Five command line tools to detect Windows hacks
wow, I’ve never even heard of wmic or openfiles as command line tools. Nice article.
Let’s face it, Windows machines get hacked, and in some environments it happens a lot. Fortunately, Microsoft has built numerous tools into Windows so administrators and power users can analyze a machine to determine whether it’s been compromised
Five command line tools to detect Windows hacks : Information Security Expert Tips
Popularity: 3% [?]
Tags: AD, admin, IT, mac, microsoft, search, security, tags, windows, XPRelated posts
March 16, 2008 2 Comments
SolutionBase: Installing and configuring Network Access Control with PacketFence
PacketFence is the next big thing with network security and open source. Jack Wallen shows you how to run this installation completely by command line.
read more | digg story
Popularity: 2% [?]
Tags: AD, Digg, IT, network, security, workRelated posts
December 26, 2007 1 Comment
PassPack - Free online password manager software
Has anyone used this service? PassPack. I want to check how long they’ve been around. Storing all your passwords in one place….if that one account gets hacked your scr@wed…
Can you count how many passwords you have? Managing the literally hundreds of passwords that one must remember can be a royal pain! It’s even worse when you need to access something, but can’t remember the password! Unless you use the same password for everything, and that’s a terrible idea for security reasons, it’s really becoming hard to manage passwords in your head, on pieces of paper, or in unsecured text documents!……
online-tech-tips
Popularity: 2% [?]
Tags: passwords, securityRelated posts
December 15, 2007 1 Comment
Significant Group Policy Announcement by MS
We currently use BeyondTrust™ Privilege Manager which used to be part of Desktop Standard. Not sure why Microsoft didn’t purchase this product also. Its great for running workstations as non-admins and only elevating the needed programs or files.
Yesterday at TechEd in Barcelona, Microsoft made a slew of announcements. And buried in those announcements was the note about Group Policy Preferences. This is the name Microsoft has given to the DesktopStandard PolicyMaker extensions that they acquired last year. The good news is that these extensions are finally going to see the light of day as a free part of the OS when Server 2008 ships!!! This is HUGE because these extensions greatly add to what you can configure via Group Policy. And my understanding is that they will work on XP and above, which means that you get some of these great features without having to upgrade to Vista. In addition to adding support for new policy areas such as mapped drives, mapped printers, ini files, environment variables, shortcut distribution, local users and groups, scheduled tasks, power options, network options and IE settings, they also support much more granular filtering than you could ever get from WMI filters or security groups. This is huge because it means that there will be few things that you can’t configure on a Windows desktop using Group Policy!
Microsoft has created a whitepaper that you can download to get more detail on this new feature. This is great news!!! Cudos to the Group Policy team for making this happen!
Tags:
Significant Group Policy Announcement by MS
gpoguy
Tue, 13 Nov 2007 16:10:46 GMT
Popularity: 3% [?]
Tags: beyondtrust, desktopstandard, group policy, microsoft, securityRelated posts
November 15, 2007 No Comments
Changing local admin password?
This is a great write up about a sweet tool from sysinternals. I guess I still prefer a way to change the password via startup script, just so I know I get every machine. Plus we’ve changed the name of most of the local admin accounts, so I’ll have to run multiple versions of this command.
Changing local admin password?
I just find a good method to change the local admin password of client PC remotely from MCPMAG. By using this method, you don’t need to put the new password in script in order to make it work. You may reference this:
SysInternals offers a free too called PsPasswd
http://www.sysinternals.com/Utilities/PsPasswd.html , which
allows you to remotely reset passwords on a range of computers
on your network. The tool will also report successes and
failures of changed passwords, and allows you to run a single
command against a list of computers. Since the password is just
included within the syntax of a command that you run, it will
never be stored as plain text in a batch or script file.
To use PsPasswd, you’ll first need a list of all computers in
your domain. To enumerate all computer objects in a domain,
you could run this script:
LogFile = "C:\computers.txt"
Const ForWriting = 2
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from ‘LDAP://DC=mcpmag,DC=com’ " _
& "Where objectClass=’computer’"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)
Do Until objRecordSet.EOF
objFile.WriteLine objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop
Note that the script will output to a file named "computers.txt"
on the C drive. This could be changed by editing the LogFile
variable assignment in the first line of the script. Note that
in your environment, you will also need to change the domain
referenced in line 12. In my example, I use mcpmag.com
(DC=mcpmag,DC=com).
Once you have a list of all computers, you can then run
pspasswd.exe to change the local administrator password on
all systems in the list. Here’s the syntax that I used on my
test network:
pspasswd.exe @c:\computers.txt administrator P@ssword!
Following the @ symbol in the command syntax is the path to
the file containing all computer names. The next part of the
syntax is the name of the account whose password will be
changed, followed by the new password (P@ssword!).
Now here is the output that was generated from the command:
PsPasswd v1.21 - Local and remote password changer
Copyright (C) 2003-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
\\PC1:
Error changing password:
The network path was not found.
\\BSODME:
Password for BSODME\administrator successfully changed.
Since the output will list both success and failures, you will
be able to note the systems in which the password was not
successfully changed. In my case, the system named PC1 was not
located. So I would have to ensure that PC1 was online and then
run the command a second time. (Note that PsPasswd can also be
run against a single computer.) Since the command relies on UNC
paths to connect to systems, you will need to ensure that the
target systems have File and Print Sharing enabled and that File
and Print Sharing is not being blocked by the system’s firewall.
By default, the Windows XP Pro SP2 firewall does not allow File
and Print sharing. However, this can be quickly changed via
Group Policy.
As you can see, with a simple list of computers on your network,
remotely changing the local administrator password using PsPasswd
is a relatively painless process.
Changing local admin password?
Richard
Fri, 31 Aug 2007 10:28:00 GMT
Popularity: 3% [?]
Tags: admin, microsoft, securityRelated posts
November 12, 2007 No Comments
Twitter Updates for 2007-09-26
- BenwayNet: How can I Remove Backgrounds From A Picture Quickly in Photoshop?: I’m just .. http://tinyurl.com/2hr6zo #
- BenwayNet: Links for 2007-09-25 [del.icio.us]:
tlbox - System Administration Tools http://tinyurl.com/38wyd5 # - 2nd day of vwmare training. Today’s topic Security #
Powered by Twitter Tools.
Popularity: 2% [?]
Tags: AD, admin, IT, photos, photoshop, RDP, security, training, twitter, twitter tools, updates, word, WordPressRelated posts
September 26, 2007 No Comments
Getting mad at the security in…
Getting mad at the security in IE7. My site won’t load because of an embedded video. I even added it to the trust site zone.. Urrgggg
Popularity: 1% [?]
Tags: AD, IE, IT, security, siteRelated posts
May 2, 2007 No Comments
Intrusion Detection With BASE And Snort
This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network.
Popularity: 2% [?]
Tags: AD, Digg, IT, linux, network, security, workRelated posts
July 10, 2006 No Comments
Microsoft Standard User Analyzer
Overview
The Standard User Analyzer
helps developers and IT professionals diagnose issues that would prevent a
program from running properly without administrator privileges. On Windows
Vista, even administrators run most programs with standard user privileges by
default, so it is important to ensure that your application does not have
administrator access as a dependency.Using the Standard User Analyzer to
test your application can identify the following administrator dependencies and
return the results in a graphical interface:* File access
* Registry
access
* INI files
* Token issues
* Security privileges
* Name
space issues
* Other issuesThis tool also complements the
Application Compatibility Toolkit (ACT) 5.0. ACT 5.0 will include a User Account
Control agent that you can deploy to user desktops to identify applications that
require administer privileges. The Standard User Analyzer is designed to be run
on the developer or tester’s workstation to test and troubleshoot a specific
application. Issues identified with the Standard User Analyzer can also be
entered into you ACT 5.0 database so you can track the application compatibility
across your environment.
[Via Bink.nu]
Popularity: 2% [?]
Tags: AD, admin, database, help, IE, IM, IT, microsoft, security, vista, windows, workRelated posts
May 31, 2006 No Comments
Protests? Are You Shitting Me?
I’ve been meaning to put together something about all these illegal’s. but I haven’t had the time or be able to put together something because the whole idea of people complaining because they broke the law, but want to get all the benefits of being an american. ARRGGGGG… Once again, Randy comes to my rescue.
One more thing, whatever happens, these people MUST learn english.
jb
I’m confused.
I mean, there’s a march in downtown Seattle. There’s been marches across the country. The news is reporting that these marches are for immigrant rights.
Am I on an episode of Sliders? Quantum Leap?
What the fuck is going on here?
All of the media needs to be slapped with a giant trout. Not one of the current news sources is accurately reporting on this story on all fronts. What does it take to be accurate? How about you remind the public that all of this bullshit is because Congress decided to enforce the law! We do not have open borders. We have a poorly maintained border and Congress was planning on fixing that aspect of the problem.
In a compromise, our lawmakers said “hey, want to hang out? Fine - do your duty and become citizens” and people freaked.These protesters are protesting because an existing law is trying to be enforced!
No one mentions that. No one seems to say that people are protesting for “illegal immigrant rights”. That one word gets left out. Drifts away. La la la, they have a right to be here. Bullshit.
What else is pissing these protester off? That we want illegal immigrants to learn English, if they want to stay. That we want them to work for the citizenship that they’ve been stealing all these years. That we want them to pay all of the taxes that they’ve been failing to pay all these years.
People always go on about “America needs to welcome immigrants”. I agree, we do. I also agree that it needs to be regulated like it has been for almost 100 years. Like it was supposed to be regulated for the last decade. Like it was for my relatives three generations ago. For security, for economics, for quality of life, etc. etc. etc. It’s an endless concern - one that should have been addressed in the 90’s.
Of course when you bring this up, illegal immigrants throw the “genetic lottery” in yer face. “Oh, well, that’s OK for you - you were born here.” Right. What makes you so damned special that you think you can question where I was born? I was born here. That means I was forced to learn English, because I was born here. If there was a draft, I would be forced to defend my country because of my citizenship, because I was born here. And because I was born here and I work here, I’m forced to pay my taxes.
All of which illegal immigrants don’t have to do. Why the hell are you all complaining?
From MSNBC: Nineth Castillo, a 26-year-old waitress from Guatemala who joined the Atlanta march, said she has lived in the United States for 11 years “without a scrap of paper.” Asked whether she was afraid to parade her undocumented status in front of a massive police presence, she laughed and said: “Why? They kick us out, we’re coming back tomorrow.”
Right. That makes sense. What a fuckin’ pooch screw. I’d love to see the reaction to our government saying “Get the fuck out. Now.” That these people even have a right to protest comes without any payment to the government that allows it. Lunacy.
Hell, yeah, I’m confused.
[Via RandyRants.com]
Popularity: 2% [?]
Tags: AD, IM, IT, lan, love, nac, News, security, word, workRelated posts
April 12, 2006 No Comments
