Friday, September 1, 2017

Disable PowerShell version 2

Future versions of Windows 10 (such as the Fall Creator Edition) are scheduled to deprecate PowerShell version 2.  If you wish to disable version 2 manually, use the following command within an elevated PowerShell session.

Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2

image

Additional details can be found at https://www.petri.com/microsoft-deprecate-powershell-2-0-windows-10-fall-creators-update and https://blogs.msdn.microsoft.com/powershell/2017/08/24/windows-powershell-2-0-deprecation/

How to disable Flash support within Chrome

To disable Flash support within Chrome, enter chrome://settings/content within the URL window.  Find the “Flash” section within the list.

image

The current default is “Ask first.”  Slide the menu option to disable support.

image

List installed updates via PowerShell

To view installed updates, use the PowerShell commands below.

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a title

image

To view only one particular patch:

$Searcher.Search("IsInstalled=1").Updates | Where {$_.Title -like "*KB4025342*”} | ft title

image

FAT32 Format

FAT32 Format is an utility to format large USB drives with the FAT32 file system.

http://www.ridgecrop.demon.co.uk/index.htm?guiformat.htm

Kolab

Kolab is an open-source scalable and secure collaboration platform that provides shared email, calendaring, notes, and tasks.  This application could be considered a replacement for Microsoft Exchange.

https://www.kolab.org/

DRS Lens

DRS Lens provides an interface to highlight the value proposition of vSphere DRS.  DRS Lens provides different dashboards in the form of tabs for each cluster being monitored:

  • Cluster Balance
  • VM Happiness
  • vMotions
  • Operations

https://labs.vmware.com/flings/drs-lens

T50

T50 is a high performance mixed packet injector tool designed to perform stress testing. 

T50 is capable of sending sequentially the following fourteen protocols:

  1. ICMP – Internet Control Message Protocol
  2. IGMPv1 – Internet Group Management Protocol v1
  3. IGMPv3 – Internet Group Management Protocol v3
  4. TCP – Transmission Control Protocol
  5. EGP – Exterior Gateway Protocol
  6. UDP – User Datagram Protocol
  7. RIPv1 – Routing Information Protocol v1
  8. RIPv2 – Routing Information Protocol v2
  9. DCCP – Datagram Congestion Control Protocol
  10. RSVP – Resource ReSerVation Protocol
  11. GRE – Generic Routing Encapsulation
  12. IPSec – Internet Protocol Security (AH/ESP)
  13. EIGRP – Enhanced Interior Gateway Routing Protocol
  14. OSPF – Open Shortest Path First

https://github.com/fredericopissarra/t50

SOF-ELK

SOF-ELK (Security Operations and Forensics Elasticsearch, Logstash, Kibana) is a pre-configured virtual machine to be used within one of SANS’s forensics classes.

https://github.com/philhagen/sof-elk

https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/

Hindsight

Hindsight is a history forensics utility for Google Chrome/Chromium.  Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.

https://github.com/obsidianforensics/hindsight

Monday, August 14, 2017

Current Branch for Business setting within Windows 10 Professional

The Current Branch for Business was released around four months after the Current Branch in the past, though this appears to be changing within the Fall Creator update time period.  The CBB was originally designed to give organizations time to test the new version.  To configure Windows 10 Professional to use this parameter, launch gpedit.msc with local administrative authority and navigate to Computer Configuration –> Administrative Templates –> Windows Components –> Windows Update –> Defer Windows Updates.  Modify the “Select with Feature Updates are received” entry and set it to Enabled.  Use the drop-down dialog box to select “Current Branch for Business” and enter a day value such as 90 days.

image

Another option at the same path is “Select when Quality Updates are received.”

image

This will delay the installation of monthly updates for the number of days that are specified.  When checking the Update section under Settings, a notification warning will appear stating some settings are hidden or managed.

image