To display the menu options with all applications within Ubuntu version 16.04, access Settings –> Appearance –> Behavior, and set the Menus visibility parameter to “Always displayed”.
Friday, December 2, 2016
To move the Unity Launcher from the default location on the left of the screen to the bottom, use the following terminal command:
gsettings set com.canonical.Unity.Launcher launcher-position Bottom
To install proprietary drivers within Ubuntu, one method is to use the following command:
This utility should automatically scan for hardware devices that are in need of proprietary drivers.
To install the drivers, use the command:
VMFleet is a set of scripts that uses DISKSPD workloads inside multiple Windows Server 2016 Storage Spaces Direct hyper-converged guests. You can control the behaviors, quantities, IO patterns, etc. of all the VMs through a master control script.
Thycotic Secret Server is an enterprise password management solution.
Acrylic DNS Proxy is a local DNS proxy for Windows which improves the performance of your computer by caching the responses coming from your DNS servers and helps you fight unwanted ads through a custom HOSTS file (optimized for handling hundreds of thousands of domain names) with support for wildcards and regular expressions. A portable version is available.
Tuesday, November 1, 2016
MBRFilter is an utility for 32 or 64-bit Windows computers that attempts to prevent rootkits.
DRS Doctor is a command line tool that can be used to diagnose DRS behavior in VMware vCenter clusters. When run against a DRS enabled cluster, it records information regarding the state of the cluster, the work load distribution, DRS moves, etc., in an easy to read log format.
The Google Nik Collection offers several high-quality photo retouching/editing filter profiles for use in Photoshop or Paint.NET. Below are links to the Collection and how to use the filters within Paint.NET.
The NSX Visio Diagramming Tool is an utility to create documentation within an NSX environment.
The web site below offers links to several Microsoft-related cloud services such as Azure and Office365.
Saturday, October 1, 2016
To create a web app within ChromeOS from an existing web page, access the URL in question as normal. Click on the three button overflow menu selection –> More Tools –> Add to shelf.
A small dialog box should appear. You can rename the entry and also use the available option to open the shortcut within a new window.
A new shortcut icon should appear on the taskbar.
To remove the “Open as window” option, right-click on the taskbar icon and uncheck the menu selection.
MailSniper is a penetration testing tool, written in PowerShell, to allow for mass searching through email across every mailbox of an organization’s Microsoft Exchange environment.
The ETOpen Ruleset is an anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. To use this ruleset you need an IDS such as Snort or Suricata.
Microsoft has an Exchange Online mailbox recovery troubleshooter available at the link below.
The moreutils package is a set of utilities for Linux and FreeBSD. Some of the commands included are:
chronic: Runs a command quietly unless it fails.
combine: Combine the lines in two files using boolean operations.
errno: Look up errno names and descriptions.
ifdata: Get network interface information without parsing ifconfig output.
ifne: Run a program if the standard input is not empty.
isutf8: Check if a file or standard input is UTF-8.
lckdo: Execute a program with a lock held.
mispipe: Pipe two commands, returning the exit status of the first.
parallel: Run multiple jobs at once.
pee: tee standard input to pipes.
sponge: Soak up standard input and write to a file.
ts: Timestamp standard input.
vidir: Edit a directory in your text editor.
vipe: Insert a text editor into a pipe.
zrun: Automatically uncompress arguments to command.
More information can be found at the moreutils web site at https://joeyh.name/code/moreutils/.
The Azure AD Connect Configuration Documenter is a free utility to generate documentation of an Azure AD Connect installation based on an exported server configuration.
Media eXperience Analyzer (MXA) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback.
Thursday, September 1, 2016
A PowerShell script is available at the link below to check a Windows 10 or Server 2016-based computer for readiness for Device and Credential Guard. The script has the following options:
- Check if the device can run Device Guard or Credential Guard
- Check if the device is compatible with the Hardware Lab Kit tests that are ran by partners
- Enable and disable Device Guard or Credential Guard
- Check the status of Device Guard or Credential Guard on the device
- Integrate with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
- Use an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided
Process Hacker is an open-source process utility for Windows that is similar to the Sysinternals application Process Explorer. The utility can be found at:
To view the services “behind” a svchost.exe entry, hover the cursor over the entry and a small dialog box should appear.
The majority of the time, malware is not digitally signed. To view non-signed processes, first add the two columns by right-clicking on an existing column under the Processes tab and selecting the “Choose columns” option.
Select “Verification status” and “Verified signer”, and add both to the active columns list.
To view only non-signed processes, use the menu option View –> Hide signed processes.
An error dialog box may appear:
Under Options –> Advanced, enable the selection for “Check images for digital signatures and packing”. A restart of the application will probably be required.
A process entry can be submitted to VirusTotal by using the right-click –> Send to –> virustotal.com option.
To reclaim some disk space after the Windows 10 Anniversary update, access Settings, System, Storage and then This PC (C:). Scroll down to Temporary files and click on it.
Check the Previous version of Windows option and then click Remove Files.
Within the Windows 10 Anniversary edition, an option is available to reset all network settings. Windows will forget your Ethernet network including all Wi-Fi networks and passwords. Resetting will disable and then reinstall all network adapters and set other networking components back to their original settings.
To access this feature, access Settings and then Network and Internet.Click on the Status link in the left column and then on the Network reset link.
Another dialog box will appear confirming the action; use the Reset now button.
When a third party anti-virus/malware solution is installed with Windows 10, Windows Defender normally is disabled to avoid any conflicts. With the Anniversary Edition of Windows 10, a new option is available to allow Defender to perform a background scan.
To enable Limited Periodic Scanning, open Windows Settings and Update & Security. Access the Windows Defender section. If Windows Defender is currently the default security client, the following menu option will not be present.
A system tray notification will appear if the feature is enabled.
Additional details on this feature can be found at https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/
Within Windows 10 Anniversary edition, a dark app mode is available. To enable it, open Windows Settings and then select Personalization. Click on the Colors option within the left column and then change the app mode on the right to dark.
Monday, August 1, 2016
If a client is not reporting correctly to a WSUS service, a few scripts to reset Windows Update can be found at the links below.
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from various sources. Output options include .CSV and .HTM.
PowerActions integrates the vSphere Web Client and PowerCLI to provide complex automation solutions from within the standard vSphere management client. PowerActions is deployed as a plugin for the vSphere Web Client and will allow you to execute PowerCLI commands and scripts in a vSphere Web Client integrated Powershell console.
TraceTCP is a Windows-based version of the TCPTraceRoute application normally found within Linux distributions.
Friday, July 1, 2016
By default, Linux does not allow a program or script to launch unless it is marked with the permission to execute. To allow a script to run, use the command chmod u+x filename. The command chmod u+x name adds permission for the user that owns the file to execute it. The command only changes the permissions associated with the file; it does not change the security controls associated with the entire volume.
The link below is to a document that contains security auditing and monitoring details for Windows 10 and Windows Server 2016.
The web site below includes a chart of the various different release versions of Windows 10.
Warp17 is a lightweight solution for generating high volumes of session-based traffic with high setup rates.
VMware Logon Monitor monitors Windows user logons and reports a wide variety of performance metrics intended to help administrators, support staff, and developers troubleshoot slow logon performance. Metrics include, but are not limited to, logon time, CPU/memory usage, and network connection speed. VMware Logon Monitor also receives metrics from other VMware products which provide even more clues about what is happening during the logon flow.
DNS Sinkhhole is a Slackware-based .ISO to configure a DNS sinkhole service.
Wednesday, June 1, 2016
To create a basic bootable WinPE USB drive, use the following steps.
Launch an evaluated command prompt. Use the following commands.
diskpart> list disk
diskpart> select disk #
diskpart> create partition primary
diskpart> select partition 1
diskpart> format fs=fat32 quick
diskpart> assign letter x
Download the Windows ADK for your operating system via the link below:
Install Windows PreInstallation Environment (Windows PE); deselect the other components.
First find the DandISetEnv.bat batch file under Deployment Tools subfolder and execute it to set the variables within the command line session.
Find the copype.cmd batch file and execute the following command:
copype.cmd amd64 c:\temp\winpe_amd64
This will change the directory of the command prompt to the destination by default.
Copy the output to the root of the USB drive with the following command.
robocopy c:\temp\winpe_amd64\media x: /e /xd *-*
At this point, the USB drive should be ready to boot from.
Some available commands are listed below.
The Microsoft Surface Diagnostic Toolkit is a diagnostic tool that performs tests against the Surface hardware and software pieces significant to hardware operation to report on any specific problems that it finds. It works for Surface Book, Surface Pro 4, Surface 3 LTE, Surface 3, Surface Pro 3, Surface Pro 2, and Surface Pro.
Also included within the toolkit is the Microsoft Surface Data Eraser. It is an utility that can be used to create an USB boot drive. An USB stick of at least 4 GB is required since OS boot files are copied along with the data wiping application.
The Surface device must be configured to boot from USB in the firmware. To do this:
- Turn off the Surface device.
- Press and hold the Volume Up button.
- Press and release the Power button to power the device.
- Release the Volume Up button.
Once booted to the Microsoft Surface Data Eraser USB drive, the utility provides 3 options:
- S = initiate the Data Erase process
- D = this option allows you to run diskpart.exe to manage the partitions on the device
- X = cancel the operation and shut down the device
The Microsoft Surface Data Eraser Utility works for the Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface 3 LTE, and Surface Pro 2.
OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images. In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata.
SmokePing measures latency and packet loss that can be analyzed over time to reveal changes in latency that can be used for troubleshooting or network planning. It does this by firing off Ping packets at regular intervals and recording the response times. Spikes that show up on graphs of the data gathered indicate when response-time troubles arise and can help narrow down investigations into their causes.
Ringtone Maker allows for the creation of a custom ring tone based on an existing music file.
Notepad++ has a feature to remove lines within a text file that includes a particular character. To start the process, use Control + F to open the Find dialog box. Access the Mark tab. Enable the Bookmark line option. Enter the character to search for. Click on the Mark All button. This should select the line or lines within the main window.
Under Search –> Bookmark, use the option Remove Bookmarked Lines.
Sunday, May 1, 2016
Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system. The script is available at:
An elevated PowerShell session must be used. Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters. The switch –ports will listen on a single or multiple ports; the example shows port 23. The local Windows Firewall may display a prompt when the script is initially executed.
To review log information, use the command Get-EventLog honeyport.
Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.
The data from the Event Log could be exported to a text file using a command such as the example below.
Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt
Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible.
The Horizon SSO Diagnostic Utility is a diagnostic application that performs basic validation of the Horizon (Certificate) Enrollment server, the Active Directory PKI settings, and Enterprise Certificate Authorities (CA).
AeroFS is an enterprise file sync & share solution deployed on the customer’s infrastructure, allowing the company to keep control of its data and enabling employees to securely collaborate both inside and outside the organization.
The Project my screen App for Windows Phone can be used to deliver a Windows Mobile screen directly to a computer’s monitor. The app can be used to take screen captures of mobile screens. The app only supports delivering video; it does not also deliver audio.