New
#11
It seems that there is a malicious developer living around here. My Google Map location on my phone has been changing, and I feel like my router is being hacked. However, the Korean company KT does not pay much attention to router security and has forcibly blocked the ability to change DNS settings. Therefore, I have to use an unsecured DNS. Even though it seems like it is possible to change the DNS settings, in reality, it is forcibly blocked. I received a response from the customer center. Anyway, the attack has stopped for two days now since I posted this message.(This is a story about spoofing.)
Also, something else happened. I posted my used item for sale in the community yesterday, and my Chrome Map location suspiciously changed again. Anyway,(samsung smartphone) I did have a blue screen(PC) today, but there were no other issues.
I added advanced auditing, including login auditing. I also discontinued an unused corporate mobile communication service because there was suspicious access on the mobile side.
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc" /v "DelayedAutoStart" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc" /v "Start" /t REG_DWORD /d 4 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc" /v "DelayedAutoStart" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc" /v "Start" /t REG_DWORD /d 4 /f
error (Sync account settings error when disabled) 2 must be enabled.
REM REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDPUserSvc" /v "Start" /t REG_DWORD /d 4 /f
(I didn't need this service because I'm a home, not a company. There was a log related to this...
It was very difficult to find this.)
MDM service not used and not installed
And mount.. power related services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
auditpol /set /subcategory:"{0CCE9215-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE9216-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE9217-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE921B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE921C-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE9243-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
auditpol /set /subcategory:"{0CCE9220-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
(This is the content added for advanced auditing related to login)
I don't speak English, so I'm using Google Translate, so please understand.
Google Translate does not understand Korean well.
Thanks to everyone who took an interest in my question paper.
:)
Last edited by krdondon; 01 Apr 2023 at 13:40.