Thursday, September 1, 2016

Observatory by Mozilla

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

image

https://observatory.mozilla.org/

PowerShell script to test hardware for Device and Credential Guard readiness

A PowerShell script is available at the link below to check a Windows 10 or Server 2016-based computer for readiness for Device and Credential Guard.  The script has the following options:

  • Check if the device can run Device Guard or Credential Guard
  • Check if the device is compatible with the Hardware Lab Kit tests that are ran by partners
  • Enable and disable Device Guard or Credential Guard
  • Check the status of Device Guard or Credential Guard on the device
  • Integrate with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
  • Use an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided

https://www.microsoft.com/en-us/download/details.aspx?id=53337

windows10_dg_readiness_1

windows10_dg_readiness_2

DriverBackup!

DriverBackup! is a free utility for Windows for drivers' backup, restoration and removal with command line options, and automatic restoration from CD\DVD.

https://sourceforge.net/projects/drvback/

HashCat

The link below contains several password recovery utilities.

https://github.com/hashcat/

Using Process Hacker to view non-signed processes

Process Hacker is an open-source process utility for Windows that is similar to the Sysinternals application Process Explorer.  The utility can be found at:

http://processhacker.sourceforge.net/

To view the services “behind” a svchost.exe entry, hover the cursor over the entry and a small dialog box should appear.

process_hacker_1

The majority of the time, malware is not digitally signed.  To view non-signed processes, first add the two columns by right-clicking on an existing column under the Processes tab and selecting the “Choose columns” option.

process_hacker_2

Select “Verification status” and “Verified signer”, and add both to the active columns list.

process_hacker_3

To view only non-signed processes, use the menu option View –> Hide signed processes.

process_hacker_4

An error dialog box may appear:

process_hacker_5

Under Options –> Advanced, enable the selection for “Check images for digital signatures and packing”.  A restart of the application will probably be required.

process_hacker_6

A process entry can be submitted to VirusTotal by using the right-click –> Send to –> virustotal.com option.

process_hacker_7

Reclaim Disk Space After the Windows 10 Anniversary Update

To reclaim some disk space after the Windows 10 Anniversary update, access Settings, System, Storage and then This PC (C:).  Scroll down to Temporary files and click on it.

windows10_clear_previous_version_1

Check the Previous version of Windows option and then click Remove Files.

windows10_clear_previous_version_2

How to reset network settings within Windows 10 Anniversary edition

Within the Windows 10 Anniversary edition, an option is available to reset all network settings.  Windows will forget your Ethernet network including all Wi-Fi networks and passwords.  Resetting will disable and then reinstall all network adapters and set other networking components back to their original settings.

To access this feature, access Settings and then Network and Internet.Click on the Status link in the left column and then on the Network reset link.

windows10_network_reset

Another dialog box will appear confirming the action; use the Reset now button.

Limited Periodic Scanning in the Windows 10 Anniversary Edition

When a third party anti-virus/malware solution is installed with Windows 10, Windows Defender normally is disabled to avoid any conflicts.  With the Anniversary Edition of Windows 10, a new option is available to allow Defender to perform a background scan.

To enable Limited Periodic Scanning, open Windows Settings and Update & Security.  Access the Windows Defender section.  If Windows Defender is currently the default security client, the following menu option will not be present.

image

A system tray notification will appear if the feature is enabled.

image

Additional details on this feature can be found at https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/

How to enable the Dark App Mode with Windows 10

Within Windows 10 Anniversary edition, a dark app mode is available.  To enable it, open Windows Settings  and then select Personalization.  Click on the Colors option within the left column and then change the app mode on the right to dark.

windows10_dark_mode