The remediation of CVE-2023-24932, discovered in May 2023, is taking longer than Microsoft's initial timeline. This flaw allows attackers to bypass Secure Boot and disable security features like BitLocker. The April 2024 update introduces a new fix that admins should thoroughly test because it has significant ramifications and will be automatically activated in October.

Ansible Vault allows you to encrypt sensitive data such as passwords, keys, and other secrets rather than storing them as plaintext in your playbooks or roles. In this tutorial, I will explain how to use Ansible Vault to encrypt and decrypt data during playbook runtime.

Adding a PIN to a TPM protector helps safeguard BitLocker against known attacks. However, this additional security comes with a trade-off. It reduces the user's convenience, and they risk forgetting the PIN and consequently locking themselves out. In such cases, only the recovery key can unlock the drive.

OpenSSL is an open-source library and a command-line tool that helps admins and developers perform various cryptographic tasks, such as generating key pairs, certificate signing requests (CSR), verifying certificates, encrypting and decrypting data, identifying certificate information, verifying file integrity and much more. In this post, you will learn how to convert TLS certificates into different formats with OpenSSL.

SigCheck, part of the SysInternals suite, is a command-line utility offering security features such as verifying the digital file signature and calculating file hashes using multiple hashing algorithms.

The previous article discussed installing an ACME-compatible certificate authority server. This post explains how to install step-cli (ACME client) on a client system to install the new certificate authority (CA), make it trusted, and request a TLS certificate.

Step-ca is a Certificate Authority (CA) management tool for Windows, Linux, and macOS designed to simplify the process of creation, management, and revocation of certificates for use with TLS, mutual TLS (mTLS) authentication, document signing, and other X.509 authentication as well as SSH keys through a variety of provisioners.