Monday, October 1, 2018

Sysinternals Process Monitor

Process Monitor is a Windows utility from Sysinternals.

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

By default, the application is logging for Registry, File, Network, and Process.

image

Control + E toggles capture, and Control + X clears the logs.

image

A quick method to create a filter is the right-click on the name within one of the columns.

image

image

One common use of Process Monitor is to determine the Registry location of a parameter.  The filter parameter would be RegSetValue.

image

In this example, below is the Registry key to enable DEP.

image

To launch the Registry Editor with the path in question, right-click the entry and use the Jump To option.

image

image

Another option is to click on the Target icon and drag on the parameter in question.

image

Applications can be filtered based on process name.

image

Certain items are filtered by default.  To see all data, use the Filter –> Enabled Advanced Output option.

image

The Process Tree view can be accessed using Control Key + T.

image

Create a .CSV file with scheduled tasks entries within Windows

To create a list of existing scheduled task entries within a .CSV format, use the following command within an elevated command session.

schtasks /query /v /fo CSV > tasks.csv

image

Ungoogled-Chromium

ungoogled-chromium is Google Chromium with some Google integration removed. It also features some changes to enhance privacy, control, and transparency.

https://github.com/Eloston/ungoogled-chromium

ExQuilla

ExQuilla is an addon for Mozilla's Thunderbird email client that allows access to both messages and contacts stored on an Exchange Server. ExQuilla uses EWS (Exchange Web Services) for access to the server.  Previous versions required a licensing fee, but is free starting with version 60.

https://addons.thunderbird.net/en-US/thunderbird/addon/exquilla-exchange-web-services/

https://github.com/rkent/exquilla/wiki

To use the extension, launch Thunderbird and do not configure an account within the initial wizard.  Use the Add-Ons and search for ExQuilla.  Add the extension to Thunderbird.

image

After the Thunderbird re-launch, cancel the inital wizard again and click on the ExQuilla icon.

image

Enter the email address and password of the Exchange account.

image

Enter the URL for the remote server.

image

Lynis

Lynis is a security auditing tool for Unix/Linux Systems.

https://cisofy.com/downloads/lynis/

SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

https://www.kitploit.com/2018/08/sqlmap-v128-automatic-sql-injection-and.html

http://sqlmap.org/