Set Execution Policy within PowerShell

By default, PowerShell will allow individual commands but will not execute scripts.  To set the execution policy, use the Set-ExecutionPolicy commandlet.  The commandlet has four different execution policies available:

• Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.

• AllSigned - Only scripts signed by a trusted publisher can be run.

• RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.

• Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

The PowerShell prompt or ISE must be launched with local administrative authority for the change to be made.  The Get-ExecutionPolicy can be used to verify the existing setting.

mRemoteNG

mRemoteNG is a fork of mRemote, an open source, tabbed, multi-protocol, remote connections manager.  mRemoteNG adds bug fixes and new features to mRemote.

mRemoteNG supports the following protocols:

• RDP (Remote Desktop/Terminal Server)
• VNC (Virtual Network Computing)
• ICA (Citrix Independent Computing Architecture)
• SSH (Secure Shell)
• Telnet (TELecommunication NETwork)
• HTTP/HTTPS (Hypertext Transfer Protocol)
• rlogin
• Raw Socket Connections

http://www.mremoteng.org/

SSDLife

SSDLife is an application that will let you know how many times your drive has been powered on, written to, what its health and S.M.A.R.T. status is, and even give you an estimated lifespan of the drive.

http://ssd-life.com/

Introduction to PowerCLI

PowerCLI is a snapin for PowerShell that is intended for use with a VMware environment.  It can be found at:

http://communities.vmware.com/community/vmtn/vsphere/automationtools/powercli

Once launched, help can be found using the Get-VICommand commandlet or the Get-PowerCLIHelp commandlet.

To connect to a ESX/ESXi host, use the Connect-VIServer commandlet.  An example would be:

Connect-VIServer –Server IP address –Protocol https –User root –Password passwordvalue

Once connected, a message should be displayed:

Once connected to a host, commandlets such as Get-VM and Get-VMHost can be used.

The | format-list option can provide additional details.

More details can be displayed using the | Select-Object * option as well.

The Get-VMGuest commandlet will offer some additional details on a particular VM:

The Get-HardDisk commandlet pulls storage information:

The Get-DataStore commandlet can offer details on items such as free disk space available.

The Disconnect-VIServer commandlet will remove the connection to the host:

GNS3

GNS3 is a graphical network simulator that allows simulation of complex networks.  This project is an open source, free program that may be used on multiple operating systems, including Windows, Linux, and MacOS X.  Users have to provide their own IOS/IPS/PIX/ASA/JunOS to use with GNS3.

http://www.gns3.net/

SCR.IM

This is a similar service to URL-shortening sites but for email.  The purpose is to have an email link that requires a captcha check before the true email address is displayed.

http://scr.im/

iPhone Explorer

iPhone Explorer is an iPhone browser for Mac & PC that lets you browse the files and folders on your iPhone as if it were a normal USB flash drive or pen drive. You can use the easy drag-and-drop methods to add or remove files and folders from the iPhone.

http://www.macroplant.com/iphoneexplorer/

Enabling Tech Support Mode within VMware ESXi 4.1

Tech Support Mode within a VMware ESXi 4.1 host is a command-line interface for troubleshooting.  The feature can be enabled via the vSphere client or via the console.

To enable via the console, log in as normal.  Access the Troubleshooting Options selection from the main menu.

The Tech Support Mode should be disabled by default.  A menu option is also available to place a limit on the amount of time the feature will remain active.

Save the changes.  Use the key combination of Alt-F1 to enter the Tech Support Mode.

To return to the main console window, use the key combination of Alt-F2.  Additional details on this topic can be found at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1017910.

Maltego

Maltego is an open source intelligence and forensics application. It will offer mining and gathering of information as well as the representation of this information in a easy to understand format.

http://www.paterva.com/web5/

UNIX/Linux command line resources

Below are some resources for the UNIX/Linux command line.

http://cb.vu/unixtoolbox.xhtml

http://www.ee.surrey.ac.uk/Teaching/Unix/

http://linuxcommand.org/learning_the_shell.php

http://www.cs.usfca.edu/~parrt/course/601/lectures/unix.util.html

http://www.pixelbeat.org/cmdline.html

http://bhami.com/rosetta.html

http://www.oreillynet.com/linux/cmd/

Priority of network interfaces within Windows

To determine the priority of available network interfaces within Windows, launch a command prompt and use the following command:

netstat –rn

Near the top of the information will be a list of all of the network interfaces and a priority number in a column to the left.  The loopback entry will normally be the lowest.

If you wish to change the priority list, access the TCP/IP properties for the interface in question and remove the default checkbox for “Automatic metric” and manually enter a value.  A value higher than 1 is probably preferred as not to interfere with the loopback address entry.

Verify That TRIM Is Enabled In Windows 7

Windows 7 is supposed to automatically detect a SSD hard drive and enable the TRIM function by default.  To verify this setting, launch a command prompt with local administrative authority and type:

fsutil behavior query DisableDeleteNotify

Two results are possible:

0 –> This indicates that TRIM is enabled and working.

1 –>  This means that TRIM is not enabled.

CopyTrans Manager

CopyTrans Manager is a free application to allow simple transfer of data to an iPod or iPhone instead of using iTunes.  A portable version is available.

http://www.copytrans.net/

Microsoft’s Enhanced Mitigation Experience Toolkit

EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.  This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited.  By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04&displayLang=en&pf=true

ADRecycleBin

ADRecycleBin (Active Directory Recycle Bin) allows administrators to quickly restore deleted Active Directory objects via an easy to use GUI.  The tool supports Windows 2008 R2 Active Directory Recycle Bin technology, supports Object reanimation in earlier versions of Active Directory, the review  of deleted object, and allows you to restore multiple objects at the same time.

http://www.overall.ca/index.php?option=com_content&view=article&id=40:adrecyclebin&catid=15:adrecyclebinexe&Itemid=64

VMWare Converter

VMWare Converter is a free solution to convert a physical OS to a virtual machine.  The application can currently be found at http://www.vmware.com/products/converter/.  Once the program has been installed on the target machine in question, launch the application and click on the Convert Machine button.

A wizard starts asking the source of the process.

The next screen asks about the destination type and what VMWare product will be used.  The location of the output must have enough free disk space available.  This example is creating a virtual entry to be used with the VMWare Player and using a network drive for the destination area.

The third screen will display the various options available.  Any entry with a warning must be addressed.  In the example below, the number of processor’s by default is incorrect.

If you click on the warning, a description will appear near the top of the screen.  An option is also available to install VMWare Tools within the output.

The warning above is concerning the requirement of Sysprep files for the target operating system in question.  A KB article concerning the locations of the Sysprep downloads for older Windows versions can be found at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005593.

Once the files are downloaded, the /x flag must be used to extract the files from the executable.

The Expand command can be used to extract the .cab file into individual files.

The files can then be copied to the path requested by the Converter application.

Once all of the warning notifications are addressed, the final screen of the wizard will display a summary of the upcoming process.

Once started, the main dialog box will display a status of the conversion process.

A KB web page with troubleshooting tips can be found at http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1004588&sliceId=1&docTypeID=DT_KB_1_1&dialogID=110502783&stateId=0%200%20115438180.

Performance Analysis of Logs (PAL) Tool

Ever have a performance problem, but don't know what performance counters to collect or how to analyze them?  The PAL (Performance Analysis of Logs) tool is a powerful tool that reads in a performance monitor counter log and analyzes it using known thresholds.

Features

• Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
• An easy to use GUI interface which makes creating batch files for the PAL.ps1 script.
• A GUI editor for creating or editing your own threshold files.
• Creates an HTML based report for ease of copy/pasting into other applications.
• Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer's role or hardware specs.

http://pal.codeplex.com/

Rockbox

Rockbox is an open source firmware for mp3 players, written from scratch.  Rockbox is a replacement firmware for the iPod, iriver, Cowon, and many other devices.  What the firmware does is extends the functionality and features of your current digital music player.

http://www.rockbox.org/

NMCap

NMCap is a command-line executable that is included within Microsoft’s Network Monitor installation.  It allows for network capture via a non-GUI method such as a batch file.  The command nmcap /displaynetwork will show the available network cards.

The command nmcap /network * /capture /file C:\users\swalker\desktop\test.cap will capture all traffic on all network cards, and will place the data within a file called test.cap.

The command nmcap /network * /capture “tcp.port == 80” /file C:\users\swalker\desktop\test.cap will capture traffic only using TCP port 80 for all network cards, and will place the data within a file called test.cap.

One option is to create capture files based on file size.  This would prevent the creation of one large single file.  The command nmcap /network * /capture /file C:\users\swalker\desktop\test.chn:1MB will capture traffic on all interfaces and create a series of 1 MB files.

After using the command above, several separate files will be created after a period of time.

 

The individual files can be combined into a single file after the fact.  The command nmcap /inputcapture test.cap test(1).cap test(2).cap test(3).cap test(4).cap /capture /file out.cap will combine the various individual files into one file.

After the command is used, a new single file with all of the captured data should be present.

To see more sample options, use the command nmcap /examples.  For example, the command nmcap /network * /capture  (!ARP AND !ICMP AND !NBTNS AND !BROWSER) /File NoNoise.cap creates a capture file excluding several traffic types.

Restore default libraries within Windows 7

If you attempt to modify the default libraries within Windows 7 and wish to go back to the initial default values, open Windows Explorer.  Right-click on the Libraries icon and select “Restore default libraries.”  This will not affect any custom library entries that may have been created.

How to create a “God Mode” shortcut within Windows 7

A shell shortcut (nicknamed the “God Mode”) was discovered to work with Windows 7.  It is simply a list of every single Control Panel feature.  To enable this view, right-click on the Desktop and select New –> Folder.  Copy and paste the following text as the name:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

After hitting the return key, the icon of the folder should change.

If the shortcut is accessed, a list of all Control Panel features should be present.

Encrypt your backup within iTunes

By default, iTunes will perform a backup of your Apple device.  But this backup is not encrypted on your computer’s hard drive.  To enable this feature, launch iTunes and connect your device.  Under the Summary tab, enable the option “Encrypt iPod backup.”

A dialog box should appear asking for a password.

List of utilities for Hyper-V

• Wim2VHD
  Creates a Windows Server 2008/Vista/Win7 VHD from media in 5 minutes.
  
• VHDtool
  Command-line tool for VHD manipulation including instant creation of large fixed-size VHDs
  
• Hyper-V PowerShell library
  PowerShell Library for Hyper-V, simplify Hyper-V scripting
  
• CoreConfigurator
  Server Core/Hyper-V Server configuration interface
  
• Hvremote
  Configures servers and clients for remote management of Hyper-V in both workgroup and domain environments
  
• nvspbind
  Tool for modifying network bindings from the command line
  
• nvspscrub
  Tool for removing Hyper-V Virtual Networking Configuration from the parent partition
  
• BootfromUSB-HVS
  Simplify the creation of bootable Hyper-V Server USB drives
  
• VM Migration Test Wizard
  Discovers which hosts need the "Enable Processor compat" option for Live Migration

Eventlog to Syslog Service for Windows

This program is written in C and provides a method of sending Windows Eventlog events to a syslog server. It works with the new Windows Events service found in Vista and Server 2008 and can be compiled for both 32 and 64-bit environments. The program is designed to run as a windows service.

http://code.google.com/p/eventlog-to-syslog/

SAGAN

SAGAN is a real time event log monitoring system that is able to detect incidents on hosts or network and can correlate information with the snort sensor present on your network. It gathers syslog events and then correlates them with other alerts such as snort logs.

http://sagan.softwink.com/

Kace’s Secure Browser

Kace’s Secure Browser is a virtualized and contained Firefox v3.6 Browser with Adobe Reader and Flash plug-ins pre-installed.

http://www.kace.com/products/freetools/secure-browser/

SharePoint SUSHI

SharePoint SUSHI is a powerful, user-friendly utility enabling you to accomplish common administrative tasks. You can think of SUSHI as a Swiss army knife for SharePoint.

SUSHI = SharePoint Utility with a Smart, Helpful Interface

http://sushi.codeplex.com/

Exchange Deployment Assistant

The Exchange Server 2010 Deployment Assistant (ExDeploy) is a free web-based tool which can help you deploy Exchange Server 2010. With ExDeploy, you can create Exchange Server 2010 on-premises deployment instructions that are customized to your environment. The Deployment Assistant asks you a small set of questions, and based on your answers, it provides a checklist with instructions that are designed to get you up and running on Exchange 2010. You can also print the checklist or create a PDF file.

You can access ExDeploy at http://technet.microsoft.com/exdeploy2010.

Show command examples with IOS

Below are some examples of different Show commands within Cisco’s IOS.

show version

The command show version provides basic information about the device in question, such as hardware resources, software revision, and uptime.

show inventory

The command show inventory provides a compiled list of all hardware components present in the device in question, such as a description, part ID, hardware revision, and serial number.

show environment

The command show environment displays hardware diagnostic information such as power supply status, fan speed, and temperatures.

show tech-support

The command show tech-support is an alias for a number of other commands and it will create a large amount of information that can be submitted with a support request.

show processes

The command show processes displays running processes on the device in question. 

A similar command of show processes cpu sorted can be used to determine the processes by the highest CPU utilization.

How to opt out of interest-based ads from the iAd network

Apple and its partners use cookies and other technologies in mobile advertising services to control the number of times you see a given ad, deliver ads that relate to your interests, and measure the effectiveness of ad campaigns. If you do not want to receive ads with this level of relevance on your mobile device, you can opt out by accessing the following link on your iOS 4 mobile device: http://oo.apple.com. The message "You have successfully opted out" will appear and you will be automatically opted out of interest-based ads.

Remote Desktop Connection Manager

RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated check-in systems and data centers. It is similar to the built-in MMC Remote Desktops snap-in, but more flexible.  This was an internal tool at Microsoft but has been released to the public.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4603c621-6de7-4ccb-9f51-d53dc7e48047

PowerShell commands to query hardware

Below are some PowerShell commands to query hardware.

gwmi win32_baseboard

gwmi win32_processor

gwmi win32_battery | select est*

Get-WmiObject -class MSStorageDriver_FailurePredictStatus -NameSpace root\WMI | Select Active, PredictFailure

Dual Monitor Tools

Dual Monitor Tools is a software package for Windows users with dual or multiple monitor setups.

All the tools are open source and free, and each tools is independent so you only need to install or run what you want.

http://dualmonitortool.sourceforge.net/

Snorby

Snorby is a new and modern Snort IDS front-end. The basic fundamental concepts behind Snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.

http://snorby.org/

WinToFlash

WinToFlash is a software for transfer your Windows XP, Server 2003, Vista, Server 2008 and 7 setup from CD or DVD to USB. This is about you can install your Windows from flash drive, USB pen, HDD, etc to your computer or netbook.

http://wintoflash.com/

Flint

Flint is an open-source application that can check Cisco PIX/ASA firewall configurations.

http://runplaybook.com/flint

pt360 Tool Suite

Offered as a free solution, the PacketTrap pt360 Tool Suite PRO consolidates dozens of network management and monitoring tools into a single, integrated interface. The tool suite includes Cisco configuration management, server and application monitoring, open source and third party integration, a robust encrypted credential store, the ability to save and flow results between tools, deep network discovery (with network mapping) and syslog server capabilities.

http://www.packettrap.com/product/pt360_pro.aspx

CloudBerry S3 Explorer

CloudBerry Explorer makes managing files in Amazon S3 storage easy.  By providing a user interface to Amazon S3 accounts, files, and buckets, CloudBerry lets you manage your files on cloud just as you would on your own local computer.

http://cloudberrylab.com/

Shortcut to access System Properties within Windows 7

To quickly access the Advanced System Properties dialog box within Windows 7, type systempropertiesadvanced (with no spaces) with the Search dialog box under the Start Menu.

Add Hardware Wizard for Windows 7

Within Windows 7, the Add Hardware Wizard is no longer available via the Control Panel.  To launch the wizard, use the text of hdwwiz.exe within the search dialog box within the Start Menu.

How to find a MAC address within an IOS-based switch

To search for a MAC address on an IOS-based switch, use the following command at a privileged mode prompt:

show mac-address-table address value

The format should be ####.#####.#### for the mac address value.

Wubi Installer

Wubi is an officially supported Ubuntu installer for Windows users that can bring you to the Linux world with a single click. Wubi allows you to install and uninstall Ubuntu as any other Windows application, in a simple and safe way.

http://wubi-installer.org/

SharePod

SharePod is an application to work with an iPod.  It allows data to be copied and backed up.

http://www.getsharepod.com/

Listing PowerShell Modules

Windows PowerShell modules exist in two states: loaded and unloaded. To display a list of all loaded modules, you can use the Get-Module cmdlet without any parameters.  To obtain a listing of all modules that are available on the system but are not loaded into the PowerShell console, you can use the Get-Module cmdlet with the −ListAvailable parameter.

EasyPeasy

EasyPeasy is a Linux distro based on Ubuntu that is designed for netbooks.

http://www.geteasypeasy.com/

Software options that work with Active Directory

The following vendors offer additional software solutions to work with Active Directory.

http://www.netwrix.com/

http://www.cionsystems.com/

http://www.jijitechnologies.com/

http://www.manageengine.com/

hMailServer

hMailServer is a free SMTP/POP3 software package for Windows.

http://www.hmailserver.com/

Microsoft Office Isolated Conversion Environment

Below is a link to a KB article concerning the issue of Microsoft’s Office Isolated Conversion Environment for Office.  MOICE uses the 2007 Microsoft Office system converters to convert the Office binary format files into the Office Open XML format. This process helps remove the potential threat that may exist if the document is opened in the binary format. Additionally, MOICE converts incoming files in an isolated environment.

http://support.microsoft.com/kb/935865

How to enable DEP for Microsoft Office

Below is a link to a KB article concerning the issue of enabling DEP with Microsoft Office.

http://support.microsoft.com/kb/971766

How to manually troubleshoot and repair the Windows 7 bootloader

Below are some steps and a link concerning the bootrec.exe file with Windows 7.  This option should be used after attempting to perform a “normal” repair via the Windows 7 disk.

1. Boot the machine in question via the Windows 7 installation disk.

2. Press a key when you are prompted.

3. Click Repair your computer.

4. Click on the operating system that you wish to repair and click Next.

5. In the System Recovery Options dialog box, click Command Prompt.

6. Type bootrec.exe.

The bootrec.exe /FixMbr writes a MBR to the system partition.

The bootrec.exe /FixBoot writes a new boot sector to the system partition.

The bootrec.exe /ScanOs scans all disks for installations that are compatible with Vista or Windows 7.

The bootrec.exe /RebuildBcd allows you to select the installations that you wish to add to the BCD store.

More information can be found at the link below:

http://support.microsoft.com/kb/927392

Loverboy security tool

Loverboy is a web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres. Further, it can crawl a website as a vulnerability scanner looking for sql injection vulnerabilities.

http://sourceforge.net/projects/loverboy/

Detecting an IP address conflict with Microsoft’s DHCP Server

An IP address conflict detection option can be enabled within Microsoft’s DHCP Server software by accessing the Properties of the node and setting the Conflict Detection Attempts to a value other than 0.

A value other than 0 will mean the server will send a ping request for the address in question before assigning it.