<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Tony's Tech Notes</title><link>https://tonymerisan.com/</link><description>Recent content on Tony's Tech Notes</description><generator>Hugo</generator><language>es-es</language><lastBuildDate>Wed, 15 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://tonymerisan.com/index.xml" rel="self" type="application/rss+xml"/><item><title>AnyDesk Abused for Ransomware Persistence — Detection &amp; Mitigation</title><link>https://tonymerisan.com/posts/kb-008-anydesk-ransomware-persistence-detection-mitigation/</link><pubDate>Wed, 15 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-008-anydesk-ransomware-persistence-detection-mitigation/</guid><description>32 ransomware groups use AnyDesk for persistence via a single CLI command. Here&amp;#39;s how the attack works, how to detect it, and how to block it for free via Intune.</description></item><item><title>Microsoft Entra: Passkeys by Default &amp; SMS/Voice Retirement — Admin Advisory</title><link>https://tonymerisan.com/posts/kb-007-entra-passkeys-default-sms-voice-retirement/</link><pubDate>Wed, 15 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-007-entra-passkeys-default-sms-voice-retirement/</guid><description>Microsoft Entra is making passkeys the default authentication method and retiring Microsoft-provided SMS and voice MFA. Here&amp;#39;s what it is, why it&amp;#39;s happening, and what admins need to do before February 1, 2027.</description></item><item><title>Stale Accounts and Old Passwords in Active Directory - Audit and Remediation</title><link>https://tonymerisan.com/posts/kb-009-ad-stale-accounts-old-passwords-audit/</link><pubDate>Wed, 15 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-009-ad-stale-accounts-old-passwords-audit/</guid><description>Enabled accounts with passwords unchanged for years are one of the most common and exploited weaknesses in Active Directory. Here&amp;#39;s how to find them and what to do about it.</description></item><item><title>CVE-2026-26128 — Kerberos Reflection Bypass: Detection &amp; Mitigation</title><link>https://tonymerisan.com/posts/kb-006-cve-2026-26128-kerberos-reflection-bypass/</link><pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-006-cve-2026-26128-kerberos-reflection-bypass/</guid><description>CVE-2026-26128 is a Kerberos authentication reflection bypass discovered by Synacktiv that yields SYSTEM on most Windows builds. Patched in March 2026 Patch Tuesday.</description></item><item><title>NTLM Coercion in Active Directory — Detection &amp; Mitigation</title><link>https://tonymerisan.com/posts/kb-005-ntlm-coercion-detection-mitigation/</link><pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-005-ntlm-coercion-detection-mitigation/</guid><description>What NTLM coercion is, what changed in Windows Server 2025, and how to detect and mitigate the risk in Active Directory environments.</description></item><item><title>Onelogon — Netlogon Vulnerable Channel Bypass</title><link>https://tonymerisan.com/posts/kb-004-onelogon-netlogon-vulnerable-channel-bypass/</link><pubDate>Sat, 04 Jul 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-004-onelogon-netlogon-vulnerable-channel-bypass/</guid><description>Vulnerability Overview, Exploitation Path &amp;amp; Remediation Guidance — Bypass del parche Zerologon via excepciones de compatibilidad legacy.</description></item><item><title>VPN FortiClient no conecta — Troubleshooting</title><link>https://tonymerisan.com/posts/kb-003-forticlient-vpn-no-conecta/</link><pubDate>Sun, 17 May 2026 00:00:00 +0000</pubDate><guid>https://tonymerisan.com/posts/kb-003-forticlient-vpn-no-conecta/</guid><description>KB #3 · Síntoma, causas y resolución paso a paso</description></item></channel></rss>