Friday, December 2, 2016

Display menu within Ubuntu 16.04

To display the menu options with all applications within Ubuntu version 16.04, access Settings –> Appearance –> Behavior, and set the Menus visibility parameter to “Always displayed”.

image

Move the Unity Launcher to the bottom of the screen on Ubuntu 16.04

To move the Unity Launcher from the default location on the left of the screen to the bottom, use the following terminal command:

gsettings set com.canonical.Unity.Launcher launcher-position Bottom
image

Ubuntu Drivers Command

To install proprietary drivers within Ubuntu, one method is to use the following command:

ubuntu-drivers devices

image

This utility should automatically scan for hardware devices that are in need of proprietary drivers.

To install the drivers, use the command:

ubuntu-drivers autoinstall

VMFleet

VMFleet is a set of scripts that uses DISKSPD workloads inside multiple Windows Server 2016 Storage Spaces Direct hyper-converged guests.  You can control the behaviors, quantities, IO patterns, etc. of all the VMs through a master control script.

https://github.com/Microsoft/diskspd/tree/master/Frameworks/VMFleet

https://github.com/Microsoft/diskspd

Thycotic Secret Server

Thycotic Secret Server is an enterprise password management solution.

https://thycotic.com/

https://4sysops.com/archives/thycotic-secret-server-enterprise-password-management/

Minio

Minio is an object storage server built for cloud application developers and devops.  Written in Go, the focus is an easy to deploy and use 100% S3 compatible, object based storage platform.

https://minio.io/

Acrylic DNS Proxy

Acrylic DNS Proxy is a local DNS proxy for Windows which improves the performance of your computer by caching the responses coming from your DNS servers and helps you fight unwanted ads through a custom HOSTS file (optimized for handling hundreds of thousands of domain names) with support for wildcards and regular expressions.  A portable version is available.

http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome

Have I been pwned web site

The “Have I been pwned” web site contains a searchable database of data breaches.

https://haveibeenpwned.com/

Tuesday, November 1, 2016

MBRFilter

MBRFilter is an utility for 32 or 64-bit Windows computers that attempts to prevent rootkits.

http://blog.talosintel.com/2016/10/mbrfilter.html

https://github.com/vrtadmin/MBRFilter/releases/tag/1.0

DRS Doctor

DRS Doctor is a command line tool that can be used to diagnose DRS behavior in VMware vCenter clusters. When run against a DRS enabled cluster, it records information regarding the state of the cluster, the work load distribution, DRS moves, etc., in an easy to read log format.

https://labs.vmware.com/flings/drsdoctor

Memtest86

Memtest86 is an application for testing memory with a computer.  Free and paid versions are available.  The application boots from a USB or CD disk.

http://www.memtest86.com/

Google Nik Collection

The Google Nik Collection offers several high-quality photo retouching/editing filter profiles for use in Photoshop or Paint.NET.  Below are links to the Collection and how to use the filters within Paint.NET.

https://www.google.com/nikcollection/

http://grandstreamdreams.blogspot.com/2016/05/run-free-google-nik-photoshop-filter.html

Microsoft AppSource

Microsoft AppSource is a search engine for line-of-business software-as-a-service apps from Microsoft and its partners.

https://appsource.microsoft.com/en-us/

Professor Messer web site

The Processor Messer web site has free videos available on several different topics such as A+ and Network+ certifications.

http://www.professormesser.com/

VMware NSX Visio Diagramming Tool

The NSX Visio Diagramming Tool is an utility to create documentation within an NSX environment.

https://github.com/vmware/powernsx/tree/master/tools/DiagramNSX

http://networkinferno.net/nsx-visio-diagramming-tool

Remix OS emulator for Windows

Remix OS is a Android-based emulator for Windows.

http://www.jide.com/remixos-player

Microsoft cloud IT architecture resources

The web site below offers links to several Microsoft-related cloud services such as Azure and Office365.

https://technet.microsoft.com/library/dn919927.aspx

Saturday, October 1, 2016

How to create a web app from an existing web page within ChromeOS

To create a web app within ChromeOS from an existing web page, access the URL in question as normal.  Click on the three button overflow menu selection –> More Tools –> Add to shelf.

image

A small dialog box should appear.  You can rename the entry and also use the available option to open the shortcut within a new window.

image

A new shortcut icon should appear on the taskbar.

image

To remove the “Open as window” option, right-click on the taskbar icon and uncheck the menu selection.

MailSniper

MailSniper is a penetration testing tool, written in PowerShell, to allow for mass searching through email across every mailbox of an organization’s Microsoft Exchange environment.

https://github.com/dafthack/MailSniper

http://www.blackhillsinfosec.com/?p=5296

Windows Firewall Control

Windows Firewall Control is a free utility which extends the functionality of Windows Firewall and provides new extra features.

http://www.binisoft.org/wfc.php

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset

The ETOpen Ruleset is an anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. To use this ruleset you need an IDS such as Snort or Suricata.

https://www.proofpoint.com/us/threat-intelligence-open-source-community

http://rules.emergingthreats.net/

Mailbox Recovery Troubleshooter

Microsoft has an Exchange Online mailbox recovery troubleshooter available at the link below.

https://support.microsoft.com/en-us/help/20804/mailbox-recovery-in-exchange-online

moreutils

The moreutils package is a set of utilities for Linux and FreeBSD.  Some of the commands included are:

chronic: Runs a command quietly unless it fails.

combine
: Combine the lines in two files using boolean operations.

errno
: Look up errno names and descriptions.

ifdata: Get network interface information without parsing ifconfig output.

ifne
: Run a program if the standard input is not empty.

isutf8: Check if a file or standard input is UTF-8.

lckdo: Execute a program with a lock held.

mispipe
: Pipe two commands, returning the exit status of the first.

parallel
: Run multiple jobs at once.

pee
: tee standard input to pipes.

sponge
: Soak up standard input and write to a file.

ts
: Timestamp standard input.

vidir: Edit a directory in your text editor.

vipe
: Insert a text editor into a pipe.

zrun: Automatically uncompress arguments to command.

More information can be found at the moreutils web site at https://joeyh.name/code/moreutils/.

Azure AD Connect Configuration Documenter

The Azure AD Connect Configuration Documenter is a free utility to generate documentation of an Azure AD Connect installation based on an exported server configuration.

https://github.com/Microsoft/AADConnectConfigDocumenter

Media eXperience Analyzer

Media eXperience Analyzer (MXA) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback.

https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-149-Media-eXperience-Analyzer-part-1

https://www.microsoft.com/en-us/download/details.aspx?id=43105&751be11f-ede8-5a0c-058c-2ee190a24fa6=True

IPLeak.Net

IPLeak.Net is a web site that displays network information such as IP address and DNS server values.

https://ipleak.net/

Thursday, September 1, 2016

Observatory by Mozilla

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

image

https://observatory.mozilla.org/

PowerShell script to test hardware for Device and Credential Guard readiness

A PowerShell script is available at the link below to check a Windows 10 or Server 2016-based computer for readiness for Device and Credential Guard.  The script has the following options:

  • Check if the device can run Device Guard or Credential Guard
  • Check if the device is compatible with the Hardware Lab Kit tests that are ran by partners
  • Enable and disable Device Guard or Credential Guard
  • Check the status of Device Guard or Credential Guard on the device
  • Integrate with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
  • Use an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided

https://www.microsoft.com/en-us/download/details.aspx?id=53337

windows10_dg_readiness_1

windows10_dg_readiness_2

DriverBackup!

DriverBackup! is a free utility for Windows for drivers' backup, restoration and removal with command line options, and automatic restoration from CD\DVD.

https://sourceforge.net/projects/drvback/

HashCat

The link below contains several password recovery utilities.

https://github.com/hashcat/

Using Process Hacker to view non-signed processes

Process Hacker is an open-source process utility for Windows that is similar to the Sysinternals application Process Explorer.  The utility can be found at:

http://processhacker.sourceforge.net/

To view the services “behind” a svchost.exe entry, hover the cursor over the entry and a small dialog box should appear.

process_hacker_1

The majority of the time, malware is not digitally signed.  To view non-signed processes, first add the two columns by right-clicking on an existing column under the Processes tab and selecting the “Choose columns” option.

process_hacker_2

Select “Verification status” and “Verified signer”, and add both to the active columns list.

process_hacker_3

To view only non-signed processes, use the menu option View –> Hide signed processes.

process_hacker_4

An error dialog box may appear:

process_hacker_5

Under Options –> Advanced, enable the selection for “Check images for digital signatures and packing”.  A restart of the application will probably be required.

process_hacker_6

A process entry can be submitted to VirusTotal by using the right-click –> Send to –> virustotal.com option.

process_hacker_7

Reclaim Disk Space After the Windows 10 Anniversary Update

To reclaim some disk space after the Windows 10 Anniversary update, access Settings, System, Storage and then This PC (C:).  Scroll down to Temporary files and click on it.

windows10_clear_previous_version_1

Check the Previous version of Windows option and then click Remove Files.

windows10_clear_previous_version_2

How to reset network settings within Windows 10 Anniversary edition

Within the Windows 10 Anniversary edition, an option is available to reset all network settings.  Windows will forget your Ethernet network including all Wi-Fi networks and passwords.  Resetting will disable and then reinstall all network adapters and set other networking components back to their original settings.

To access this feature, access Settings and then Network and Internet.Click on the Status link in the left column and then on the Network reset link.

windows10_network_reset

Another dialog box will appear confirming the action; use the Reset now button.

Limited Periodic Scanning in the Windows 10 Anniversary Edition

When a third party anti-virus/malware solution is installed with Windows 10, Windows Defender normally is disabled to avoid any conflicts.  With the Anniversary Edition of Windows 10, a new option is available to allow Defender to perform a background scan.

To enable Limited Periodic Scanning, open Windows Settings and Update & Security.  Access the Windows Defender section.  If Windows Defender is currently the default security client, the following menu option will not be present.

image

A system tray notification will appear if the feature is enabled.

image

Additional details on this feature can be found at https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/

How to enable the Dark App Mode with Windows 10

Within Windows 10 Anniversary edition, a dark app mode is available.  To enable it, open Windows Settings  and then select Personalization.  Click on the Colors option within the left column and then change the app mode on the right to dark.

windows10_dark_mode

Monday, August 1, 2016

Script to reset Windows Update

If a client is not reporting correctly to a WSUS service, a few scripts to reset Windows Update can be found at the links below.

https://gallery.technet.microsoft.com/scriptcenter/Dos-Command-Line-Batch-to-fb07b159

https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc

Automater Python script

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from various sources.  Output options include .CSV and .HTM.

https://github.com/1aN0rmus/TekDefense-Automater

http://www.tekdefense.com/automater/

automater1

automater2

automater3

automater4

automater5

PowerActions

PowerActions integrates the vSphere Web Client and PowerCLI to provide complex automation solutions from within the standard vSphere management client.  PowerActions is deployed as a plugin for the vSphere Web Client and will allow you to execute PowerCLI commands and scripts in a vSphere Web Client integrated Powershell console.

https://labs.vmware.com/flings/poweractions-for-vsphere-web-client

Get a list of active Remote Desktop Users

To obtain a list of active Remote Desktop sessions, use the command quser or qwinsta.

image

Mailbird

Mailbird is an email client for the Windows platform.

https://www.getmailbird.com/

Extrasphere

Extrasphere is a set of tools for managing VM data in vSphere environments, including VM migration, hot mirroring and encryption scenarios.

http://www.extrasphere.ru/

FossHub

FossHub is a web site hosting free software similar to SourceForge.

http://www.fosshub.com/

Drive SnapShot

Drive SnapShot is an utility for Windows to create an image backup while Windows is running.

http://www.drivesnapshot.de/en/index.htm

TraceTCP

TraceTCP is a Windows-based version of the TCPTraceRoute application normally found within Linux distributions.

https://github.com/SimulatedSimian/tracetcp/releases

Friday, July 1, 2016

Allowing a script to execute within Linux

By default, Linux does not allow a program or script to launch unless it is marked with the permission to execute.  To allow a script to run, use the command chmod u+x filename.  The command chmod u+x name adds permission for the user that owns the file to execute it.  The command only changes the permissions associated with the file; it does not change the security controls associated with the entire volume.

image

Windows 10 and Windows Server 2016 security auditing and monitoring reference

The link below is to a document that contains security auditing and monitoring details for Windows 10 and Windows Server 2016.

https://www.microsoft.com/en-us/download/details.aspx?id=52630

Windows 10 release information web site

The web site below includes a chart of the various different release versions of Windows 10.

https://technet.microsoft.com/en-us/windows/mt679505.aspx

Warp17

Warp17 is a lightweight solution for generating high volumes of session-based traffic with high setup rates.

http://warp17.net/

https://isc.sans.edu/diary/Warp+Speed+Ahead%2C+L7+Open+Source+Packet+Generator%3A+Warp17/21163

Poderosa

Poderosa is a terminal emulator similar to Putty.

https://github.com/poderosaproject/

https://sourceforge.net/projects/poderosa/

image

tinySpell

The tinySpell application is a spell checker with two versions:  a free edition and one with more advanced features for a fee.  Portable versions are available.

image

http://tinyspell.numerit.com/

VMware Logon Monitor

VMware Logon Monitor monitors Windows user logons and reports a wide variety of performance metrics intended to help administrators, support staff, and developers troubleshoot slow logon performance. Metrics include, but are not limited to, logon time, CPU/memory usage, and network connection speed. VMware Logon Monitor also receives metrics from other VMware products which provide even more clues about what is happening during the logon flow.

https://labs.vmware.com/flings/vmware-logon-monitor

DNS Sinkhole

DNS Sinkhhole is a Slackware-based .ISO to configure a DNS sinkhole service.

https://isc.sans.edu/diary/DNS+Sinkhole+ISO+Version+2.0/21153

Wednesday, June 1, 2016

WinPE USB creation process

To create a basic bootable WinPE USB drive, use the following steps.

Launch an evaluated command prompt.  Use the following commands.

c:\windows\system32> diskpart

diskpart> list disk

diskpart> select disk #

diskpart> clean

diskpart> create partition primary

diskpart> select partition 1

diskpart> active

diskpart> format fs=fat32 quick

diskpart> assign letter x

image

image

Download the Windows ADK for your operating system via the link below:

https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx

Install Windows PreInstallation Environment (Windows PE); deselect the other components.

image

image

image

First find the DandISetEnv.bat batch file under Deployment Tools subfolder and execute it to set the variables within the command line session.

image

Find the copype.cmd batch file and execute the following command:

copype.cmd amd64 c:\temp\winpe_amd64

image

This will change the directory of the command prompt to the destination by default.

image

Copy the output to the root of the USB drive with the following command.

robocopy c:\temp\winpe_amd64\media x: /e /xd *-*

image

At this point, the USB drive should be ready to boot from. 

image

Some available commands are listed below.

https://technet.microsoft.com/en-us/library/cc749055(v=ws.10).aspx

http://www.symantec.com/connect/forums/winpe-and-winre-commands-might-help-when-you-are-using-access-utility-or-recovery-disk

Microsoft Surface Diagnostic Toolkit and Data Eraser

The Microsoft Surface Diagnostic Toolkit is a diagnostic tool that performs tests against the Surface hardware and software pieces significant to hardware operation to report on any specific problems that it finds. It works for Surface Book, Surface Pro 4, Surface 3 LTE, Surface 3, Surface Pro 3, Surface Pro 2, and Surface Pro.

Also included within the toolkit is the Microsoft Surface Data Eraser.  It is an utility that can be used to create an USB boot drive. An USB stick of at least 4 GB is required since OS boot files are copied along with the data wiping application.

The Surface device must be configured to boot from USB in the firmware. To do this:

  1. Turn off the Surface device.
  2. Press and hold the Volume Up button.
  3. Press and release the Power button to power the device.
  4. Release the Volume Up button.

Once booted to the Microsoft Surface Data Eraser USB drive, the utility provides 3 options:

  • S = initiate the Data Erase process
  • D = this option allows you to run diskpart.exe to manage the partitions on the device
  • X = cancel the operation and shut down the device

The Microsoft Surface Data Eraser Utility works for the Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface 3 LTE, and Surface Pro 2.

https://www.microsoft.com/en-us/download/details.aspx?id=46703

OSFClone

OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images.  In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata.

http://www.osforensics.com/tools/create-disk-images.html

Easy2Boot

Easy2Boot is an utility for Windows or Linux to create a bootable USB drive.

http://www.easy2boot.com/

Office 365 Support and Recovery Assistant

Office 365 Support and Recovery Assistant is an utility to check for common issues with Office 365.

https://diagnostics.outlook.com/

SmokePing

SmokePing measures latency and packet loss that can be analyzed over time to reveal changes in latency that can be used for troubleshooting or network planning. It does this by firing off Ping packets at regular intervals and recording the response times. Spikes that show up on graphs of the data gathered indicate when response-time troubles arise and can help narrow down investigations into their causes.

http://oss.oetiker.ch/smokeping/

OpenNMS

OpenNMS is a network monitoring service.  OpenNMS can generate its own events or receive events from outside sources, such as SNMP Traps, syslog or TL/1.

http://www.opennms.org/

Ringtone Maker for Windows 10 Mobile

Ringtone Maker allows for the creation of a custom ring tone based on an existing music file.

https://www.microsoft.com/en-us/store/apps/app/9wzdncrfhvdm?tduid=(8a78389ddb73b90a88927085f498a3c6)(256380)(2459594)(TnL5HPStwNw-5knLm.VO2OSJWRFI4cBKCQ)()

Remove lines with a particular character within Notepad++

Notepad++ has a feature to remove lines within a text file that includes a particular character.  To start the process, use Control + F to open the Find dialog box.  Access the Mark tab.  Enable the Bookmark line option.  Enter the character to search for.  Click on the Mark All button.  This should select the line or lines within the main window.

notepad  _1

Under Search –> Bookmark, use the option Remove Bookmarked Lines.

notepad  _2

Sunday, May 1, 2016

Honeyport

Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system.  The script is available at:

https://github.com/Pwdrkeg/honeyport/

An elevated PowerShell session must be used.  Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters.  The switch –ports will listen on a single or multiple ports; the example shows port 23.  The local Windows Firewall may display a prompt when the script is initially executed.

honeyport_powershell_script_1

To review log information, use the command Get-EventLog honeyport.

honeyport_powershell_script_2

Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.

honeyport_powershell_script_3

The data from the Event Log could be exported to a text file using a command such as the example below.

Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt

honeyport_powershell_script_4

Phishing Frenzy

Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible.

https://www.phishingfrenzy.com/

VMware View SSO Diagnostic Utility

The Horizon SSO Diagnostic Utility is a diagnostic application that performs basic validation of the Horizon (Certificate) Enrollment server, the Active Directory PKI settings, and Enterprise Certificate Authorities (CA).

https://labs.vmware.com/flings/true-sso-diagnostic-utility

Homedale

Homedale is an wireless utility for Windows that offers an overview of all available access points with their signal strength, encryption [WEP/WPA/WPA2], speed, and channel.

http://thesz.diecru.eu/content/homedale.php

https://www.the-sz.com/products/homedale/

image

Tixati

Tixati is a BitTorrent client for Windows and Linux.  A portable version is available.

http://www.tixati.com/

image

AeroFS

AeroFS is an enterprise file sync & share solution deployed on the customer’s infrastructure, allowing the company to keep control of its data and enabling employees to securely collaborate both inside and outside the organization.

https://www.aerofs.com/

LiveUSB Install

LiveUSB Install is an utility to create a install several Linux distributions on an USB drive.

http://live.learnfree.eu/

Project my screen App for Windows Phone

The Project my screen App for Windows Phone can be used to deliver a Windows Mobile screen directly to a computer’s monitor.  The app can be used to take screen captures of mobile screens. The app only supports delivering video; it does not also deliver audio.

https://www.microsoft.com/en-us/download/details.aspx?id=42536

Friday, April 1, 2016

SmartScreen Demo Pages

This site includes various demo examples of the SmartScreen component within Internet Explorer.

image

http://demo.smartscreen.msft.net/