The site below is via the FCC, and shows DTV available coverage per zip code.
Saturday, December 1, 2018
How to enable the sandbox mode with Windows Defender
Per the blog posting below, Windows Defender has a sandbox mode to attempt to offer additional protections.
To enable this feature currently, launch an elevated command prompt and use the following command:
setx /M MP_FORCE_USE_SANDBOX 1
Wi-Fi History Report within Windows 10
One method to generate a Wi-Fi history report within Windows 10 is to use the following command within an elevated command prompt.
netsh wlan show wlanreport
https://www.howtogeek.com/367100/how-to-generate-a-wifi-history-or-wlan-report-in-windows-10/
https://www.checkyourlogs.net/troubleshooting-remote-connectivity-using-netsh-wlan-show-wlanreport/
How to disable ad feeds within Edge
Microsoft Edge includes ad feeds within new tabs. To disable this feature, click on the orb on a new tab page.
Use the “Blank page” option and then use the Save button.
The dialog box may be different if a domain account is involved or with newer versions of Edge.
Get-NetView
Get-NetView is a PowerShell script used to obtain network troubleshooting details within a Windows client.
https://raw.githubusercontent.com/Microsoft/SDN/master/Diagnostics/Get-NetView.PS1
PsExec clones
Below are some clones of the Sysinternals PsExec utility.
https://github.com/kavika13/RemCom
URLhaus
URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.
testssl.sh
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
https://github.com/drwetter/testssl.sh/
https://www.kitploit.com/2018/10/testsslsh-testing-tlsssl-encryption.html
Thursday, November 1, 2018
Block being automatically being logged into Chrome
With the release of Chrome 69, it was discovered that logging into a Google account will also automatically log the user into Chrome. To disable this feature, use the following URL:
chrome://flags/#account-consistency
Set the "Identity consistency between browser and cookie jar" flag to Disabled.
With Chrome 70, a menu option is now available to turn off this default parameter. Access Settings –> Advanced, and then disable “Allow Chrome sign-in.”
As Built Report
As Built Report is a configuration document framework which uses Microsoft PowerShell and PScribo, to generate and build as built report documents in HTML, XML, Text & MS Word document formats.
As Built Report is an open source project developed primarily for IT professionals to allow them to easily produce ‘as built’ configuration documentation which is clear and consistent, across multiple IT vendors and technologies.
https://www.timcarman.net/as-built-report/
https://notesfrommwhite.net/2018/09/09/as-built-report-working-with-it-in-my-lab/
The “last” command within Linux
The “last” command displays recent login information for a Linux machine. The command with no arguments will return all recent logins. Information for a particular user account can be found by adding the account name in question.
Hidden game in Chrome
To access a hidden game within Google Chrome, use the following URL:
chrome://dino
At this screen, hit the space bar.
Use the Up arrow to jump the dinosaur over the cactus.
Bettercap
Bettercap is a Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
HammerDB
HammerDB is an opensource utility for Windows and Linux. You can use it to simulate a workload of multiple virtual users against the database for both transactional and analytic scenarios. HammerDB can test the performance of SQL Server, Oracle, MySQL, and PostgreSQL installations.
Lulu
LuLu is the free, shared-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
pwned
A command-line tool for querying Troy Hunt's Have I been pwned? service using the hibp Node.js module.
https://github.com/wKovacs64/pwned
https://www.kitploit.com/2018/09/pwned-command-line-tool-for-querying.html
Monday, October 1, 2018
Sysinternals Process Monitor
Process Monitor is a Windows utility from Sysinternals.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
By default, the application is logging for Registry, File, Network, and Process.
Control + E toggles capture, and Control + X clears the logs.
A quick method to create a filter is the right-click on the name within one of the columns.
One common use of Process Monitor is to determine the Registry location of a parameter. The filter parameter would be RegSetValue.
In this example, below is the Registry key to enable DEP.
To launch the Registry Editor with the path in question, right-click the entry and use the Jump To option.
Another option is to click on the Target icon and drag on the parameter in question.
Applications can be filtered based on process name.
Certain items are filtered by default. To see all data, use the Filter –> Enabled Advanced Output option.
The Process Tree view can be accessed using Control Key + T.
Create a .CSV file with scheduled tasks entries within Windows
To create a list of existing scheduled task entries within a .CSV format, use the following command within an elevated command session.
schtasks /query /v /fo CSV > tasks.csv
Ungoogled-Chromium
ungoogled-chromium is Google Chromium with some Google integration removed. It also features some changes to enhance privacy, control, and transparency.
ExQuilla
ExQuilla is an addon for Mozilla's Thunderbird email client that allows access to both messages and contacts stored on an Exchange Server. ExQuilla uses EWS (Exchange Web Services) for access to the server. Previous versions required a licensing fee, but is free starting with version 60.
https://addons.thunderbird.net/en-US/thunderbird/addon/exquilla-exchange-web-services/
https://github.com/rkent/exquilla/wiki
To use the extension, launch Thunderbird and do not configure an account within the initial wizard. Use the Add-Ons and search for ExQuilla. Add the extension to Thunderbird.
After the Thunderbird re-launch, cancel the inital wizard again and click on the ExQuilla icon.
Enter the email address and password of the Exchange account.
Enter the URL for the remote server.
SQLMap
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
https://www.kitploit.com/2018/08/sqlmap-v128-automatic-sql-injection-and.html
Saturday, September 1, 2018
Fix Corrupt Windows System Files
To fix corrupt Windows system files, use the following commands:
chkdsk C:
If any errors are found, use the /f switch:
chkdsk C: /f
sfc /scannow
DISM.exe /Online /Cleanup-image /Scanhealth
DISM.exe /Online /Cleanup-image /Checkhealth
DISM.exe /Online /Cleanup-image /Restorehealth
RITA
RITA is an open source framework for network traffic analysis.
The framework processes Bro logs, and currently supports the following analysis features:
- Beaconing Detection: Search for signs of beaconing behavior in and out of your network
- DNS Tunneling Detection Search for signs of DNS based covert channels
- Blacklist Checking: Query blacklists to search for suspicious domains and hosts
- URL Length Analysis: Search for lengthy URLs indicative of malware
- Scanning Detection: Search for signs of port scans in your network
Free TV and Movie Streaming Services
Below is a list of available free TV and movie streaming services.
https://www.roku.com/whats-on/the-roku-channel
Application whitelisting with “AaronLocker”
Aaron Margosis has created a number of PowerShell scripts to assist with the document AppLocker policies and capture event data into Excel workbooks.
USB Restricted Mode within iOS
With iOS 11.4.1, a feature called USB Restricted Mode was included. This option adds protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone’s passcode.
Go to Settings and Face ID (or Touch ID) & Passcode. Verify that USB Accessories option is disabled. The switch should be off by default. Once an iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device.
Sn1per
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. The Community version includes the following parameters:
Automatically gather recon on target environments
9 Scan modes to meet any pentest scenario
16+ Auto-pwn exploits added
HTML/TXT/PDF reporting of all scans
Workspace creation and storage of all scan data
https://www.kitploit.com/2018/07/sn1per-v50-automated-pentest-recon.html
NETworkManager
NETworkManager is an utility for Windows. It includes several features such as port scanner, ping, traceroute, DNS lookup, etc.
AutorunsToWinEventLog
AutorunsToWinEventLog is a PowerShell script that runs autorunsc and converts it to Windows Events.
https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog
https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/
Wednesday, August 1, 2018
Add PUP protection within Windows Defender
Windows Defender has an optional PUP (Potentially Unwanted Program) protection available, but it is not currently enabled by default. To enable this feature, launch an elevated PowerShell session and enter the following command:
Set-MpPreference -PUAProtection Enable
To verify if the feature is enabled, use the two following commands. If “1” is returned, the option is enabled.
$Preferences = Get-MpPreference
$Preferences.PUAProtection
https://www.howtogeek.com/360648/how-to-enable-windows-defender%E2%80%99s-secret-crapware-blocker/
Tubi
Tubi is a video service for movies and TV shows from certain studios. Free apps are available for several platforms such as Roku, iOS, and Android.
DBeaver
DBeaver is an SQL client and a database administration tool. It supports Microsoft SQL as well as other relational databases such as MySQL, PostreSQL, SQLite, Oracle, DB2, MariaDB, and Sybase. Free and paid versions are available for Mac OS X, Windows, and Linux.
Everything
Everything is a free utility for Windows for file/folder searches. Portable versions are available.
SRUM Dump
SRUM Dump is a forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
Linux control sequence
Below is a list of control sequence combinations for Linux.
ctrl-c –> interrupts the running program
ctrl-z –> suspends the running program
ctrl-s –> freezes the screen, stopping the display
ctrl-q –> thaws out the screen and allows the screen display to continue
ctrl-h –> deletes the last character typed
ctrl-w –> deletes the last word typed
ctrl-u –> deletes the last line typed
ctrl-r –> retrieves previously run commands so you can run them again
ctrl-u –> removes text from the command line and places it in the clipboard
ctrl-y –> grabs text from the clipboard and runs it
ctrl-l –> clears the screen
ctrl-a –> moves cursor to the beginning of the line
ctrl-e –> moves cursor to the end of the line
Cherrytree
Cherrytree is a hierarchical note taking application featuring rich text and syntax highlighting. Data is stored within a single xml or sqlite file.
https://www.giuspen.com/cherrytree/
A portable version is available via Portableapps.com
https://portableapps.com/apps/office/cherrytree-portable
Sunday, July 1, 2018
Video editing applications for Windows
Below is a list of video editing applications for Windows.
https://www.blackmagicdesign.com/products/davinciresolve/
https://www.shotcut.org/download/
https://kdenlive.org/en/
https://www.openshot.org/download/
How to determine Ubuntu version via a terminal session
To determine the version of Ubuntu via a terminal session, use the following command:
lsb_release –a
RiskySPNs
RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory.
https://github.com/cyberark/RiskySPN
https://www.cyberark.com/blog/service-accounts-weakest-link-chain/
https://www.kitploit.com/2018/06/riskyspn-detect-and-abuse-risky-spns.html
Santa
Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.
Roku hidden menu options
Roku devices have several hidden menu options available. To display the “Wireless Secret Screen” page (to display Wi-Fi information), use the procedure of:
Press Home five times, Up, Down, Up, Down, Up.
To display the “Platform Secret Screen” page (temperature, CPU speed, IP address, etc.), use the combination of:
Press Home five times, FF, Down, RW, Down, FF.
To display the “Bit Rate Override” page (to select a speed to override the automatic stream selection), use the procedure of:
Press Home five times, RW three times, FF twice.
Additional shortcuts can be found at the link below.
http://www.techtimes.com/articles/162197/20160531/access-secret-menus-roku-device.htm
Falkon
Falkon is a KDE web browser using QtWebEngine rendering engine, previously known as QupZilla. It aims to be a lightweight web browser available through all major platforms.
VMware DRS Entitlement Viewer
VMware DRS Entitlement Viewer is a fling that allows you to get a hierarchical view of vCenter DRS cluster inventory with entitled CPU and memory resources for each resource pool and VM in the cluster.
EarTrumpet
EarTrumpet is an utility for Windows 10 that includes features like the ability to control classic and modern app volumes individually, a quick switch between default audio devices, and the ability to move apps between playback devices.
Friday, June 1, 2018
Manage startup entries with Windows 10 version 1803
Starting with Windows 10 version 1803, a new option is available under Settings to manage startup entries. Access Settings –> Apps –> Startup.
OpenSSH included within Windows 10 version 1803
Starting with version 1803, Windows 10 includes an OpenSSH command line utility. Some other utilities are available as well under the path Windows\System32\OpenSSH.
Disable Timeline within Windows 10 version 1803
With the Windows 10 April 1803 release, a new feature named Timeline was introduced. To disable this component, access the Settings menu and select Privacy. Under the Activity History section, disable “Let Windows collect my activities from this PC”. Also verify that the second option of “Let Windows sync my activities from this PC to the cloud” is disabled as well.
Chrome Cleanup URL
Google Chrome includes a “software_reporter_tool.exe” application created by ESET https://www.eset.com/int/google-chrome-cleanup/ to periodically scan for unwanted software on the Windows platform. If you wish to manually execute a scan, use the URL:
chrome://settings/cleanup
Once the page is displayed, click on the Find link.
More details can be found below.
https://www.howtogeek.com/fyi/chrome-has-a-built-in-malware-scanner-heres-how-to-use-it/
https://blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
Hidden SSID with a Roku device
When scanning a local Wi-Fi network, hidden SSID entries may be listed. One potential source of such traffic is a Roku device. To disable this traffic, use the menu path below.
Go to home
Settings
System
Advanced system settings
Device connect
Disable Device connect
Keyboard combination to restart graphic drivers within Windows
To restart the graphic driver within Windows, use the following keyboard combination. The screen should go blank for a few seconds and a beep sound should be produced. This combination is valid for Windows 8 and 10.
Win+Ctrl+Shift+B
Microsoft Support and Recovery Assistant (SaRA)
The Microsoft Support and Recovery Assistant (SaRA) is an utility to troubleshoot Outlook and Office 365 connectivity issues.
Tuesday, May 1, 2018
Disable SSDP traffic within Google Chrome
By default, Google Chrome sends SSDP network broadcast traffic on the local subnet.
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MAN: "ssdp:discover"
MX: 1
ST: urn:dial-multiscreen-org:service:dial:1
USER-AGENT: Google Chrome/65.0.3325.162 Windows
To disable the media router feature, launch Chrome and enter chrome://flags/
Search for “media router” and disable the feature.
How to disable auto-playing videos within Chrome
To disable the auto-playing of videos within Chrome, enter the following URL:
chrome://flags/#autoplay-policy
Use the dropdown to choose “Document user activation required” and restart the browser.
Windows previous versions documentation
Older TechNet documentation for Windows versions prior to Windows 10 can be found at the link below. This also includes older versions of Windows Server.
OpenSnitch
OpenSnitch is a host-based firewall for Linux. It is a GNU/Linux port of the Little Snitch application firewall on the Mac OS X platform.
https://github.com/evilsocket/opensnitch
https://distrowatch.com/weekly.php?issue=20211206
Cloudflare DNS Service
Cloudflare has a DNS service available for public use that claims not to retain log data.
https://blog.cloudflare.com/announcing-1111/
Microsoft SQL Operations Studio
Microsoft’s SQL Operations Studio is a free database management utility. It it available on Windows, Mac OS X, and Linux. It supports SQL Server, Azure SQL Database, and Azure SQL Data Warehouse.
https://docs.microsoft.com/en-us/sql/sql-operations-studio/what-is?view=ssdt-18vs2017
https://docs.microsoft.com/en-us/sql/sql-operations-studio/download?view=ssdt-18vs2017
PowerShell commands to enable cloud-protection within Windows Defender
The two following PowerShell commands can be used to enable the cloud-protection options within Windows Defender.
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent Always
Sunday, April 1, 2018
Potential solution to issue with error 0x80070bc2 with Windows 10
With a few different Windows 10 machines, an error was found when installing a cumulative update with the code of 0x80070bc2:
To solve this issue, use the following commands within an elevated command prompt and reboot the computer in question. Attempt to install the update again.
SC config wuauserv start=auto
SC config bits start=auto
SC config cryptsvc start=auto
SC config trustedinstaller start=auto
https://ugetfix.com/ask/how-to-fix-windows-update-error-0x80070bc2/
Subscribe to:
Posts (Atom)