - | Select-Object Name, SamAccountName

[*]  View user information

We already have a way to attack a network and try to make lateral movement.

By GoN | Published: Feb 2025 | Last Updated:

WINDOWS. PS. Users list

 Purpose

List AD users with the most important properties and then work with them in Excel.

Steps

Run te script: 

# Importar el módulo de Active Directory

Import-Module ActiveDirectory

 # Obtener todos los usuarios y seleccionar los campos deseados

Get-ADUser -Filter * -Property SamAccountName, DisplayName, CN, Enabled, LockedOut, AccountExpirationDate, EmailAddress, WhenCreated, LastLogonDate, PasswordLastSet, LogonWorkstations, PasswordNeverExpires, PasswordNotRequired, DistinguishedName, Description |

Select-Object SamAccountName,

              DisplayName,

              CN,

              Enabled,

              LockedOut,

              AccountExpirationDate,

              EmailAddress,

              WhenCreated,

              LastLogonDate,

              PasswordLastSet,

              LogonWorkstations,

              @{Name="La cuenta expira";Expression={$_.AccountExpirationDate}},

              @{Name="la contraseña nunca expira";Expression={$_.PasswordNeverExpires}},

              @{Name="no requiere contraseña";Expression={$_.PasswordNotRequired}},

              DistinguishedName,

              Description |

Export-Csv -Path "C:\tmp\Usuarios30012025.csv" -NoTypeInformation -Encoding UTF8 -Delimiter "#"

We will be left with an output like this 

By GoN | Published: Jan 2025 | Last Updated:

WINDOWS. GPO. Block executables

Purpose

The purpose of this post is to block an executable on a network of PCs.

Steps

Here are the steps to block the VNC.exe program (or any executable) on all domain PCs, even if you don’t know its location:

• Open the Group Policy Management Editor: 
• On the server, open “Server Manager” and select “Tools” > “Group Policy Management”.

• Create a new GPO:

• Right-click on the domain or the organizational unit (OU) where you want to apply the policy and select “Create a GPO in this domain, and Link it here”.
• Name the new GPO, for example, “Block VNC.exe”.

• Configure the GPO:

• Right-click on the new GPO and select “Edit”.
• Navigate to “Computer Configuration” > “Policies” > “Windows Settings” > “Security Settings” > “Software Restriction Policies”.
• Right-click on “Software Restriction Policies” and select “Create New Policies”.

• Add a path-based restriction rule:
• Under “Additional Rules”, right-click and select “New Path Rule”.
• In the path field, enter *\\pp.exe to block any file named vnc.exe regardless of its location.
• Set the rule to “Disallowed”.

• Apply the GPO:
• Close the Group Policy Management Editor.
• In the “Group Policy Management” console, ensure the GPO is linked to the correct domain or OU.

• Update policies on domain PCs:
• On each domain PC, open a command prompt and run gpupdate /force to apply the new policies immediately.

These steps should help you block the vnc.exe program on all domain PCs, regardless of its folder location. 

You only have to modify what is in yellow, the rest of the GPO content will be added by itself.

As a point of improvement, in case someone renames the executable would be to set it by HASH

By GoN | Published: Jan 2025 | Last Updated: