The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that the Department of Defense (DoD) now imposes on external contractors and suppliers.

This is my interpretation but basically the government is tired of getting hacked through their supply chain and they've come up with a laundry list of security requirements to help reduce such attacks.

I kept seeing this error in the SIEM and it was bugging me because I couldn't identify the source.  At first glance, I thought it was an attacker because that's just how my mind works but given that this bad password was hitting the logs every 30 minutes, I was thinking that it was the slowest brute force attack... ever.  And it was literally every 30 minutes.  A quick Google search uncovered this free tool which made it super easy to get to the source. 

This comes from PayloadAllTheThings on github and it's somewhat obsolete in that it does not seem to work on Windows 10.  That being said, older systems are still vulnerable to this attack and it's pretty amazing.  The situation is this -- you find an open and writable file share.  Our preference is that it's a server share but it can be any share or any folder even.  If it's a server share, it's going to rain hashes. 

We're going to open Notepad and we'll insert the following: