Monday, February 1, 2016

Sigcheck

Sigcheck is a command-line utility that shows file version number, timestamp information,
and digital signature details, including certificate chains. It also includes an option to
check a file’s status on VirusTotal, a site that performs automated file scanning against
over 40 antivirus engines, and an option to upload a file for scanning.

One way to use the tool is to check for unsigned files in your \Windows\System32
directories with this command:

sigcheck -u -e c:\windows\system32

image

Use the following command to check for local certificate store for the computer in question by downloading the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list.  If Microsoft's online site is not accessible, authrootstl.cab or authroot.stl in the current directory are used instead, if present.

sigcheck –tv

image

The –a switch will display detailed information on a file.

image

The –vt switch can be used to check the file hash against VirusTotal.

image

If the hash is not found within the VirusTotal service, use the switch –vs to submit it.The –s switch will scan the entire disk and the –c will produce a .CSV file.

image

https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

GostCrypt

GostCrypt was launched at the end of 2013 as fork of the (late) Truecrypt project.  Several universities are currently involved with the development of GostCrypt.

https://www.gostcrypt.org/

DNSCat2

DNSCat2 is a DNS tunnel DNS utility that creates an encrypted tunnel over the DNS protocol primarily as a command-and-control (C&C) channel for penetration testers.  The application can tunnel any data, with no protocol attached, and it is also encrypted by default.

https://github.com/iagox86/dnscat2

Adrem Software Network Utilities

Adrem Software has several free network utilities available for Windows.

http://www.adremsoft.com/netcrunch.tools/

http://www.adremsoft.com/wmitools/

http://www.adremsoft.com/mynettoolset/

Recent Items and Frequent Places within Windows 10

Recent items and frequent places are stored in the following folder locations within Windows 10:

%AppData%\Microsoft\Windows\Recent Items
%AppData%\Microsoft\Windows\Recent\AutomaticDestinations
%AppData%\Microsoft\Windows\Recent\CustomDestinations

windows10_recent_items_1

To disable Recent Items, access Settings and then Personalization.  Click on Start on the left side. From the right side, turn off “Show recently added apps”, and “Show recently opened items in Jump Lists on Start or the taskbar”.

windows10_recent_items_2

PowerShell Script Analyzer

The PowerShell Script Analyzer (PSScriptAnalyzer) module is a way to help administrative scripters check code against best practices.

https://4sysops.com/archives/powershell-script-analyzer-a-free-static-code-analysis-tool/

https://github.com/PowerShell/PSScriptAnalyzer

Shodan

Shodan is a search engine designed for devices such as cameras that are connected on the Internet.

https://www.shodan.io/

LaZagne

The LaZagne project is an open source password recovery tool used to retrieve passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases and so on). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment, it supports 22 Programs on Microsoft Windows and 12 on a Linux/Unix-Like operating systems.

https://github.com/AlessandroZ/LaZagne

Two Factor Auth web site

The web site below contains a chart of services that offer two factor authentication.

https://twofactorauth.org/