To display the menu options with all applications within Ubuntu version 16.04, access Settings –> Appearance –> Behavior, and set the Menus visibility parameter to “Always displayed”.
Friday, December 2, 2016
Move the Unity Launcher to the bottom of the screen on Ubuntu 16.04
Ubuntu Drivers Command
To install proprietary drivers within Ubuntu, one method is to use the following command:
ubuntu-drivers devices
This utility should automatically scan for hardware devices that are in need of proprietary drivers.
To install the drivers, use the command:
ubuntu-drivers autoinstall
VMFleet
VMFleet is a set of scripts that uses DISKSPD workloads inside multiple Windows Server 2016 Storage Spaces Direct hyper-converged guests. You can control the behaviors, quantities, IO patterns, etc. of all the VMs through a master control script.
https://github.com/Microsoft/diskspd/tree/master/Frameworks/VMFleet
Thycotic Secret Server
Thycotic Secret Server is an enterprise password management solution.
https://4sysops.com/archives/thycotic-secret-server-enterprise-password-management/
Minio
Minio is an object storage server built for cloud application developers and devops. Written in Go, the focus is an easy to deploy and use 100% S3 compatible, object based storage platform.
Acrylic DNS Proxy
Acrylic DNS Proxy is a local DNS proxy for Windows which improves the performance of your computer by caching the responses coming from your DNS servers and helps you fight unwanted ads through a custom HOSTS file (optimized for handling hundreds of thousands of domain names) with support for wildcards and regular expressions. A portable version is available.
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome
Have I been pwned web site
The “Have I been pwned” web site contains a searchable database of data breaches.
Tuesday, November 1, 2016
MBRFilter
MBRFilter is an utility for 32 or 64-bit Windows computers that attempts to prevent rootkits.
DRS Doctor
DRS Doctor is a command line tool that can be used to diagnose DRS behavior in VMware vCenter clusters. When run against a DRS enabled cluster, it records information regarding the state of the cluster, the work load distribution, DRS moves, etc., in an easy to read log format.
Memtest86
Memtest86 is an application for testing memory with a computer. Free and paid versions are available. The application boots from a USB or CD disk.
Google Nik Collection
The Google Nik Collection offers several high-quality photo retouching/editing filter profiles for use in Photoshop or Paint.NET. Below are links to the Collection and how to use the filters within Paint.NET.
https://www.google.com/nikcollection/
http://grandstreamdreams.blogspot.com/2016/05/run-free-google-nik-photoshop-filter.html
Microsoft AppSource
Microsoft AppSource is a search engine for line-of-business software-as-a-service apps from Microsoft and its partners.
Professor Messer web site
The Processor Messer web site has free videos available on several different topics such as A+ and Network+ certifications.
VMware NSX Visio Diagramming Tool
The NSX Visio Diagramming Tool is an utility to create documentation within an NSX environment.
https://github.com/vmware/powernsx/tree/master/tools/DiagramNSX
Microsoft cloud IT architecture resources
The web site below offers links to several Microsoft-related cloud services such as Azure and Office365.
Saturday, October 1, 2016
How to create a web app from an existing web page within ChromeOS
To create a web app within ChromeOS from an existing web page, access the URL in question as normal. Click on the three button overflow menu selection –> More Tools –> Add to shelf.
A small dialog box should appear. You can rename the entry and also use the available option to open the shortcut within a new window.
A new shortcut icon should appear on the taskbar.
To remove the “Open as window” option, right-click on the taskbar icon and uncheck the menu selection.
MailSniper
MailSniper is a penetration testing tool, written in PowerShell, to allow for mass searching through email across every mailbox of an organization’s Microsoft Exchange environment.
Windows Firewall Control
Windows Firewall Control is a free utility which extends the functionality of Windows Firewall and provides new extra features.
Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset
The ETOpen Ruleset is an anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. To use this ruleset you need an IDS such as Snort or Suricata.
https://www.proofpoint.com/us/threat-intelligence-open-source-community
Mailbox Recovery Troubleshooter
Microsoft has an Exchange Online mailbox recovery troubleshooter available at the link below.
https://support.microsoft.com/en-us/help/20804/mailbox-recovery-in-exchange-online
moreutils
The moreutils package is a set of utilities for Linux and FreeBSD. Some of the commands included are:
chronic: Runs a command quietly unless it fails.
combine: Combine the lines in two files using boolean operations.
errno: Look up errno names and descriptions.
ifdata: Get network interface information without parsing ifconfig output.
ifne: Run a program if the standard input is not empty.
isutf8: Check if a file or standard input is UTF-8.
lckdo: Execute a program with a lock held.
mispipe: Pipe two commands, returning the exit status of the first.
parallel: Run multiple jobs at once.
pee: tee standard input to pipes.
sponge: Soak up standard input and write to a file.
ts: Timestamp standard input.
vidir: Edit a directory in your text editor.
vipe: Insert a text editor into a pipe.
zrun: Automatically uncompress arguments to command.
More information can be found at the moreutils web site at https://joeyh.name/code/moreutils/.
Azure AD Connect Configuration Documenter
The Azure AD Connect Configuration Documenter is a free utility to generate documentation of an Azure AD Connect installation based on an exported server configuration.
Media eXperience Analyzer
Media eXperience Analyzer (MXA) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback.
https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-149-Media-eXperience-Analyzer-part-1
IPLeak.Net
IPLeak.Net is a web site that displays network information such as IP address and DNS server values.
Thursday, September 1, 2016
Observatory by Mozilla
Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
PowerShell script to test hardware for Device and Credential Guard readiness
A PowerShell script is available at the link below to check a Windows 10 or Server 2016-based computer for readiness for Device and Credential Guard. The script has the following options:
- Check if the device can run Device Guard or Credential Guard
- Check if the device is compatible with the Hardware Lab Kit tests that are ran by partners
- Enable and disable Device Guard or Credential Guard
- Check the status of Device Guard or Credential Guard on the device
- Integrate with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
- Use an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided
https://www.microsoft.com/en-us/download/details.aspx?id=53337
DriverBackup!
DriverBackup! is a free utility for Windows for drivers' backup, restoration and removal with command line options, and automatic restoration from CD\DVD.
Using Process Hacker to view non-signed processes
Process Hacker is an open-source process utility for Windows that is similar to the Sysinternals application Process Explorer. The utility can be found at:
http://processhacker.sourceforge.net/
To view the services “behind” a svchost.exe entry, hover the cursor over the entry and a small dialog box should appear.
The majority of the time, malware is not digitally signed. To view non-signed processes, first add the two columns by right-clicking on an existing column under the Processes tab and selecting the “Choose columns” option.
Select “Verification status” and “Verified signer”, and add both to the active columns list.
To view only non-signed processes, use the menu option View –> Hide signed processes.
An error dialog box may appear:
Under Options –> Advanced, enable the selection for “Check images for digital signatures and packing”. A restart of the application will probably be required.
A process entry can be submitted to VirusTotal by using the right-click –> Send to –> virustotal.com option.
Reclaim Disk Space After the Windows 10 Anniversary Update
To reclaim some disk space after the Windows 10 Anniversary update, access Settings, System, Storage and then This PC (C:). Scroll down to Temporary files and click on it.
Check the Previous version of Windows option and then click Remove Files.
How to reset network settings within Windows 10 Anniversary edition
Within the Windows 10 Anniversary edition, an option is available to reset all network settings. Windows will forget your Ethernet network including all Wi-Fi networks and passwords. Resetting will disable and then reinstall all network adapters and set other networking components back to their original settings.
To access this feature, access Settings and then Network and Internet.Click on the Status link in the left column and then on the Network reset link.
Another dialog box will appear confirming the action; use the Reset now button.
Limited Periodic Scanning in the Windows 10 Anniversary Edition
When a third party anti-virus/malware solution is installed with Windows 10, Windows Defender normally is disabled to avoid any conflicts. With the Anniversary Edition of Windows 10, a new option is available to allow Defender to perform a background scan.
To enable Limited Periodic Scanning, open Windows Settings and Update & Security. Access the Windows Defender section. If Windows Defender is currently the default security client, the following menu option will not be present.
A system tray notification will appear if the feature is enabled.
Additional details on this feature can be found at https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/
How to enable the Dark App Mode with Windows 10
Within Windows 10 Anniversary edition, a dark app mode is available. To enable it, open Windows Settings and then select Personalization. Click on the Colors option within the left column and then change the app mode on the right to dark.
Monday, August 1, 2016
Script to reset Windows Update
If a client is not reporting correctly to a WSUS service, a few scripts to reset Windows Update can be found at the links below.
https://gallery.technet.microsoft.com/scriptcenter/Dos-Command-Line-Batch-to-fb07b159
https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc
Automater Python script
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from various sources. Output options include .CSV and .HTM.
https://github.com/1aN0rmus/TekDefense-Automater
PowerActions
PowerActions integrates the vSphere Web Client and PowerCLI to provide complex automation solutions from within the standard vSphere management client. PowerActions is deployed as a plugin for the vSphere Web Client and will allow you to execute PowerCLI commands and scripts in a vSphere Web Client integrated Powershell console.
https://labs.vmware.com/flings/poweractions-for-vsphere-web-client
Extrasphere
Extrasphere is a set of tools for managing VM data in vSphere environments, including VM migration, hot mirroring and encryption scenarios.
Drive SnapShot
Drive SnapShot is an utility for Windows to create an image backup while Windows is running.
TraceTCP
TraceTCP is a Windows-based version of the TCPTraceRoute application normally found within Linux distributions.
Friday, July 1, 2016
Allowing a script to execute within Linux
By default, Linux does not allow a program or script to launch unless it is marked with the permission to execute. To allow a script to run, use the command chmod u+x filename. The command chmod u+x name adds permission for the user that owns the file to execute it. The command only changes the permissions associated with the file; it does not change the security controls associated with the entire volume.
Windows 10 and Windows Server 2016 security auditing and monitoring reference
The link below is to a document that contains security auditing and monitoring details for Windows 10 and Windows Server 2016.
https://www.microsoft.com/en-us/download/details.aspx?id=52630
Windows 10 release information web site
The web site below includes a chart of the various different release versions of Windows 10.
Warp17
Warp17 is a lightweight solution for generating high volumes of session-based traffic with high setup rates.
https://isc.sans.edu/diary/Warp+Speed+Ahead%2C+L7+Open+Source+Packet+Generator%3A+Warp17/21163
Poderosa
Poderosa is a terminal emulator similar to Putty.
https://github.com/poderosaproject/
tinySpell
The tinySpell application is a spell checker with two versions: a free edition and one with more advanced features for a fee. Portable versions are available.
VMware Logon Monitor
VMware Logon Monitor monitors Windows user logons and reports a wide variety of performance metrics intended to help administrators, support staff, and developers troubleshoot slow logon performance. Metrics include, but are not limited to, logon time, CPU/memory usage, and network connection speed. VMware Logon Monitor also receives metrics from other VMware products which provide even more clues about what is happening during the logon flow.
DNS Sinkhole
DNS Sinkhhole is a Slackware-based .ISO to configure a DNS sinkhole service.
https://isc.sans.edu/diary/DNS+Sinkhole+ISO+Version+2.0/21153
Wednesday, June 1, 2016
WinPE USB creation process
To create a basic bootable WinPE USB drive, use the following steps.
Launch an evaluated command prompt. Use the following commands.
c:\windows\system32> diskpart
diskpart> list disk
diskpart> select disk #
diskpart> clean
diskpart> create partition primary
diskpart> select partition 1
diskpart> active
diskpart> format fs=fat32 quick
diskpart> assign letter x
Download the Windows ADK for your operating system via the link below:
https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx
Install Windows PreInstallation Environment (Windows PE); deselect the other components.
First find the DandISetEnv.bat batch file under Deployment Tools subfolder and execute it to set the variables within the command line session.
Find the copype.cmd batch file and execute the following command:
copype.cmd amd64 c:\temp\winpe_amd64
This will change the directory of the command prompt to the destination by default.
Copy the output to the root of the USB drive with the following command.
robocopy c:\temp\winpe_amd64\media x: /e /xd *-*
At this point, the USB drive should be ready to boot from.
Some available commands are listed below.
https://technet.microsoft.com/en-us/library/cc749055(v=ws.10).aspx
Microsoft Surface Diagnostic Toolkit and Data Eraser
The Microsoft Surface Diagnostic Toolkit is a diagnostic tool that performs tests against the Surface hardware and software pieces significant to hardware operation to report on any specific problems that it finds. It works for Surface Book, Surface Pro 4, Surface 3 LTE, Surface 3, Surface Pro 3, Surface Pro 2, and Surface Pro.
Also included within the toolkit is the Microsoft Surface Data Eraser. It is an utility that can be used to create an USB boot drive. An USB stick of at least 4 GB is required since OS boot files are copied along with the data wiping application.
The Surface device must be configured to boot from USB in the firmware. To do this:
- Turn off the Surface device.
- Press and hold the Volume Up button.
- Press and release the Power button to power the device.
- Release the Volume Up button.
Once booted to the Microsoft Surface Data Eraser USB drive, the utility provides 3 options:
- S = initiate the Data Erase process
- D = this option allows you to run diskpart.exe to manage the partitions on the device
- X = cancel the operation and shut down the device
The Microsoft Surface Data Eraser Utility works for the Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface 3 LTE, and Surface Pro 2.
https://www.microsoft.com/en-us/download/details.aspx?id=46703
OSFClone
OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images. In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata.
Office 365 Support and Recovery Assistant
Office 365 Support and Recovery Assistant is an utility to check for common issues with Office 365.
SmokePing
SmokePing measures latency and packet loss that can be analyzed over time to reveal changes in latency that can be used for troubleshooting or network planning. It does this by firing off Ping packets at regular intervals and recording the response times. Spikes that show up on graphs of the data gathered indicate when response-time troubles arise and can help narrow down investigations into their causes.
OpenNMS
OpenNMS is a network monitoring service. OpenNMS can generate its own events or receive events from outside sources, such as SNMP Traps, syslog or TL/1.
Ringtone Maker for Windows 10 Mobile
Ringtone Maker allows for the creation of a custom ring tone based on an existing music file.
Remove lines with a particular character within Notepad++
Notepad++ has a feature to remove lines within a text file that includes a particular character. To start the process, use Control + F to open the Find dialog box. Access the Mark tab. Enable the Bookmark line option. Enter the character to search for. Click on the Mark All button. This should select the line or lines within the main window.
Under Search –> Bookmark, use the option Remove Bookmarked Lines.
Sunday, May 1, 2016
Honeyport
Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system. The script is available at:
https://github.com/Pwdrkeg/honeyport/
An elevated PowerShell session must be used. Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters. The switch –ports will listen on a single or multiple ports; the example shows port 23. The local Windows Firewall may display a prompt when the script is initially executed.
To review log information, use the command Get-EventLog honeyport.
Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.
The data from the Event Log could be exported to a text file using a command such as the example below.
Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt
Phishing Frenzy
Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible.
VMware View SSO Diagnostic Utility
The Horizon SSO Diagnostic Utility is a diagnostic application that performs basic validation of the Horizon (Certificate) Enrollment server, the Active Directory PKI settings, and Enterprise Certificate Authorities (CA).
Homedale
Homedale is an wireless utility for Windows that offers an overview of all available access points with their signal strength, encryption [WEP/WPA/WPA2], speed, and channel.
http://thesz.diecru.eu/content/homedale.php
https://www.the-sz.com/products/homedale/
AeroFS
AeroFS is an enterprise file sync & share solution deployed on the customer’s infrastructure, allowing the company to keep control of its data and enabling employees to securely collaborate both inside and outside the organization.
LiveUSB Install
LiveUSB Install is an utility to create a install several Linux distributions on an USB drive.
Project my screen App for Windows Phone
The Project my screen App for Windows Phone can be used to deliver a Windows Mobile screen directly to a computer’s monitor. The app can be used to take screen captures of mobile screens. The app only supports delivering video; it does not also deliver audio.
https://www.microsoft.com/en-us/download/details.aspx?id=42536
Friday, April 1, 2016
SmartScreen Demo Pages
This site includes various demo examples of the SmartScreen component within Internet Explorer.