Monday, January 1, 2018

Set Up Automatic Restore Points within Windows 10

To set up automatic restore points within Windows 10, search with the text of “system restore.”  Click on the Configure button and verify that the feature is enabled.



With Windows 10 Pro, launch the local Group Policy editor (gpedit.msc) and access the following path:

Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus –> Scan

Enable the “Create a system restore point” option.



ASLR Registry setting with Windows

Windows 8 and later has a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy.

To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or later machine, the following registry value should be imported:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]


osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.


Rescatux is a Debian-based GNU/Linux live distribution that includes a graphical wizard for rescuing broken GNU/Linux installations. The available rescue options include restoring the GRUB bootloader after a Windows installation, Linux and Windows password resets, and Linux file system checks.

Detection Lab

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint security tooling and logging best practices.

Datally for Android

Datally is an application for Android from Google.  It’s a mobile data manager that will help you monitor, save, and gain control of your data.

Secure Score with Office 365

Office 365 Secure Score is a tool for analyzing and implementing security best practices in your Office 365 tenant.

Handoff option within iOS

Handoff is a feature to move tasks and data seamlessly from one device to another with iOS and Macs.  Handoff lets you start writing an email on your iPhone and pass it to your Mac for completion and sending.  To disable the feature, access Settings –> General –> Handoff.


Friday, December 1, 2017

OpenVAS configuration

OpenVAS is an open-source security scanner.  The instructions below are concerning how to configure the application within Kali Linux.

The following commands are used once Kali Linux is installed and updated.

apt-get install openvas




Once the initial configuration is completed, a default initial password should be displayed.  Start the required services and log in via the web interface to set a new password value under Administration -> Users.  The default user name is admin.

Log into the web interface of the OpenVAS service and use the Feed Status menu option under Extras tab to verify the local databases are current.
To update the NVT feed via a terminal session, use the command greenbone-nvt-sync.  The commands to update the other databases would be greenbone-scapdata-sync and greenbone-certdata-sync.


View local root certificates within Windows using PowerShell

The local root certificate entries can be viewed within Windows using PowerShell.

ls CERT:\CurrentUser\AuthRoot


$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("root","LocalMachine")
$store.certificates | select ThumbPrint,FriendlyName,NotAfter


A script is available at to compare hashes to a previous dump.