Maltego is an open source intelligence and forensics application. It will offer mining and gathering of information as well as the representation of this information in a easy to understand format.
Saturday, October 2, 2010
Below are some resources for the UNIX/Linux command line.
To determine the priority of available network interfaces within Windows, launch a command prompt and use the following command:
Near the top of the information will be a list of all of the network interfaces and a priority number in a column to the left. The loopback entry will normally be the lowest.
If you wish to change the priority list, access the TCP/IP properties for the interface in question and remove the default checkbox for “Automatic metric” and manually enter a value. A value higher than 1 is probably preferred as not to interfere with the loopback address entry.
Windows 7 is supposed to automatically detect a SSD hard drive and enable the TRIM function by default. To verify this setting, launch a command prompt with local administrative authority and type:
fsutil behavior query DisableDeleteNotify
Two results are possible:
0 –> This indicates that TRIM is enabled and working.
1 –> This means that TRIM is not enabled.
Friday, October 1, 2010
EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products.
ADRecycleBin (Active Directory Recycle Bin) allows administrators to quickly restore deleted Active Directory objects via an easy to use GUI. The tool supports Windows 2008 R2 Active Directory Recycle Bin technology, supports Object reanimation in earlier versions of Active Directory, the review of deleted object, and allows you to restore multiple objects at the same time.
VMWare Converter is a free solution to convert a physical OS to a virtual machine. The application can currently be found at http://www.vmware.com/products/converter/. Once the program has been installed on the target machine in question, launch the application and click on the Convert Machine button.
A wizard starts asking the source of the process.
The next screen asks about the destination type and what VMWare product will be used. The location of the output must have enough free disk space available. This example is creating a virtual entry to be used with the VMWare Player and using a network drive for the destination area.
The third screen will display the various options available. Any entry with a warning must be addressed. In the example below, the number of processor’s by default is incorrect.
If you click on the warning, a description will appear near the top of the screen. An option is also available to install VMWare Tools within the output.
The warning above is concerning the requirement of Sysprep files for the target operating system in question. A KB article concerning the locations of the Sysprep downloads for older Windows versions can be found at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005593.
Once the files are downloaded, the /x flag must be used to extract the files from the executable.
The Expand command can be used to extract the .cab file into individual files.
The files can then be copied to the path requested by the Converter application.
Once all of the warning notifications are addressed, the final screen of the wizard will display a summary of the upcoming process.
Once started, the main dialog box will display a status of the conversion process.
A KB web page with troubleshooting tips can be found at http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1004588&sliceId=1&docTypeID=DT_KB_1_1&dialogID=110502783&stateId=0%200%20115438180.