Current Branch for Business setting within Windows 10 Professional

The Current Branch for Business was released around four months after the Current Branch in the past, though this appears to be changing within the Fall Creator update time period.  The CBB was originally designed to give organizations time to test the new version.  To configure Windows 10 Professional to use this parameter, launch gpedit.msc with local administrative authority and navigate to Computer Configuration –> Administrative Templates –> Windows Components –> Windows Update –> Defer Windows Updates.  Modify the “Select with Feature Updates are received” entry and set it to Enabled.  Use the drop-down dialog box to select “Current Branch for Business” and enter a day value such as 90 days.

Another option at the same path is “Select when Quality Updates are received.”

This will delay the installation of monthly updates for the number of days that are specified.  When checking the Update section under Settings, a notification warning will appear stating some settings are hidden or managed.

CyberChef

CyberChef is an online utility with a large number of available parameters.  Examples would be to convert data formats such as to and from Hex, to and from Binary, etc.  A portable version can be downloaded as well.

https://gchq.github.io/CyberChef/

PowerShell Group-Object

The Group-Object cmdlet within PowerShell is similar to the GROUP BY command within a normal SQL statement.  Below are a few examples of using the cmdlet to obtain count totals.

NoMoreRansom.org

The web site for NoMoreRansom allows an individual to upload a sample file encrypted by a ransomware varient to determine if a solution is available for decrypting.

https://www.nomoreransom.org/

SessionGopher

SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop.

SessionGopher works by querying the HKEY_USERS hive for all users who have logged onto a domain-joined box at some point. It extracts PuTTY, WinSCP, SuperPuTTY, FileZilla, and RDP saved session information. It automatically extracts and decrypts WinSCP, FileZilla, and SuperPuTTY saved passwords.

https://github.com/fireeye/SessionGopher

Stitch

Stitch is a cross-platform Python Remote Administration Tool. This framework allows you to build custom payloads for Windows, Mac OSX and Linux.

https://github.com/nathanlopez/Stitch

VMware Technical Papers web site

The URL below is the main page for the Technical Papers resource on the VMware web site.

http://www.vmware.com/techpapers.html#/?client=tech_paper&num=25&filter=0&site=tech_paper&ie=UTF-8&oe=UTF-8&getfields=*&partialfields=(default:default)&requiredfields=&entqr=0&start=0&sort=meta:revisionDate:D&tlen=200&numgm=3&cn=vmware&cc=en&cid=&tid=&stype=main