Send from Office 365 Shared Mailbox with Thunderbird

We have a client that wanted to authenticate with SMTP to send out from a shared mailbox. noreply was the name of the shared mailbox. Below is the configuration. User has to have full access and send-as permissions for the mailbox. Hopefully this helps someone trying to accomplish the same thing.

Exchange Configuration:
PASSWORD: password


Settings for IMAP Configuration:
EMAIL ADDRESS: (shared mailbox)
SMTP SERVER: (port 587)
USERNAME:\noreply (user\shared mailbox alias)
PASSWORD: password (user’s password)
USERNAME: (users email)
PASSWORD: password (user’s password)

Source for information

Posted in Uncategorized

PDF Attachments Phishing Attacks

Recently we’ve seen an influx in spam emails containing PDF documents. The PDFs contain a link, which when clicked  takes the victim to a website prompting them for usernames and passwords. By entering the username and password, the victim is giving the thieves their email password – compromising the account. This type of attack is called phishing.

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

What Can Be Done?

Please be on guard for emails with PDF attachments, especially those from unknown senders. Even if the email comes from a trusted sender, that person’s account may be compromised. Above are some common templates for gathering credentials.

Additionally, some email systems (Office 365, G Suite) can be configured to warn users whenever a PDF attachment with a link is included in an email, as seen in the Office 365 rule below.




Posted in security

Tracking Down Repeat Failed Login Attempts to Domain Controller

One of our clients kept getting repeat failed login attempts on their domain controller. Usually this is an issue with a port being open on the firewall and brute-force attacks being run to guess the password, but ports were closed on the firewall and it didn’t look like a dictionary attack. Instead, it looked like something was running every 2 minutes, attempting to use the guest account.

The first thing we did was filter the security log in the Event Log by keyword: Audit Failure. This allowed us to see how often all the audit failures were. Conveniently, they were about every 2 minutes. (Convenient because we have a few chances to catch the culprit!) We could see that the source port was changing every time, adding complexity to the issue.

The audit log provided the IP address of the workstation as well as the username that was trying to authenticate.

We were interested in what the hostname was of the workstation, so we ran ping -a and got the hostname. Now we know the PCs name and the account that is failing authentication. We have found the offender!

We used our remote support tools to connect to the PC, then wrote a script to monitor the port traffic. This script is just an infinite loop, dumping out the output of netstat -ano.

netstat -ano >> ports.txt
goto loop

We saved this as monitor.bat and ran on the offending machine. Then we went to the domain controller and watched for the event to happen. Once we had the Source Port from the new event, we went back to the offending machine, pressed Ctrl+C, terminated the script, and opened the ports.txt file. We were able to search the text file for the Source Port and get the Process ID of the offending process.

With this information, we were able to open a command prompt and find the offending process.

tasklist /v | findstr /i "54042"

From there we were able to make changes to the process to allow it to authenticate correctly, if necessary, or remove the process if not necessary.

Posted in troubleshooting

Guide Realty Mixer at Lexington Beerworks

Last night we went to a Guide Realty mixer hosted by Raquel Carter. Special thanks to Lexington Beerworks for hosting the event!

Posted in Uncategorized

Fix Random Black Box Popping Up And Disappearing In Windows

Some of our clients are having issues with a random or intermittent black box popping up while they are working (starting around June 2017). This is an issue with Microsoft Office and can be resolved by doing the following.

  1. Click Start
  2. Start typing task scheduler
  3. Drill down to Task Scheduler Library – Microsoft – Office
  4.  If available, right click on OfficeBackgroundTaskHandlerRegistration and click Disable
  5. If available, right click on OfficeBackgroundTaskHandlerLogon and click Disable
  6. Close out of Task Scheduler

If neither of those options are available you likely have a different issue.



Posted in fixes

How to Tell Which Version of Windows You Are Running

There are many different versions of Windows that your PC may be running. This is a short guide to determining which version you are using.

Windows 10

Windows 10 has a start menu with tiles in it, and black task bar.


Windows 8

Windows 8 has a hidden start button. When clicked it opens tiles.

Windows 7

Windows 7 has a start orb and a blue taskbar. The start menu also has a search box in it.

Windows Vista

Windows Vista has a start orb and a black task bar.

Windows XP

Windows XP has a green start button and blue task bar.

Posted in Uncategorized