Friday, February 9, 2018

Windows command line tricks

The command “title” can add some text to the command prompt.  For example, “title ADMIN” adds ADMIN to the text of the window.

image

To add a command line shortcut that remains visible, add a /k switch.  For example, “cmd.exe /k ipconfig.exe” will display information and remain on the screen.

image

image

The F7 key displays a list of previous commands.

image

The command “start.” will launch Windows Explorer at the current path.

image

Data can be piped to the clipboard by using “| clip”.  For example, “ipconfig | clip” will copy data to the Windows Clipboard.

image

To view all available Control Panel and Management Console shortcuts, use the command “dir *.cpl & dir *.msc” under Windows\System32.

image

Additional shortcuts can be found using the command “dir SystemProperties*”.

image

Chrome Connectivity Diagnostics

Chrome Connectivity Diagnostics is an extension that performs several network-based tests.  The tool tests a computer's network connection for common issues, port blocking, and network latency by establishing connections to network and Internet services via UDP, TCP, HTTP and HTTPS.

https://chrome.google.com/webstore/detail/chrome-connectivity-diagn/eemlkeanncmjljgehlbplemhmdmalhdc

image

BGPMON

BGPMON is a web site that offers details on global Internet routing.

https://bgpmon.net/

Battery slider with Fall Creators version of Windows 10

With the Windows 10 Fall Creators Update, a new Performance/Power slider lets you set the right balance between battery-life longevity and system performance and responsiveness.  Click on the battery icon in the taskbar and use the slider to choose performance vs. battery balance.

image

Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

https://github.com/SpiderLabs/Responder

SPF Policy Tester

The link below offers a free SPF Policy tester.

https://vamsoft.com/support/tools/spf-policy-tester

PSSysmonTools

PSSysmonTools are some PowerShell tools for Sysmon.

https://github.com/mattifestation/PSSysmonTools

PowerShell NetEventPacketCapture

PowerShell has an option available to capture network traffic.  To view the list of available provider parameters, use the following command:

logman query providers

image

The Select-String cmdlet can be used to search within the list.

logman query providers | select-string smb

image

https://blogs.technet.microsoft.com/networking/2017/12/12/wnv-deep-dive-part-3-capturing-and-reading-virtualized-network-traffic/

https://docs.microsoft.com/en-us/powershell/module/neteventpacketcapture/?view=win10-ps

https://4sysops.com/archives/capture-network-traces-with-the-powershell-module-neteventpacketcapture/

https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/12/packet-sniffing-with-powershell-getting-started/

Monday, January 1, 2018

Set Up Automatic Restore Points within Windows 10

To set up automatic restore points within Windows 10, search with the text of “system restore.”  Click on the Configure button and verify that the feature is enabled.

image

image

With Windows 10 Pro, launch the local Group Policy editor (gpedit.msc) and access the following path:

Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus –> Scan

Enable the “Create a system restore point” option.

image

image

http://www.itprotoday.com/windows-10/how-set-automatic-restore-points-windows-10

ASLR Registry setting with Windows

Windows 8 and later has a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy.

To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or later machine, the following registry value should be imported:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/

http://www.kb.cert.org/vuls/id/817544