Monday, August 14, 2017

Current Branch for Business setting within Windows 10 Professional

The Current Branch for Business was released around four months after the Current Branch in the past, though this appears to be changing within the Fall Creator update time period.  The CBB was originally designed to give organizations time to test the new version.  To configure Windows 10 Professional to use this parameter, launch gpedit.msc with local administrative authority and navigate to Computer Configuration –> Administrative Templates –> Windows Components –> Windows Update –> Defer Windows Updates.  Modify the “Select with Feature Updates are received” entry and set it to Enabled.  Use the drop-down dialog box to select “Current Branch for Business” and enter a day value such as 90 days.

image

Another option at the same path is “Select when Quality Updates are received.”

image

This will delay the installation of monthly updates for the number of days that are specified.  When checking the Update section under Settings, a notification warning will appear stating some settings are hidden or managed.

image

Tuesday, August 1, 2017

CyberChef

CyberChef is an online utility with a large number of available parameters.  Examples would be to convert data formats such as to and from Hex, to and from Binary, etc.  A portable version can be downloaded as well.

https://gchq.github.io/CyberChef/

image

PowerShell Group-Object

The Group-Object cmdlet within PowerShell is similar to the GROUP BY command within a normal SQL statement.  Below are a few examples of using the cmdlet to obtain count totals.

image

image

NoMoreRansom.org

The web site for NoMoreRansom allows an individual to upload a sample file encrypted by a ransomware varient to determine if a solution is available for decrypting.

https://www.nomoreransom.org/

SessionGopher

SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop.

SessionGopher works by querying the HKEY_USERS hive for all users who have logged onto a domain-joined box at some point. It extracts PuTTY, WinSCP, SuperPuTTY, FileZilla, and RDP saved session information. It automatically extracts and decrypts WinSCP, FileZilla, and SuperPuTTY saved passwords.

https://github.com/fireeye/SessionGopher

Stitch

Stitch is a cross-platform Python Remote Administration Tool. This framework allows you to build custom payloads for Windows, Mac OSX and Linux.

https://github.com/nathanlopez/Stitch

VMware Technical Papers web site

The URL below is the main page for the Technical Papers resource on the VMware web site.

http://www.vmware.com/techpapers.html#/?client=tech_paper&num=25&filter=0&site=tech_paper&ie=UTF-8&oe=UTF-8&getfields=*&partialfields=(default:default)&requiredfields=&entqr=0&start=0&sort=meta:revisionDate:D&tlen=200&numgm=3&cn=vmware&cc=en&cid=&tid=&stype=main

Saturday, July 1, 2017

How to perform a full shutdown within Windows 10

By default, Windows 10 does not perform a full shutdown when the normal power menu option is used.  The Fast Startup Mode uses the hibernation file to restore a previously saved image of the Windows kernel and all necessary drivers for installed devices.

To modify the default, access Power Options and then select “Choose what the power buttons do.”  A shortcut without modifying the default is to hold the Shift key down when selecting the Shut Down menu option.

https://www.howtogeek.com/243901/the-pros-and-cons-of-windows-10s-fast-startup-mode/

windows10_disable_faststartup

Check a Chromebook’s Battery Health

To check a Chromebook’s battery health, access the Chrome shell via Control + Alt + T and use the command battery_test.

image

Another method is to use the URL of chrome://power.

image

whoer.net

Whoer.Net is a web site that displays information concerning your network address and web browser.

https://whoer.net/

image