Thursday, December 1, 2022

Remove personal details from a file within Windows 11

Windows 11 includes an option to remove personal details from a file.  To perform this action, right-click on a file and select Properties.  Under the Details tab, click the "Remove Properties and Personal Information" option.  A new dialog box will appear asking if a copy is to be created or to modify the existing file.





Hetzner

Hetzner is a Germany company that offers web hosting and cloud servers.

https://www.hetzner.com/ 

Wodat

Wodat is a Windows-based Oracle Database Attack Tool

https://github.com/InitRoot/wodat

Action1

Action1 is a hosted patch management solution that offers 100 clients for free.

https://4sysops.com/archives/cloud-based-patch-management-with-action1/

https://petri.com/action1-review-patch-management-windows/

https://www.action1.com/

Tuesday, November 1, 2022

Cozzi Tools

Cozzi Tools is a web site that offers utilities for the IBM i platform.

Examples of some of the commands included would be:

Retrieve SPOOL File Attributes (RTVSPLFA)
Copy from PDF to IBM i Printer (CPYFRMPDF)
Copy OUTQ (CPYOUTQ)
Copy SPOOL File (CPYPRTF)
Create IFS File (CRTSTMF)
Retrieve Date (RTVDATE)

http://coztools.com/


PECmd

PECmd is a command line utility to display information concerning a prefetch file within Windows.

https://github.com/EricZimmerman/PECmd

MHDDoS

MHDDoS is a DoS Script with several different methods available.

https://github.com/MatrixTM/MHDDoS


Cobian Reflector

Cobian Reflector is a free backup utility that can use FTP or SFTP as a destination.

https://www.cobiansoft.com/cobianbackup.html

https://4sysops.com/archives/cobian-backup-revived-cobian-reflector/ 

Monkey365

Monkey365 is a plugin-based PowerShell module that can be used to review the security posture of your cloud environment.

https://github.com/silverhack/monkey365

Wednesday, October 5, 2022

Patch Tuesday web site

Patch Tuesday is a web site that attempts to highlight issues with new updates from Microsoft.

https://patchtuesday.com/

Chainsaw

Chainsaw provides a‘first-response’ capability to identify threats within forensic artifacts (Event Logs, MFTs).

https://github.com/WithSecureLabs/chainsaw

https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066


Tailscale

Tailscale is a VPN service based on WireGuard.

https://lostdomain.org/2022/09/12/using-tailscale-for-home-lab-vpn-connectivity/

https://www.howtogeek.com/how-to-remote-access-your-network-using-tailscale-vpn/

https://tailscale.com/

ReviewMeta.com

ReviewMeta is a web site that attempts to highlight bogus Amazon product reviews.

https://reviewmeta.com/

PersistenceSniper

PersistenceSniper is a PowerShell script that tries to enumerate all the persistence methods implanted on a compromised machine.

https://www.powershellgallery.com/packages/PersistenceSniper/1.0

https://github.com/last-byte/PersistenceSniper

Project Discovery

Project Discovery is a web site that contains links to several open source projects such as Naabu (port scanner) and Nuclei (vulnerability scanner).

https://projectdiscovery.io/

Thursday, September 1, 2022

ImageGlass

ImageGlass is a free image viewer for Windows.  A portable version is available.

https://imageglass.org/



dnGrep

dnGrep is a search utility for Windows.

https://dngrep.github.io/

VLANPWN

VLANPWN is a Python-based utility to by-pass VLAN segmentation.

https://github.com/in9uz/VLANPWN

ChoEazyCopy

ChoEazyCopy is a GUI over the robocopy.exe command within Windows.

https://github.com/Cinchoo/ChoEazyCopy

Smap

Smap is simlar to Nmap but uses Shodan information.

https://www.kitploit.com/2022/08/smap-drop-in-replacement-for-nmap.html

arping

Arping is a network utility for Linux using layer two to test network connectivity.

https://www.howtogeek.com/813741/linux-arping-command/

Monday, August 1, 2022

Use the command line to determine the number of memory slots with Windows

To determine the number of memory slots with Windows, launch an elevated command prompt and enter the following commands:

wmic Memphysical get MaxCapacity, MemoryDevices

wmic MemoryChip get BankLabel, DeviceLocator, Capacity


To find similar information via PowerShell, use the following commands within an elevated session.

Get-WmiObject -Class "Win32_PhysicalMemoryArray"

Get-WmiObject -Class "Win32_PhysicalMemory" | Format-Table BankLabel


https://www.windowscentral.com/software-apps/windows-11/how-to-find-available-memory-slots-on-windows-11


SilentHound

SilentHound is an utility that quietly enumerates an Active Directory Domain Via LDAP.

https://www.kitploit.com/2022/08/silenthound-quietly-enumerate-active.html

https://github.com/layer8secure/SilentHound

ChromeOS Flex

ChromeOS Flex is an offering that allows an USB drive to be created to install ChromeOS on various types of computers.  A certified list of supported hardware is available via the link below.

https://support.google.com/chromeosflex/answer/11513094

https://support.google.com/chromeosflex/answer/11541904

https://chromeenterprise.google/os/chromeosflex/

Breath

Breath lets you to run a full Linux distro on an Intel Chromebook without needing to flash custom firmware, replace the boot loader, or even wipe ChromeOS.  Breath is not a distro itself but a script that builds a Linux distro image that is copied to an USB drive to boot from.

https://cb-linux.github.io/breath/

https://www.omgubuntu.co.uk/2022/07/i-used-breath-on-my-acer-chromebook-cp713

BTOP

BTOP is resource monitor for Linux/BSD platforms.

https://github.com/aristocratos/btop

3D Pinball

The original Microsoft 3D Pinball game has been ported to several platforms.

https://www.howtogeek.com/815285/you-can-now-play-3d-pinball-from-windows-on-nearly-anything/

https://alula.github.io/SpaceCadetPinball/

Friday, July 1, 2022

Minicom for Linux

Minicom is a text-based serial port communications program. It is used to communicate with external RS-232 devices via serial console ports.

To install the application within Linux Mint, use the following command:

sudo apt install minicom

Once the console cable is connected, use the following command:

dmesg | grep tty

The output should include the tty path being used.

Use the following command to configure minicom:

sudo minicom -s

When testing with a Cisco switch, the following settings were required:

Serial Device -> /dev/ttyUSB0
Serial port setup -> 9600 8 1 none
Hardware Flow Control -> Off

https://www.ismoothblog.com/2019/07/access-cisco-switch-serial-console-linux.html

https://help.ubuntu.com/community/CiscoConsole




vSphere Diagnostic Tool

vSphere Diagnostic Tool is a python script that runs diagnostic commands on the vCenter Server Photon Appliance to return useful troubleshooting data.

https://flings.vmware.com/vsphere-diagnostic-tool

https://4sysops.com/archives/troubleshoot-vmware-using-vsphere-diagnostic-tool/

AutoPWN Suite

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

https://github.com/GamehunterKaan/AutoPWN-Suite


BeaKer

BeaKer combines Microsoft Sysmon, WinLogBeat, Elasticsearch, and Kibana to provide insights into network traffic.

https://www.activecountermeasures.com/free-tools/beaker/

https://www.activecountermeasures.com/beaker-instant-forensics/

https://github.com/activecm/BeaKer

Ventoy

Ventoy is an utility to boot multiple operating systems from a single USB drive.

https://www.ventoy.net/

https://www.howtogeek.com/802328/how-to-boot-multiple-linux-distributions-with-ventoy/

 

OSBoxes web site

OSBoxes is a web site with Linux virtual machines available for either VMware or VirtualBox.

https://www.osboxes.org/

Wednesday, June 1, 2022

PowerShell command to list Active Directory users that are active and are sorted by when the password was last set

Get-ADUser -LDAPFilter '(!userAccountControl:1.2.840.113556.1.4.803:=2)' -Properties PasswordLastSet | Select-Object Name, Enabled, PasswordLastSet | Sort PasswordLastSet –Desc

SuperCharger for Windows Event Logs collection

SuperCharger for Windows Event Logs is an utility to management the forwarding and collection of Event Log data within Windows.  A limited free version is available.

https://www.logbinder.com/Products/Supercharger/

ExchangeRecipientAdmin

This is an utility to manage Exchange Online Attributes stored in your local AD without Exchange Server.

https://github.com/spgoodman/ExchangeRecipientAdmin

http://practical365.com/a-new-tool-to-manage-exchange-related-attributes-without-exchange-server/

QuickBuck

QuickBuck is a ransomware simulator.  It is designed to offer a harmless method to check a security application's protection on ransomware.

https://github.com/NextronSystems/ransomware-simulator/

White noise within iOS

The iOS operating system starting with version 15 has a white noise feature under the following path:

Settings > Accessibility > Audio/Visual (under Hearing) > Background Sounds

Sunday, May 1, 2022

LLMNR within Linux

To check the status of LLMNR within Linux, use the following command:

sudo systemd-resolve --status | more

For the global setting, use the command:

sudo nano /etc/systemd/resolved.conf

The LLMNR value should be to no.




https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/

https://askubuntu.com/questions/1025309/how-can-i-disable-llmnr-in-systemd-resolved

Tunnelup.com

Tunnelup.com has articles concerning firewalls such as Cisco ASA as well as cheatsheets.

https://www.tunnelsup.com/

AssaultCube

AssaultCube is a free multiplayer first-person shooter game.  It is available for Windows, Mac, and Linux.

https://assault.cubers.net/

Impacket

Impacket is a collection of Python classes for working with network protocols.

https://www.secureauth.com/labs/open-source-tools/impacket/

365Inspect

365Inspect is a PowerShell script to offer a security assessment of Microsoft Office 365 environment.

https://github.com/soteria-security/365Inspect

https://www.kitploit.com/2022/04/365inspect-powershell-script-that.html

Jfscan

The JFScan (Just Fu*king Scan) is a wrapper around the port scanner Masscan.

https://github.com/nullt3r/jfscan

WinfrGUI

WinfrGUI is a free recovery application for SD, SSD, and hard drives.

https://www.winfr.org/

Saturday, April 2, 2022

Get-VolumeCorruptionCount

Get-VolumeCorruptionCount is a PowerShell cmdlet that will return a error number if issues are present with a volume within Windows

https://www.itprotoday.com/file-storage-and-block-storage/how-use-powershell-identify-corruption-nfts-volumes




CrowdSec

CrowdSec is a free open-source IPS.

https://github.com/crowdsecurity/crowdsec

https://crowdsec.net/

AADInternals PowerShell Module

AADInternals PowerShell module contains tools for administering and hacking Azure AD and Office 365.

https://o365blog.com/aadinternals/

https://o365blog.com/post/admintools/



PSReadLine

PSReadLine is a module that replaces the command line editing experience of PowerShell for versions 3 and up.

https://devblogs.microsoft.com/powershell/psreadline-2-2-ga/

https://4sysops.com/archives/getting-started-with-the-psreadline-module-for-powershell/

https://github.com/PowerShell/PSReadLine

SophiApp

SophiApp is the next iteration of the Sophia Script project.  It provides a GUI app for tweaking Windows 10.

https://4sysops.com/archives/sophiapp-tweak-windows-10-settings-with-a-gui/

https://github.com/Sophia-Community/SophiApp


Options for Java Run-Time clients

Below are some options available for Java Run-Time clients besides directly from Oracle.

https://adoptopenjdk.net/

https://aws.amazon.com/corretto/

https://developer.ibm.com/languages/java/semeru-runtimes/downloads

https://adoptium.net/

Tuesday, March 1, 2022

Caddy web server

Caddy 2 is an open source web server with automatic HTTPS written in Go.

https://caddyserver.com/

https://vninja.net/2022/01/28/caddy-a-couple-of-use-cases/

https://www.cloudsavvyit.com/15517/how-to-deploy-a-caddy-web-server-with-docker/


Espionage

Espionage is a network packet and traffic interceptor For Linux.

https://www.kitploit.com/2022/02/espionage-network-packet-and-traffic.html

https://github.com/MandConsultingGroup/Espionage

https://medium.com/@jshschiavone/intercepting-network-traffic-with-the-espionage-packet-sniffer-9af8aa86e45e

Wslu

Wslu is a collection of utilities for Windows 10 Linux Subsystem.

https://www.kitploit.com/2022/02/wslu-collection-of-utilities-for.html

https://github.com/wslutilities/wslu

DVD Store 3

DVD Store is an open-source benchmark suite that lets you test the performance of your database software.

https://blogs.vmware.com/performance/2022/02/test-database-performance-with-dvd-store-35.html

https://github.com/dvdstore/ds3/


Cros.Tech

The Cros.Tech web site is an available resource to determine the current and future support for ChromeOS updates for various devices.

https://cros.tech/

https://www.aboutchromebooks.com/news/how-to-find-your-chromebook-board-name-and-why-you-want-to/

BruteShark

BruteShark is a network forensic analysis tool that performs deep processing and inspection of network traffic (mainly PCAP files, but it also capable of directly live capturing from a network interface).

https://www.kitploit.com/2022/03/bruteshark-network-analysis-tool.html

https://github.com/odedshimon/BruteShark/

Saturday, February 5, 2022

SMART utility for Linux

One utility to check the SMART data for a local drive within Linux can be installed via the command below:

sudo apt install smartmontools

The -H flag will check the current health of a drive

sudo smartctl -H /dev/sda

The -i flag will display details of the drive

sudo smartctl -i /dev/sda

The --test=short flag will perform a check of the drive

sudo startclt --test=short /dev/sda

The -a flag will display the results of the test

sudo smartctl -a /dev/sda





smem for Linux

smem is a memory utility for Linux.  To install the application, use the following command:

sudo apt install smem

One example would be to use the -k switch for more friendly output and -t for totals.

smem -k -t

https://www.howtogeek.com/773161/easily-understand-your-linux-ram-usage-with-smem/



Tuesday, February 1, 2022

RCLocals

RCLocals analyzes all Linux startup entries similar to how AutoRuns displays information for Windows.

https://github.com/YJesus/RCLocals

Method to display Wi-Fi password within Windows

To view an existing saved Wi-Fi password, launch an elevated command prompt and issue the following command:

netsh wlan show profile

Determine the profile name in question and then use the following command:

netsh wlan show profile profile-SSID-Name key=clear

Sports.tv

Sports.tv is from Allen Media Group, and it is a new free-streaming app that focuses on sports.

https://www.sports.tv/

ESET SysInspector

ESET SysInspector is a free diagnostic tool that displays details of a Windows-based computer.

https://www.eset.com/int/support/sysinspector/

SysmonSimulator

SysmonSimulator is an open source Windows event simulation utility designed to generate attack data for the relevant Sysmon Event IDs.

https://github.com/ScarredMonk/SysmonSimulator


Scanning Made Easy (SME) NMAP scripts

Scanning Made Easy (SME) is a joint project between the i100 and the NCSC to build a collection of NMAP Scripting Engine scripts that are designed to help system owners and administrators find systems with specific vulnerabilities.

https://github.com/ukncsc/SME/blob/main/ncsc-scanning-made-easy-script-developer-guidelines.md

https://www.bleepingcomputer.com/news/security/uk-govt-releasing-nmap-scripts-to-find-unpatched-vulnerabilities/


Tactical RMM

Tactical RMM is a remote monitoring & management tool for Windows computers built with Django and Vue.

https://github.com/wh1te909/tacticalrmm

https://4sysops.com/archives/tactical-rmm-open-source-remote-monitoring-and-management-for-windows/


Saturday, January 1, 2022

How to disable the V8 JavaScript engine’s JIT compiler within Edge

Starting with Edge version 96, an option is available to disable the V8 JavaScript engine’s JIT compiler.  This will impact performance with sites that use a large amount of JavaScript but it should improve overall security, as a large number of past security issues are related to the JIT.

https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/

https://www.reviewgeek.com/104171/microsoft-edge-gets-a-super-duper-secure-mode-heres-how-to-enable-it/



PowerShell command to display SMART hard drive failure status

To check local drives for a SMART notification of a potential drive failure, use the following command:

Get-WMIObject -NameSpace root\wmi -class MSStorageDriver_FailurePredictStatus | Select-Object PredictFailure, Reason




Another SMART utility such as CrystalDiskInfo verified that the drive in question was at end of life.



https://www.itprotoday.com/disaster-recovery-and-business-continuity/smart-failure-predicted-hard-disk-how-concerned-should-you

iVerify app for iOS

The iVerify app for iOS offers advice on securing a device as well as scans to verify the operating system is current.

https://apps.apple.com/us/app/iverify/id1466120520?s=09

https://www.iverify.io/


VUit

VUit is a free video streaming service that includes on-demand access to content produced by local TV news stations around the United States.

https://www.vuit.com/

Use WMI commands to obtain information on memory

WMI commands can be used to obtain details concerning local memory.  Below are some examples of the commands available.

wmic memorychip get devicelocator, manufacturer

wmic memorychip get devicelocator, partnumber

wmic memorychip get devicelocator, capacity

wmic memorychip get devicelocator, speed

https://www.windowscentral.com/how-check-ram-size-speed-type-part-form-factor-windows-11



Windows 10 start up folders

To access the startup folders within Windows 10, use the following commands:

User Account ->  shell:startup

All Users -> shell:common startup