Thursday, June 1, 2017

How to disable the Customer Experience Improvement Program within Windows 7

To disable the Customer Experience Improvement Program within Windows 7, click on the Start Menu and type “customer”.  One of the available selections should be Control Panel –> Change Customer Experience Improvement Program settings.  Once launched, select the “No” option and use the Save Changes button.

image

Several scheduled tasks may be present under Microsoft –> Windows –> Customer Experience Improvement Program that can be disabled.

image

Additional scheduled task entries can be disabled under Microsoft –> Windows –> Application Experience.

image

The screen captures below are from Windows 8.1.

image

image

Acunetix Free Manual Pen Testing Tools

Acunetix has released a free set of security-related utilities.  Some of the tools are a HTTP Editor, a HTTP Sniffer, and a HTTP Fuzzer.

acunetix_manual_tools

http://www.acunetix.com/vulnerability-scanner/manual-tools/

The plugs-in URL within Google Chrome

Starting with Google Chrome version 57, the existing URL of chrome://plugins was removed.  The URL of chrome://settings/content allows control of Adobe Flash content, and chrome://components to display the version of Flash installed.

image

image

Issue with .MP3 files on a SD card within Android

Media such as .MP3 files are copied to an external SD card.  But the default media player would not recongize the files.  One potential issue is the present of a .nomedia file on the SD card.

image

Once this file was removed, applications such as VLC detected the .MP3 files that were present on the SD card.  Additional information can be found at the link below.

http://www.easycodeway.com/2016/08/hide-files-in-android-using-nomedia-file.html

vCenter Cluster Performance Tool

vCenter Cluster Performance Tool is a Powershell script that uses vSphere PowerCLI to obtain performance data for a cluster by aggregating information from individual hosts.

https://labs.vmware.com/flings/vcenter-cluster-performance-tool

Chrome Cleanup Tool

Google offers a cleanup utility for Chrome for the Windows platform.

image

https://www.google.com/chrome/cleanup-tool/

Sn1per

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.  It performs several different tasks, such as testing for anonymous FTP and LDAP access.

https://github.com/1N3/Sn1per

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

https://ettercap.github.io/ettercap/

Exchange Analyzer

Exchange Analyzer is a PowerShell tool that scans an Exchange Server 2013 or 2016 and reports on compliance with best practices.

https://gallery.technet.microsoft.com/office/Exchange-Analyzer-6e20132e

https://exchangeanalyzer.com/

Monday, May 1, 2017

How to monitor Google Chrome extensions

To monitor network traffic for a specific extension within Google Chrome, access the Settings and then the Extensions section.  Click on the Developer Mode checkbox near the top of the page.

image

Find the extension in question within the list and then click on the link to the left of Inspect views.

image

A new dialog box should appear.  Click on the Network menu option near the top to display network traffic for the extension.

image

How to view digital certificate details within Google Chrome

Starting with Chrome version 56, the following method is required to view the details of a digital certificate.

Three Dots Menu -> More Tools -> Developer Tools, then click on the Security Tab. Access the View Certificate Button.

image

With Windows, a shortcut key combination is Control + Shift + I.

PowerMemory

PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory.

https://github.com/giMini/PowerMemory

HTTP-PING

Http-ping is a free Windows-based command line utility to perform network connectivity checks via HTTP.  The application can be downloaded from:

https://www.coretechnologies.com/products/http-ping/

No installation is required.  The example below includes the date and time stamp, uses an interval of 5 seconds, and also writes the output to a text file.

http-ping –d –i 5 –f test.txt google.com

image

Windows 10 Creator Edition–Only Allow Apps From Store

Windows 10 Creator Edition includes an option to only allow applications to only be installed from the app store.  Under Settings –> Apps –> Apps and Features,  Use the drop-down dialog box to set the parameter for installing applications.

image

If the parameter is set to only use the app store and a “normal” application is attempted to be executed, a dialog box will appear.

image

This includes portable applications or any .EXE program.

image

If the parameter is set to warn, a new button is available when the dialog box appears.

image

Night Light within Windows 10 Creator Edition

Windows 10 Creator Edition includes a new “Night Light” feature, which is designed to allow reduce eyestrain.  The option can be enabled via Settings –> System –> Display.  A link to additional settings is available as well.

image

image

The feature can also be found via the Action Center.

image

Using Storage Sense to automatically purge files within Windows 10 Creator edition

Within Windows 10 Creator edition, a new feature is available to automatically purge files to free up disk space.  Access Settings and then the System section.  Click on Storage within the left hand column.  To the right, an option to enable Storage Sense should be present.

image

To view the parameters of the feature, click on the “Change how we free up space” link.

image

Stop Windows 10 From Automatically Updating Hardware Drivers

To configure Windows 10 to not automatically update hardware drivers, use the following Registry hack.  Note that driver updates may be bundled with security updates or feature updates, so this modification may not be 100% effective.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

Certain versions of Windows 10 may allow the parameter to be set via the Local Group Policy.  Use the command “gpedit.msc” to launch the Local Group Policy Editor and navigate to the following path:

Computer Configuration/Administrative Templates/Windows Components/Windows Update

Find the entry “Do not include drivers with Windows Updates” and enable the policy.

image

Where to disable ads within Windows 10 Creator edition

To disable ads within Windows 10 Creator edition, verify the parameters at the following areas.

Lock Screen

image

Start

image

Windows Explorer

image

Share

image

Notifications

image

Sunday, April 2, 2017

Disable WPAD within Windows

The WPAD protocol is designed to allow organizations to provide proxy settings to all devices that connect to the network. The organization can place a WPAD configuration file in a standard place, and when WPAD is enabled, your computer or other device checks to see if there’s WPAD proxy information provided by the network. Your device then automatically uses whatever settings the proxy auto-configuration (PAC) file provides, sending all traffic on the current network through the proxy server.

Within Windows 7, access Control Panel –> Internet Options  -> Connections tab –> LAN settings button –> clear the “Automatically detect settings” check box.

image

Within Windows 10, access Settings -> Network & Internet –> Proxy –> disable the “Automatically detect settings” option.

windows10_wpad

Turn Off File Explorer Advertising within Windows 10

To disable advertising dialog boxes from appearing within Windows Explorer with Windows 10, launch Explorer and access View –> Options -> Change folder and search options.  Under the View tab, disable the feature “Show sync provider notifications.”

image

iTunes Alternatives for Windows

Below are some alternatives for iTunes on the Windows platform.

http://getmusicbee.com/

http://www.mediamonkey.com/

http://www.foobar2000.org/

https://www.clementine-player.org/

http://getnightingale.com/

Posh Web Server

Posh is a web server via PowerShell.  Installation is not required; simply load the module within PowerShell.

http://www.poshserver.net/

Skydive

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.

https://skydive-project.github.io/skydive/

https://github.com/skydive-project/skydive

Raspberry Pi Linux Distro

The company behind the Raspberry Pi hardware units have decided to offer a Linux Distro for x86 computers.  Built on top of Debian, the OS is light enough to run most old machines that have at least 512MB of RAM.

https://www.raspberrypi.org/blog/pixel-pc-mac/

Ubuntu OVA for VMware Horizon

Ubuntu OVA for Horizon is a pre-packaged OVA built on Ubuntu that automates most of the customization and configuration needed for a Linux Desktop Template to be used in a VMware Horizon 7 or later environment.

https://labs.vmware.com/flings/horizon-ova-for-ubuntu

OpenShot Video Editor

OpenShot is a free video editor application for Linux.

http://www.openshot.org/

IPFire

IPFire is a Linux-based security gateway.  Some features include Cache Management, URL filter, DHCP server, Snort IDS (Guardian), SquidClamAV, IPSec, and OpenVPN.  Snort is an add-on, and several more are available.

http://wiki.ipfire.org/en/addons/start

http://www.ipfire.org/

Wednesday, March 1, 2017

Blocking outbound PowerShell traffic using the Windows Firewall

Some malware use PowerShell to download additional components, such as highlighted in the blog posting found at https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/.  To block outbound traffic using the Windows Firewall, add two rules:

64-bit

%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

32-bit

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe

image

To test the rule, use the command below.

cmd /c PowerShell (New-Object System.Net.Webclient).DownloadFile('http://test.com','%TMP%\test.txt');

image

The following commands can be excuted as a test within PowerShell.

$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile("http://www.test.com/","%TEMP%")

image

How to disable the Customer Experience Improvement Program within Windows 7

To disable the Customer Experience Improvement Program within Windows 7, click on the Start Menu and type “customer”.  One of the available selections should be Control Panel –> Change Customer Experience Improvement Program settings.  Once launched, select the “No” option and use the Save Changes button.

image

Several scheduled tasks may be present under Microsoft –> Windows –> Customer Experience Improvement Program that can be disabled.

image

Additional scheduled task entries can be disabled under Microsoft –> Windows –> Application Experience.

image

Another entry may be present under WPD.

image

Also verify that the Diagnostic Tracking Service is disabled.

image

EtreCheck

EtreCheck is an utilty for Apple Mac OS X.  The application consolidates information from over 50 different diagnostics tasks and displays it all on one concise report.

https://etrecheck.com/

CloneApp

CloneApp is an utility that allows you to easily back up configuration files in program directories and the Registry for many popular Windows programs.

http://mirinsoft.com/

dbatools

dbatools is a free PowerShell module with several SQL Server administration, best practice and migration commands included.

https://dbatools.io/

PowerShell version 5.1 for Windows 7

PowerShell version 5.1 is available for Windows 7 and Windows Server 2008 R2.

https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/

http://www.microsoft.com/en-us/download/details.aspx?id=54616

VMware IOInsight Fling

VMware IOInsight is a tool to help people understand a VM's storage I/O behavior. By understanding their VM's I/O characteristics, customers can make better decisions at storage capacity planning and performance tuning. IOInsight ships as a virtual appliance that can be deployed in any vSphere environment and an intuitive web-based UI allows users to choose VMDKs to monitor and view results.

https://labs.vmware.com/flings/ioinsight

https://www.vladan.fr/how-to-use-vmware-ioinsight-free-io-testing-tool/

PacketTotal

PacketTotal is similar to VirusTotal but accepts network packet captures to be evaluated.

http://www.packettotal.com/

Wednesday, February 1, 2017

How to check if a computer has a TPM chip

One method to check if a computer has a TPM (Trusted Platform Module) chip present, launch tpm.msc with elevated privileges.  It is possible that the TPM chip has been disabled within the BIOS/UEFI setup.

image

image

OWASP VBScan

OWASP VBScan (vBulletin Vulnerability Scanner) is an open-source project in Perl programming language to detect VBulletin CMS vulnerabilities and analyze them.

https://github.com/rezasp/vbscan

IVRE

IVRE is an open-source framework for network recon, written in Python with a MongoDB backend. 

IVRE is a network reconnaissance framework that includes:

  • Passive recon features (via flow analysis coming from Bro or Nfdump
  • Fingerprinting analysis
  • Active recon (via Nmap or Zmap)
  • Import tools (from Nmap or Masscan)

https://ivre.rocks/

View a Chromebook’s hardware specifications

To view the hardware specifications with a Chromebook, type “chrome://system” into Chrome’s address bar.  An application named Cog can display system information as well.

https://chrome.google.com/webstore/detail/cog-system-info-viewer/difcjdggkffcfgcfconafogflmmaadco?hl=en

Censys

Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet.

https://censys.io/

netboot.xyz

netboot.xyz is a way to select various operating system installers or utilities from one place within the BIOS without the need of having to go retrieve the media to run the tool. iPXE is used to provide a user friendly menu from within the BIOS that lets you easily choose the OS you want along with any specific types of versions or bootable flags.

http://netboot.xyz/

Xtreme Download Manager

Xtreme Download Manager is an add-on to a web browser that assists with downloading data.

http://xdman.sourceforge.net/

How to disable Hibernation within Windows 10

In Windows 10, the computer uses the hiberfil.sys file to store a copy of the system memory on the hard disk when the hibernation setting is activated.  To disable hibernation, launch an elevated command prompt and enter the command:

powercfg /h off

The feature can be re-enabled by the same command.

powercfg /h on

windows10_disable_hibernation

Sunday, January 1, 2017

How to disable Office 365 upgrade dialog box

Starting in late 2016, an Office 365 upgrade dialog box may appear:

image

To disable this dialog box from appearing, click on the link below and

https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F9%2FD%2FA%2F9DA2374F-5766-4CDB-BE7F-36871DFAD05E%2FMicrosoftEasyFix20156.mini.diagcab&data=02%7C01%7CJesus.Barrera%40microsoft.com%7C70bec39024a94bb2a3bd08d4084425b1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636142536191433027&sdata=TcopoijE9W%2FRKs0AJRxzXbnZE6tP1%2BlpCbxMl3zvJuE%3D&reserved=0

image

image

WinToUSB

WinToUSB (also called Windows To USB) is a free Windows To Go Creator which allows you to install and run fully-functional Windows operating system on an external hard drive or USB flash drive, using an ISO, WIM, ESD, SWM, VHD, VHDX image file or a CD/DVD drive as the source of installation, or you can clone current Windows OS installation (Windows 7 or later) to a USB drive as a Windows To Go Workspace. WinToUSB also supports creating a Windows installation USB flash drive from a Windows 10/8.1/8/7/Vista/2008/2012/2016 installation ISO file, so you can install Windows from the USB flash drive easily.

http://www.easyuefi.com/wintousb/

Fern Wifi Cracker

Fern Wifi Cracker is a wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library.  The program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or Ethernet based networks.

https://github.com/savio-code/fern-wifi-cracker

Beamgun

Beamgun is an utility for Windows to block USB devices.  When an USB keyboard device is plugged in, the application attempts to block key stroke injection by continuously stealing the focus.  All injected keystrokes are logged.

https://jlospinoso.github.io/infosec/usb%20rubber%20ducky/lan%20turtle/c%23/clr/wpf/.net/security/2016/11/30/beamgun-update-poison-tap.html

https://github.com/JLospinoso/beamgun

NMONVisualizer

NMONVisualizer is a free Java utility for analyzing nmon system files from both AIX and Linux. It also parses IOStat files, IBM verbose GC logs, Windows Perfmon & ESXTop CSV data and JSON data.

http://nmonvisualizer.github.io/nmonvisualizer/index.html

Nishang

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming.

https://github.com/samratashok/nishang

CuteMarkEd

CuteMarkED is a Qt-based open source Markdown editor with live HTML preview, math expressions, code and markdown syntax highlighting.

http://cloose.github.io/CuteMarkEd/

JXplorer

JXplorer is a Java LDAP browser.

http://jxplorer.org/

Visual Studio Code

Visual Studio Code (VSC) is a free, multi-platform, multi-language, extensible, and open-source code editor.

https://code.visualstudio.com/Download

Internet speed testing web sites

Below are some web sites to use to test Internet performance.

Fast.com

SpeedTest.net

SpeedOf.Me

TestMy.net