Bios Password

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, August 5, 2012

Stormy Sunday Linkfest

Posted on 2:58 PM by Unknown

Here is a roundup of a LOT of Sysadmin/For-Sec linkage I’ve tucked away over the past couple of weeks.

It stormy outside, dry inside, and the Olympics churn on on the tele. Perfect time for a super-fast linkfest dump.

Noteworthy For the SysAdmin

  • Case of the Domain Join Failure - chentiangemalc - Because it really is frustrating when you can’t join a workstation to the domain!
  • LeapFrog Connect: Can’t install Adobe Flash on Windows 7 x64? - Kurt Shintaku's Blog - Why was I not surprised it was a Flash version issue?
  • Some Facts About Windows Low Disk Space Warning Balloon - Windows7hacker
  • Windows 7 Tip: How To Log Which Drivers Get Loaded During System Boot - Windows7hacker
  • Resolving USB Speed Issues, “This Device Can Perform Faster” Error - MakeUseOf blog - this bugs me to no end! Grrr! At least thanks to Chriss Hoffman’s excellent post, I have a better understanding of some root-cause issues.
  • Cjwdev | Free Software For IT Professionals - A number of awesome free Active Directory support utilities. Man I love this stuff!
    • NTFS Permissions Reporter - “A tool for producing reports on NTFS permissions across multiple directories and servers.”
    • AD Info - “Query your Active Directory domain for information on several different types of objects (Users, Computers, Groups, Printers etc) using this flexible and user friendly Active Directory reporting tool.“
    • AD Tidy - “Clean up your Active Directory domain by identifying user and computer accounts that are no longer in use. Any accounts that match your search criteria can have a number of actions performed on them, including: Disable, Move, Remove From All Groups, Export To CSV and many more.”
    • Fast Software Audit - “Quickly audit multiple remote computers to find out what software is installed on them and retrieve Windows product key and product ID.” New to me. Was dead-on helpful surveying a series of systems to see if our software upgrade push worked on a sample of domain-joined systems. So Cool!
    • Managed Service Accounts GUI - “Managed Service Accounts are a useful new feature introduced in Server 2008 R2 but they can only be created and managed with Powershell, so this tool was created to provide a simple user friendly GUI that will let you create, edit and install them.”  More details in this 4sysops post: Managed Service Accounts GUI
  • How to partially remove the SkyDrive option in Office 2013 using Group Policy - Anything about IT
  • 8/2/2012 - Flash Player 11.3 Update  - Adobe Forums - This update (11.3.300.270) is only for specific cases for Windows systems and the Adobe ActiveX plugin only. It’s almost the same as 11.3.300.268 except for a fix where that version was crashing the Adobe Flash Player Update Service.
  • Source Sans Pro: Adobe’s first open source type family - Typblography. Nice new free font form Adobe.
  • Beta 1 released VirtualBox 2.4 - Born’s IT & Windows Blog (Google Translated).

For the Network Watchers

  • Rack Unit Measuring Tape - Packet Life - Cool but a bit expensive.
  • WPAD Man in the Middle - NETRESEC Blog - Great breakdown.
  • A better way of Analyzing HTTP Packet Captures from Cloudshark (by: Jason Walls) - LoveMyTool blog
  • Secrets of Vulnerability Scanning: Nessus, Nmap, and More (by Ron Bowes) - LoveMyTool blog
  • Penetration testing tool masquerades as surge protector - HelpNet Security & Power strip or network hacking tool? It’s both, actually - Ars Technica . One more thing to keep a watchful eye out for at work. Great.
  • Wireshark - Download for the latest stable release (1.8.1). More details see this Wireshark 1.8.1 Release Notes.

ForSec Focused

  • “Remote” Collections with WinFE, a neat trick - Windows Forensic Environment - I’m wondering if Devio: Remote drive access and acquisition might be another alternative.
  • A little reminder about ‘write protection’ - Windows Forensic Environment - Good reminder from Brett Shavers.
  • Colin’s Final Version of his write protect application - Windows Forensic Environment. See link below for project details
  • Windows Forensic Environment - Great WinFE project building site by Colin Ramsden.
  • New plugins have been coming in - RegRipper
  • regdecoderR99.zip - registrydecoder - 1.3 Minor Bug Fix - Automated Acquisition, Analysis, and Reporting of Registry Contents - Google Project Hosting
  • Combining Techniques - Journey Into Incident Response blog takes some fresh look at how malware and fraud investigation techniques compliment each other.
  • Parallels hard drive image converting for analysis - Forensic Focus blog - How to approach Parallels virtual drive analysis.
  • UserAssist Windows 2000 Thru Windows 8 - Didier Stevens - updated to version 2.6.0
  • Redline version 1.6 - Mandiant’s tool received an update back on July 11.
  • New Open Source Tool: Audit Parser - Mandiant’s community spirit continues with another tool to help sort and manage XML data output into tab-delimited text format for CSV/Excel work.
  • Looking at Mutex Objects for Malware Discovery and Indicators of Compromise - Lenny Zeltser posts at SANS Computer Forensics and Incident Response blog.
  • Beyond good ol’ Run key - Hexacorn blog - Additional tricks and tips to be on the watch for regarding auto-launch techniques you may see deployed. 
  • Cuckoo Sandbox  - Updated to version 0.4 back on July 24th.
  • Adding Value to Timelines - Windows Incident Response blog - Great perspective on timelines and their usefulness, when taken in larger context.
  • Malware Root Cause Analysis - Journey Into Incident Response - Excellent review on how to approach an analysis, including use of timelines and artifacts. Love the report diagram as well. Very concise and presentable to non-techies.
  • Attack Surface Analyzer 1.0 Released - The Security Development Lifecycle - interesting tool to baseline a system before a software change, then re-run to examine impact to security the installation may have caused.
  • Links and Updates - Windows Incident Response blog - Nice walkabout looking at some new sites, tools, and forsec posts.

USB Imaging

  • A Simple USB Thumb Drive Duplicator on the Cheap - Open Security Research - Interesting post on a do-it-yourself technique for replicating an USB drive image when you don’t have the $$ for a hardware-based specialty appliance.
  • ImageUSB - Write an image to multiple USB Flash Drives - OSForensics - Software based USB duplication tool.
  • USB Image Tool - alex's coding playground - my own preference for capturing and duplicating a USB drive image to additional drives.

Utilities and Miscellanea

  • From TechEd: Legacy Web App Issues, Sysinternals Gems, webcast with Mark Russinovich - Aaron Margosis' "Non-Admin" and App-Compat WebLog - great video links.
  • TSSessions utility - Aaron Margosis' "Non-Admin" and App-Compat WebLog
  • Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3 - Sysinternals Site Discussion
  • Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1 - Sysinternals Site Discussion
  • quarkspwdump - Windows credentials extraction - Google Project Hosting - recently updated to version 0.2b on July 16th.
  • MultiMonitorTool - NirSoft - New tool release to help manage multiple display setups.
  • Peppermint OS - Interesting “light” (under 512 MB) LiveCD distro built on MintLinux.
  • NoVirusThanks Process Dumper - NoVirusThanks. CLI tool for dumping “…all commited regions of a process’ virtual memory to a .dmp file that can be later analyzed.”  More details in this company blog post: Dump Processes with NoVirusThanks Process Dumper.  Compare with Sysinternal’s ProcDump.
  • CCEnhancer -SingularLabs  - Updated to version 3.5. Great easy-to-use tool to simply upgrade the fantastic Piriform product CCleaner with a whole lot more scrubbing power. Take a peak also at SingularLab’s System Ninja system optimizer and cleaner app.
  • Directory Monitor - Brutal Developer - Updated to version 1.1.2.12. Available in x32, x64, and portable versions. Sweet!
  • GeekUninstaller - Nice freeware app to not only uninstall apps from Windows systems, but also do some advanced system scanning and program super-cleaning of the bits and pieces that get left behind.  More in this CyberNet News post; Cleanly Uninstall Windows Applications and Remove Leftover Files.

Cheers!

--Claus V.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Active Directory, boot-cd's, forensics, Link Fest, Linux, networking, NFAT, security, utilities, Win FE, Win PE | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Finally! Time to Post! New material list
    After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule a...
  • Oscar watch Linkpost
    Alvis and Lavie are watching the Oscars tonight and I’m along for the ride. I wasn’t able to come even close to getting out some of the pos...
  • New Year’s Day - First Post 2011
    Same day I came out with my first post after a long drought, I fell upon this article Blogging Seems To Have Peaked, Says Pew Report over a...
  • Utility Gumbo
    There’s a lot in this pot.  Probably something everyone can find to enjoy. I’m serving it up tonight out of the back of the truck on the s...
  • iodd : Multi-boot madness!
    Like many computer technicians and responders, I seem to always have at hand a collection of bootable media; CD’s, DVD’s, USB-HDD’s, flash m...
  • Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found
    A few weeks ago a new release of Ubuntu came out. Naturally that meant it was update time! I have been getting pretty good at this now so ...
  • Interesting Malware in Email Attempt - URL Scanner Links
    Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used t...
  • Windows 8 Linkage: A Bit Behind the Ball
    CC attribution: behind the eight ball by Ed Schipul on flickr . OK. Confession time. I’m more than a bit exhausted this weekend. Besides a...
  • Lego MiniFig Extravaganza
    picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “l...
  • This Week in Security and Forensics: Beware the cake!
    Cube Party! image used with permission from John Walker at "rockpapershotgun.com" Yeah, the cake is a Portal thing.  Let’s d...

Categories

  • Active Directory
  • anti-virus software
  • Apple
  • architecture
  • art
  • AVG
  • Blogger
  • blogging
  • books
  • boot-cd's
  • browsers
  • cars
  • cell-phones
  • cheat sheets
  • Chrome/Chromium
  • command-line interface
  • cooking
  • crafts
  • crazy
  • curmudgeon
  • DHC
  • Dr. Who
  • E-P1
  • Education
  • family
  • Firefox
  • firewalls
  • For the Gentleman
  • forensics
  • Gmail
  • Google
  • graphics
  • hacks
  • hardware
  • humor
  • hurricanes
  • imagex
  • Internet Explorer
  • iOS
  • iPhone
  • iPod
  • iTunes
  • Kindle
  • Learning
  • Link Fest
  • Linux
  • malware tools
  • Microsoft
  • movies
  • music
  • networking
  • NewsFox
  • NFAT
  • Nook
  • Opera
  • organization
  • PDF's
  • photography
  • politics
  • PowerShell
  • recipes
  • Remote Support
  • RSS
  • science
  • Scripting
  • search engines
  • security
  • Shuttle SFF
  • software
  • Texana
  • Thunderbird
  • troubleshooting
  • TrueCrypt
  • tutorials
  • utilities
  • VBscript
  • video
  • Virtual PC
  • virtualization
  • viruses
  • Vista
  • Vista mods
  • wallpapers
  • Win FE
  • Win PE
  • Win RE
  • Windows 7
  • Windows 8
  • Windows Home Server
  • Windows Live Writer
  • Windows Phone
  • writing
  • XP
  • XP mods
  • Xplico

Blog Archive

  • ►  2013 (83)
    • ►  November (8)
    • ►  October (8)
    • ►  September (14)
    • ►  August (6)
    • ►  July (10)
    • ►  June (10)
    • ►  April (11)
    • ►  March (6)
    • ►  February (7)
    • ►  January (3)
  • ▼  2012 (96)
    • ►  December (8)
    • ►  November (4)
    • ►  October (9)
    • ►  September (8)
    • ▼  August (12)
      • Power Pile of Links
      • Video Encoding tip…if at first you don’t succeed…
      • I’m probably the only Sysadmin bothered by this TV ad
      • Windows 8 Linkage: In Which a Name is Chosen
      • Weekend Linkfest
      • Stormy Sunday Linkfest
      • Innounp Update Tip
      • Browser Options
      • Free Quality On-Line Learning Resources
      • FreeCommander micro-tip
      • GSD Hurricane Tracking Links – 2012
      • Windows 8 Linkage: Product Name “Something or Anot...
    • ►  July (4)
    • ►  June (3)
    • ►  May (7)
    • ►  April (13)
    • ►  March (3)
    • ►  February (5)
    • ►  January (20)
  • ►  2011 (41)
    • ►  December (8)
    • ►  November (7)
    • ►  September (4)
    • ►  August (4)
    • ►  July (2)
    • ►  June (6)
    • ►  March (5)
    • ►  February (1)
    • ►  January (4)
  • ►  2010 (69)
    • ►  December (1)
    • ►  October (3)
    • ►  September (2)
    • ►  August (13)
    • ►  July (17)
    • ►  June (3)
    • ►  May (3)
    • ►  April (3)
    • ►  March (11)
    • ►  February (1)
    • ►  January (12)
  • ►  2009 (177)
    • ►  December (20)
    • ►  November (11)
    • ►  October (7)
    • ►  September (7)
    • ►  August (21)
    • ►  July (17)
    • ►  June (7)
    • ►  May (18)
    • ►  April (9)
    • ►  March (17)
    • ►  February (23)
    • ►  January (20)
  • ►  2008 (35)
    • ►  December (23)
    • ►  November (12)
Powered by Blogger.

About Me

Unknown
View my complete profile