Friday, May 24, 2024

Remediate ICMP Timestamp Request Remote Date Disclosure

If your security team is sending you vulnerabilities about ICMP Timestamp Request Remote Date Disclosure, they might look like "Filter out the ICMP timestamp requests (13) and the outgoing ICMP timestamp replies (14)." Then the solution is to either create a GPO to manage a couple of firewall rules or create them locally.  Below is a quick script to create them locally:

$fwICMP13 = @{
    DisplayName = "Disable inbound ICMP timestamp requests"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 13
    Action = "Block"
}
$fwICMP14 = @{
    DisplayName = "Disable outbound ICMP timestamp replies"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 14
    Action = "Block"
}
 
New-NetFirewallRule @fwICMP13
New-NetFirewallRule @fwICMP14


Enjoy! 

Friday, May 17, 2024

Intune - Useful Entra-AD (Azure AD) Group Dynamic Queries

 Intune - Software Updates Deployment Ring 2
A random selection of aproximately 10% of the Windows devices in the environment

(device.deviceManagementAppId -eq "0000000a-0000-0000-c000-000000000000") and (device.deviceTrustType -eq "ServerAD") and (device.deviceOwnership -contains "Company") and (device.deviceOSType -eq "Windows") and (device.objectId -match ".{32}(2|3|b).{3}")

Intune - All Corporately Owned Windows Devices
All Windows devices that are joined to either Entra-AD or On-Prem AD and are corporately owned

(device.deviceOSType -eq "Windows") and ((device.deviceTrustType -eq "ServerAd") or (device.deviceTrustType -eq "AzureAd")) and (device.deviceOwnership -eq "Company")

-