GSD Saturday Linkfest: IT Crowd and ForSec Folks welcome

News and Links For the ForSec Crowd

Kali Linux 1.0.5 and Software Defined Radio - Kali Linux - new build released with updates and some bells-and-whistles to boot!

Windows 8 / Server 2012 Memory Forensics - Forensic Methods

Inside Windows Rootkits - Forensic Methods

Links - Windows Incident Response blog - Lots of great fresh material here!

Forensic Perspective - Windows Incident Response blog

Tools to Grab Locked Files - Journey Into Incident Response blog - Cory Harrell has a simply amazing post full of tremendous resources worth taking a look into for using to grab locked files.

DOWNLOAD: Microsoft Security Intelligence Report, Volume 14 Windows Application & PDF - Kurt Shintaku's Blog - This is too good to pass up! From Kurt’s post.

The Microsoft Security Intelligence Report Windows application analyzes the threat landscape of exploits, vulnerabilities, and malware using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services.

Readers will find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.  

Key features of the application include:

• All content, in one convenient place – includes all 800+ pages of content from Volume 14 of our latest report and is fully searchable.
• High fidelity charts – Many customers have asked us if they can obtain high resolution versions of the charts. We’ve delivered that in the application and have even included the “save as” functionality so that customers may use them in other applications, such as PowerPoint.
• Reader friendly – We’ve designed the application with you, the reader in mind. One example of this is the integration of our glossary into the body of a page which appear as mouse-over tool-tips.

Security Intelligence Report (SIR) vol.14 (Windows Application) - Microsoft.com - The installable application has 800+ pages of content while the PDF version checks in at 120 pages. Pick you medicine and pucker up.

Other useful Microsoft security and threat response links:

• Microsoft Malware Protection Center
• Microsoft Security Response Center
• Computer Security Tools & Downloads – TechNet Security
• Microsoft Security Intelligence Report

Microsoft Security Essentials Prerelease - Microsoft Download Center - new pre-release version 4.4.207.0 for interested users of MSSE. Released on 09.09.13 so it is very fresh.

(IN)SECURE Magazine issue 39 released - HelpNet Security - Download directly here (PDF link).

News and Links For the IT Crowd

I enjoy the technical and scientific articles I get in my RSS feeds over from the IEEE Spectrum website. It has great material and is terribly technical. Some sadly interesting IT news I’ve seen over there recently tag state IT departments.

• IT Hiccups of the Week: A Bad Week for U.S. State Government IT - IEEE Spectrum
• Is There a U.S. IT Worker Shortage? - IEEE Spectrum
• IT Hiccups of the Week: U.S. State Government IT System Meltdowns Galore - IEEE Spectrum

A new find this week has been the Microsoft Office Configuration Analyzer Tool

The Microsoft Office Configuration Analyzer Tool (OffCAT) is a program that provides a detailed report of your installed Office programs. This report includes many parameters about your Office program configuration and highlights known problems found when OffCAT scans your computer. For any problems that are listed in the report, you are provided with a link to a public-facing article (usually a Microsoft Knowledge Base article) on the issue so you can read about possible fixes for the problem. If you are a Help Desk professional, you can also save the report to file so that the report can be viewed in the Office Configuration Analyzer Tool on another client where the tool is installed. The Office Configuration Analyzer Tool 1.1 also includes a command-line version that can be used to collect an OffCAT scan without user intervention.

I’ve been playing with it for a while and am amazed at the depth of information and assistance it provides, particularly for many very obscure items.

Spotted over at this 4sysops post FREE: Microsoft OffCAT – Office Configuration Analyzer Tool 1.1

MBSA 2.3 Preview Release Available - Anything about IT - News about a new preview release version of Microsoft Baseline Security Analyzer (note link is to public version 2.2) that supports MS OS’s between XP and Windows 8.1

Windows 8.1 Command Prompt or PowerShell - Anything about IT

PowerShell 4.0 – A first look - 4sysops

How to Know When an Object Was Created and Changed in Active Directory - WindowsNetworking.com

When was the Last Password Changed for a User Account in Active Directory - WindowsNetworking.com

Office 365 for Nonprofits Organizations - Microsoft.com - Microsoft recently announced that they are offering Office 365 for non-profits (including eligible churches). This could be a big deal for many, learn more here.

SysInternals Tools, Windows 8 Training - Microsoft Virtual Academy - Seven video training modules and supporting materials to assist with learning the latest in core SysInternals tools. Check it out! Hat tip to Kurt Shintaku.

Kyle Beckman has posted a great series about Folder Redirection over at 4sysops that I (re)discovered. Lots of good information and tips here.

• Folder Redirection – Part 1: Introduction - 4sysops
• Folder Redirection – Part 2: Setting up your file server
• Folder Redirection – Part 3: Explanation of folder permissions
• Folder Redirection – Part 4: Group Policy configuration
• Folder Redirection – Part 5: Best practices
• How to disable Folder Redirection

Create a new Windows Service

Moon Point Support Weblog had a helpful post: Creating a Service for a Windows System

It caught my eye as we are working with a system down in the coal-mines that requires running the core features as applications rather than services which makes security and log-in/account management more than a little bit challenging. Alas, this won’t solve those headaches but it is worth bookmarking and knowing.

How To Create a User-Defined Service - Microsoft Support

How to create a Windows service by using Sc.exe - Microsoft Support

NSSM - the Non-Sucking Service Manager

Virtualization Software Updates

Download VMware Player 6.0 - VMware

VMware woos power users and IT pros with Fusion and Workstation upgrades - Ars Technica

VMware Player 6 Released with Full Windows 8.1 Support - Next of Windows

Oracle VM VirtualBox - Version 4.2.18 released - Oracle

General Application and Utility Updates of Note

UltraVNC VNC - version release 1.1.93 now out.

PeStudio - version release 7.45 now out.

Speccy v1.23 - Piriform - new release.

HWiNFO Portable - version 4.24-2000 - PortableApps.com - in what begs another GSD LinkList post, HWiNFO is yet another system hardware info-gathering resource I’ve been playing with. I’ve got more than a few I call up from the bullpen and this one has been added to the pitching stable.

IOBit Driver Booster Free - I confess I was very skeptical when I saw this new application appear. I have a few trusted driver apps to catalog and/or back up existing drivers on a system, and some vendor-specific driver update scanning applications used to update my systems. However, I have generally distained apps that claim to scan for driver updates on Windows systems and tell me what I need. Driver updating can be a dangerous and system-harmful thing if the wrong one is applied. So when I tried with trepidation this application, I found the UI was super clean and easy to navigate, the scan was immediate and dead-on fast, it seemed very accurate (finding only one out of date driver), provides a detailed and comprehensive list of drivers checked and their status, and creates a Restore point before every driver update is installed. It’s so easy I’d recommend it to my non-techy friends and family who I support. Great job IOBit! I’ll be running this one weekly!

SoftPerfect Network Scanner - updated to version 5.5. See Changelog for details.

Wireshark - updated to Stable version 1.10.2 and Old Stable version 1.8.10.

• Wireshark 1.10.2 - Release notes
• Wireshark 1.8.10 - Release notes

For you crazy WinPE building fans who use WinBuilder, a new version has been released that is much different from the previous version you may be familiar with. At the time of this blog-posting, the Winbuilder.net site seems to be temporarily down, but here were the applicable links you need to check out. I suspect fans of WinBuilder will fall one one side of the fence or the other; love it or hate it. Particularly with the Java building components.

• WinBuilder - Development - reboot.pro
• WinBuilder - reboot.pro
• without imbedded Java RTEs - download version.

lessmsi (aka Less Msiérables) · ActiveScott at GitHub - now at version 1.1.3 The download link is a bit hard to find on the page if you aren’t used to GitHub. Look for “1 release" at the top bar just above the purple band and click it to find the compiled binaries in lessmsi-v1.1.3.zip.

d7 v10 Just Released! - Computer Technician - Foolish IT LLC.the updated change list is too expansive for me to try to list here. Check it out.

SoundVolumeView - new NirSoft utility - View/change sound levels & save/load sound level profiles on Windows Vista/7/8/2008 - More details in this NirSoft blog post.

Whew!  That post tired me out…or maybe it was the A&M/Alabama game live-streaming on my second monitor.

--Claus Valca