Saturday, December 1, 2018

FCC DTV Coverage Service

The site below is via the FCC, and shows DTV available coverage per zip code.

https://www.fcc.gov/media/engineering/dtvmaps

How to enable the sandbox mode with Windows Defender

Per the blog posting below, Windows Defender has a sandbox mode to attempt to offer additional protections.

https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/

To enable this feature currently, launch an elevated command prompt and use the following command:

setx /M MP_FORCE_USE_SANDBOX 1

image

https://www.howtogeek.com/fyi/windows-defender-now-offers-ultra-secure-sandbox-mode-heres-how-to-turn-it-on/

Wi-Fi History Report within Windows 10

One method to generate a Wi-Fi history report within Windows 10 is to use the following command within an elevated command prompt.

netsh wlan show wlanreport

image

https://www.howtogeek.com/367100/how-to-generate-a-wifi-history-or-wlan-report-in-windows-10/

https://www.checkyourlogs.net/troubleshooting-remote-connectivity-using-netsh-wlan-show-wlanreport/


How to disable ad feeds within Edge

Microsoft Edge includes ad feeds within new tabs.  To disable this feature, click on the orb on a new tab page.

image

Use the “Blank page” option and then use the Save button.

image

The dialog box may be different if a domain account is involved or with newer versions of Edge.

image

image

Get-NetView

Get-NetView is a PowerShell script used to obtain network troubleshooting details within a Windows client.

https://raw.githubusercontent.com/Microsoft/SDN/master/Diagnostics/Get-NetView.PS1

PsExec clones

Below are some clones of the Sysinternals PsExec utility.

https://github.com/kavika13/RemCom

https://github.com/poweradminllc/PAExec

https://github.com/malcomvetter/CSExec

URLhaus

URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.

https://urlhaus.abuse.ch/

testssl.sh

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

https://testssl.sh/

https://github.com/drwetter/testssl.sh/

https://www.kitploit.com/2018/10/testsslsh-testing-tlsssl-encryption.html

testssh1

testssh2

testssh3

T-Pot

T-Pot is a honeypot project.

https://github.com/dtag-dev-sec/tpotce

https://isc.sans.edu/forums/diary/Playing+with+TPOT/24292/

Thursday, November 1, 2018

Block being automatically being logged into Chrome

With the release of Chrome 69, it was discovered that logging into a Google account will also automatically log the user into Chrome.  To disable this feature, use the following URL:

chrome://flags/#account-consistency

Set the "Identity consistency between browser and cookie jar" flag to Disabled.

image

With Chrome 70, a menu option is now available to turn off this default parameter.  Access Settings –> Advanced, and then disable “Allow Chrome sign-in.”

image

As Built Report

As Built Report is a configuration document framework which uses Microsoft PowerShell and PScribo, to generate and build as built report documents in HTML, XML, Text & MS Word document formats.

As Built Report is an open source project developed primarily for IT professionals to allow them to easily produce ‘as built’ configuration documentation which is clear and consistent, across multiple IT vendors and technologies.

https://www.timcarman.net/as-built-report/

https://notesfrommwhite.net/2018/09/09/as-built-report-working-with-it-in-my-lab/

The “last” command within Linux

The “last” command displays recent login information for a Linux machine.  The command with no arguments will return all recent logins.  Information for a particular user account can be found by adding the account name in question.

image

image

Hidden game in Chrome

To access a hidden game within Google Chrome, use the following URL:

chrome://dino

At this screen, hit the space bar.

image

image

Use the Up arrow to jump the dinosaur over the cactus.

Bettercap

Bettercap is a Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

https://github.com/bettercap/bettercap

https://www.bettercap.org/

HammerDB

HammerDB is an opensource utility for Windows and Linux. You can use it to simulate a workload of multiple virtual users against the database for both transactional and analytic scenarios.  HammerDB can test the performance of  SQL Server, Oracle, MySQL, and PostgreSQL installations.

https://www.hammerdb.com/

Redhunt

RedHunt Linux is a virtual machine for adversary emulation and threat hunting.

https://isc.sans.edu/forums/diary/RedHunt+Linux+Adversary+Emulation+Threat+Hunting+Intelligence/24216/

https://github.com/redhuntlabs/RedHunt-OS

Lulu

LuLu is the free, shared-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.

https://objective-see.com/products/lulu.html

pwned

A command-line tool for querying Troy Hunt's Have I been pwned? service using the hibp Node.js module.

https://github.com/wKovacs64/pwned

https://www.kitploit.com/2018/09/pwned-command-line-tool-for-querying.html

Monday, October 1, 2018

Sysinternals Process Monitor

Process Monitor is a Windows utility from Sysinternals.

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

By default, the application is logging for Registry, File, Network, and Process.

image

Control + E toggles capture, and Control + X clears the logs.

image

A quick method to create a filter is the right-click on the name within one of the columns.

image

image

One common use of Process Monitor is to determine the Registry location of a parameter.  The filter parameter would be RegSetValue.

image

In this example, below is the Registry key to enable DEP.

image

To launch the Registry Editor with the path in question, right-click the entry and use the Jump To option.

image

image

Another option is to click on the Target icon and drag on the parameter in question.

image

Applications can be filtered based on process name.

image

Certain items are filtered by default.  To see all data, use the Filter –> Enabled Advanced Output option.

image

The Process Tree view can be accessed using Control Key + T.

image

Create a .CSV file with scheduled tasks entries within Windows

To create a list of existing scheduled task entries within a .CSV format, use the following command within an elevated command session.

schtasks /query /v /fo CSV > tasks.csv

image

Ungoogled-Chromium

ungoogled-chromium is Google Chromium with some Google integration removed. It also features some changes to enhance privacy, control, and transparency.

https://github.com/Eloston/ungoogled-chromium

ExQuilla

ExQuilla is an addon for Mozilla's Thunderbird email client that allows access to both messages and contacts stored on an Exchange Server. ExQuilla uses EWS (Exchange Web Services) for access to the server.  Previous versions required a licensing fee, but is free starting with version 60.

https://addons.thunderbird.net/en-US/thunderbird/addon/exquilla-exchange-web-services/

https://github.com/rkent/exquilla/wiki

To use the extension, launch Thunderbird and do not configure an account within the initial wizard.  Use the Add-Ons and search for ExQuilla.  Add the extension to Thunderbird.

image

After the Thunderbird re-launch, cancel the inital wizard again and click on the ExQuilla icon.

image

Enter the email address and password of the Exchange account.

image

Enter the URL for the remote server.

image

Lynis

Lynis is a security auditing tool for Unix/Linux Systems.

https://cisofy.com/downloads/lynis/

SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

https://www.kitploit.com/2018/08/sqlmap-v128-automatic-sql-injection-and.html

http://sqlmap.org/

Saturday, September 1, 2018

Fix Corrupt Windows System Files

To fix corrupt Windows system files, use the following commands:

chkdsk C:

If any errors are found, use the /f switch:

chkdsk C: /f

sfc /scannow

DISM.exe /Online /Cleanup-image /Scanhealth

DISM.exe /Online /Cleanup-image /Checkhealth

DISM.exe /Online /Cleanup-image /Restorehealth

RITA

RITA is an open source framework for network traffic analysis.

The framework processes Bro logs, and currently supports the following analysis features:

  • Beaconing Detection: Search for signs of beaconing behavior in and out of your network
  • DNS Tunneling Detection Search for signs of DNS based covert channels
  • Blacklist Checking: Query blacklists to search for suspicious domains and hosts
  • URL Length Analysis: Search for lengthy URLs indicative of malware
  • Scanning Detection: Search for signs of port scans in your network

https://github.com/activecm/rita

Free TV and Movie Streaming Services

Below is a list of available free TV and movie streaming services.

https://www.roku.com/whats-on/the-roku-channel

https://pluto.tv/tv/pluto-tv-movies

https://tubitv.com/

https://www.sonycrackle.com/

https://view.yahoo.com/

https://www.xumo.tv/

Application whitelisting with “AaronLocker”

Aaron Margosis has created a number of PowerShell scripts to assist with the document AppLocker policies and capture event data into Excel workbooks.

https://blogs.msdn.microsoft.com/aaron_margosis/2018/06/26/announcing-application-whitelisting-with-aaronlocker/

USB Restricted Mode within iOS

With iOS 11.4.1, a feature called USB Restricted Mode was included.  This option adds protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone’s passcode.

Go to Settings and Face ID (or Touch ID) & Passcode.  Verify that USB Accessories option is disabled. The switch should be off by default. Once an iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device.

image

Sn1per

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.  The Community version includes the following parameters:

Automatically gather recon on target environments

9 Scan modes to meet any pentest scenario

16+ Auto-pwn exploits added

HTML/TXT/PDF reporting of all scans

Workspace creation and storage of all scan data

https://www.kitploit.com/2018/07/sn1per-v50-automated-pentest-recon.html

https://github.com/1N3/Sn1per

https://xerosecurity.com/

NETworkManager

NETworkManager is an utility for Windows.  It includes several features such as port scanner, ping, traceroute, DNS lookup, etc.

https://github.com/BornToBeRoot/NETworkManager

AutorunsToWinEventLog

AutorunsToWinEventLog is a PowerShell script that runs autorunsc and converts it to Windows Events.

https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog

https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/

Wednesday, August 1, 2018

Add PUP protection within Windows Defender

Windows Defender has an optional PUP (Potentially Unwanted Program) protection available, but it is not currently enabled by default.  To enable this feature, launch an elevated PowerShell session and enter the following command:

Set-MpPreference -PUAProtection Enable

image

To verify if the feature is enabled, use the two following commands.  If “1” is returned, the option is enabled.

$Preferences = Get-MpPreference

$Preferences.PUAProtection

image

https://www.howtogeek.com/360648/how-to-enable-windows-defender%E2%80%99s-secret-crapware-blocker/

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus

Veeam PN

Veeam PN (Powered Network) Version 1 is a free lightweight SDN appliance.

http://www.itprotoday.com/industry-perspectives/simplify-remote-access-home-labs-and-offices-veeam-pn

https://www.veeam.com/kb2271

Tubi

Tubi is a video service for movies and TV shows from certain studios.  Free apps are available for several platforms such as Roku, iOS, and Android.

https://tubitv.com/

DBeaver

DBeaver is an SQL client and a database administration tool.  It supports Microsoft SQL as well as other relational databases such as MySQL, PostreSQL, SQLite, Oracle, DB2, MariaDB, and Sybase.  Free and paid versions are available for Mac OS X, Windows, and Linux.

https://dbeaver.com/

Everything

Everything is a free utility for Windows for file/folder searches.  Portable versions are available.

image

https://www.voidtools.com/

SRUM Dump

SRUM Dump is a forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

https://github.com/MarkBaggett/srum-dump

Linux control sequence

Below is a list of control sequence combinations for Linux.

ctrl-c –> interrupts the running program

ctrl-z –> suspends the running program

ctrl-s –> freezes the screen, stopping the display

ctrl-q –> thaws out the screen and allows the screen display to continue

ctrl-h –> deletes the last character typed

ctrl-w –> deletes the last word typed

ctrl-u –> deletes the last line typed

ctrl-r –> retrieves previously run commands so you can run them again

ctrl-u –> removes text from the command line and places it in the clipboard

ctrl-y –> grabs text from the clipboard and runs it

ctrl-l –> clears the screen

ctrl-a –> moves cursor to the beginning of the line

ctrl-e –> moves cursor to the end of the line

WizTree

WizTree is an utility for Windows to find folder and file sizes.

https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

image

Cherrytree

Cherrytree is a hierarchical note taking application featuring rich text and syntax highlighting.  Data is stored within a single xml or sqlite file.

https://www.giuspen.com/cherrytree/

A portable version is available via Portableapps.com

https://portableapps.com/apps/office/cherrytree-portable

image

Sunday, July 1, 2018

Video editing applications for Windows

Below is a list of video editing applications for Windows.

https://www.blackmagicdesign.com/products/davinciresolve/

https://fxhome.com/express

https://www.shotcut.org/download/

www.lwks.com/

https://kdenlive.org/en/

https://www.openshot.org/download/

How to determine Ubuntu version via a terminal session

To determine the version of Ubuntu via a terminal session, use the following command:

lsb_release –a

ubuntu_determine_version

RiskySPNs

RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory.

https://github.com/cyberark/RiskySPN

https://www.cyberark.com/blog/service-accounts-weakest-link-chain/

https://www.kitploit.com/2018/06/riskyspn-detect-and-abuse-risky-spns.html

Santa

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.

https://github.com/google/santa

Roku hidden menu options

Roku devices have several hidden menu options available.  To display the “Wireless Secret Screen” page (to display Wi-Fi information), use the procedure of:

Press Home five times, Up, Down, Up, Down, Up.

To display the “Platform Secret Screen” page (temperature, CPU speed, IP address, etc.), use the combination of:

Press Home five times, FF, Down, RW, Down, FF.

To display the “Bit Rate Override” page (to select a speed to override the automatic stream selection), use the procedure of:

Press Home five times, RW three times, FF twice.

Additional shortcuts can be found at the link below.

http://www.techtimes.com/articles/162197/20160531/access-secret-menus-roku-device.htm

Falkon

Falkon is a KDE web browser using QtWebEngine rendering engine, previously known as QupZilla. It aims to be a lightweight web browser available through all major platforms.

https://www.falkon.org/

VMware DRS Entitlement Viewer

VMware DRS Entitlement Viewer is a fling that allows you to get a hierarchical view of vCenter DRS cluster inventory with entitled CPU and memory resources for each resource pool and VM in the cluster.

https://labs.vmware.com/flings/drs-entitlement-viewer

EarTrumpet

EarTrumpet is an utility for Windows 10 that includes features like the ability to control classic and modern app volumes individually, a quick switch between default audio devices, and the ability to move apps between playback devices.

www.microsoft.com/en-us/p/eartrumpet/9nblggh516xp

https://github.com/File-New-Project/EarTrumpet

Friday, June 1, 2018

Manage startup entries with Windows 10 version 1803

Starting with Windows 10 version 1803, a new option is available under Settings to manage startup entries.  Access Settings –> Apps –> Startup.

windows10_1803_startup

OpenSSH included within Windows 10 version 1803

Starting with version 1803, Windows 10 includes an OpenSSH command line utility.  Some other utilities are available as well under the path Windows\System32\OpenSSH.

windows10_1803_openssh2

windows10_1803_openssh1

Disable Timeline within Windows 10 version 1803

With the Windows 10 April 1803 release, a new feature named Timeline was introduced.  To disable this component, access the Settings menu and select Privacy.  Under the Activity History section, disable “Let Windows collect my activities from this PC”.  Also verify that the second option of “Let Windows sync my activities from this PC to the cloud” is disabled as well.

image

Chrome Cleanup URL

Google Chrome includes a “software_reporter_tool.exe” application created by ESET https://www.eset.com/int/google-chrome-cleanup/ to periodically scan for unwanted software on the Windows platform.  If you wish to manually execute a scan, use the URL:

chrome://settings/cleanup

Once the page is displayed, click on the Find link.

image

image

image

More details can be found below.

https://www.bleepingcomputer.com/tips/web-browsers/using-chrome-settings-cleanup-to-scan-for-unwanted-software-using-chrome/

https://www.howtogeek.com/fyi/chrome-has-a-built-in-malware-scanner-heres-how-to-use-it/

https://blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/

Hidden SSID with a Roku device

When scanning a local Wi-Fi network, hidden SSID entries may be listed.  One potential source of such traffic is a Roku device.  To disable this traffic, use the menu path below.

Go to home

Settings

System

Advanced system settings

Device connect

Disable Device connect

Keyboard combination to restart graphic drivers within Windows

To restart the graphic driver within Windows, use the following keyboard combination.  The screen should go blank for a few seconds and a beep sound should be produced.  This combination is valid for Windows 8 and 10.

Win+Ctrl+Shift+B

ProtonMail

ProtonMail is an email service based in Switzerland.

https://protonmail.com/

Microsoft Support and Recovery Assistant (SaRA)

The Microsoft Support and Recovery Assistant (SaRA) is an utility to troubleshoot Outlook and Office 365 connectivity issues.

https://blogs.technet.microsoft.com/exchange/2018/04/17/offcats-replacement-microsoft-support-and-recovery-assistant-sara/

https://diagnostics.outlook.com/

Tuesday, May 1, 2018

Disable SSDP traffic within Google Chrome

By default, Google Chrome sends SSDP network broadcast traffic on the local subnet.

M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MAN: "ssdp:discover"
MX: 1
ST: urn:dial-multiscreen-org:service:dial:1
USER-AGENT: Google Chrome/65.0.3325.162 Windows

To disable the media router feature, launch Chrome and enter chrome://flags/

Search for “media router” and disable the feature.

image

How to disable auto-playing videos within Chrome

To disable the auto-playing of videos within Chrome, enter the following URL:

chrome://flags/#autoplay-policy

Use the dropdown to choose “Document user activation required” and restart the browser.

image

Windows previous versions documentation

Older TechNet documentation for Windows versions prior to Windows 10 can be found at the link below.  This also includes older versions of Windows Server.

https://docs.microsoft.com/en-us/previous-versions/windows/

OpenSnitch

OpenSnitch is a host-based firewall for Linux.  It is a GNU/Linux port of the Little Snitch application firewall on the Mac OS X platform.

https://github.com/evilsocket/opensnitch

https://distrowatch.com/weekly.php?issue=20211206


Cloudflare DNS Service

Cloudflare has a DNS service available for public use that claims not to retain log data.

https://blog.cloudflare.com/announcing-1111/

https://blog.cloudflare.com/dns-resolver-1-1-1-1/

https://1.1.1.1/

Microsoft SQL Operations Studio

Microsoft’s SQL Operations Studio is a free database management utility.  It it available on Windows, Mac OS X, and Linux.  It supports SQL Server, Azure SQL Database, and Azure SQL Data Warehouse.

https://docs.microsoft.com/en-us/sql/sql-operations-studio/what-is?view=ssdt-18vs2017

https://docs.microsoft.com/en-us/sql/sql-operations-studio/download?view=ssdt-18vs2017

PowerShell commands to enable cloud-protection within Windows Defender

The two following PowerShell commands can be used to enable the cloud-protection options within Windows Defender.

Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent Always

image

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus

Rtings.com

Rtings.com is a review site currently for televisions, headphones, and monitors.

https://www.rtings.com/

Sunday, April 1, 2018

Potential solution to issue with error 0x80070bc2 with Windows 10

With a few different Windows 10 machines, an error was found when installing a cumulative update with the code of 0x80070bc2:

image

To solve this issue, use the following commands within an elevated command prompt and reboot the computer in question.  Attempt to install the update again.

SC config wuauserv start=auto
SC config bits start=auto
SC config cryptsvc start=auto
SC config trustedinstaller start=auto

https://ugetfix.com/ask/how-to-fix-windows-update-error-0x80070bc2/