Here is a roundup of a LOT of Sysadmin/For-Sec linkage I’ve tucked away over the past couple of weeks.
It stormy outside, dry inside, and the Olympics churn on on the tele. Perfect time for a super-fast linkfest dump.
Noteworthy For the SysAdmin
- Case of the Domain Join Failure - chentiangemalc - Because it really is frustrating when you can’t join a workstation to the domain!
- LeapFrog Connect: Can’t install Adobe Flash on Windows 7 x64? - Kurt Shintaku's Blog - Why was I not surprised it was a Flash version issue?
- Some Facts About Windows Low Disk Space Warning Balloon - Windows7hacker
- Windows 7 Tip: How To Log Which Drivers Get Loaded During System Boot - Windows7hacker
- Resolving USB Speed Issues, “This Device Can Perform Faster” Error - MakeUseOf blog - this bugs me to no end! Grrr! At least thanks to Chriss Hoffman’s excellent post, I have a better understanding of some root-cause issues.
- Cjwdev | Free Software For IT Professionals - A number of awesome free Active Directory support utilities. Man I love this stuff!
- NTFS Permissions Reporter - “A tool for producing reports on NTFS permissions across multiple directories and servers.”
- AD Info - “Query your Active Directory domain for information on several different types of objects (Users, Computers, Groups, Printers etc) using this flexible and user friendly Active Directory reporting tool.“
- AD Tidy - “Clean up your Active Directory domain by identifying user and computer accounts that are no longer in use. Any accounts that match your search criteria can have a number of actions performed on them, including: Disable, Move, Remove From All Groups, Export To CSV and many more.”
- Fast Software Audit - “Quickly audit multiple remote computers to find out what software is installed on them and retrieve Windows product key and product ID.” New to me. Was dead-on helpful surveying a series of systems to see if our software upgrade push worked on a sample of domain-joined systems. So Cool!
- Managed Service Accounts GUI - “Managed Service Accounts are a useful new feature introduced in Server 2008 R2 but they can only be created and managed with Powershell, so this tool was created to provide a simple user friendly GUI that will let you create, edit and install them.” More details in this 4sysops post: Managed Service Accounts GUI
- How to partially remove the SkyDrive option in Office 2013 using Group Policy - Anything about IT
- 8/2/2012 - Flash Player 11.3 Update - Adobe Forums - This update (11.3.300.270) is only for specific cases for Windows systems and the Adobe ActiveX plugin only. It’s almost the same as 11.3.300.268 except for a fix where that version was crashing the Adobe Flash Player Update Service.
- Source Sans Pro: Adobe’s first open source type family - Typblography. Nice new free font form Adobe.
- Beta 1 released VirtualBox 2.4 - Born’s IT & Windows Blog (Google Translated).
For the Network Watchers
- Rack Unit Measuring Tape - Packet Life - Cool but a bit expensive.
- WPAD Man in the Middle - NETRESEC Blog - Great breakdown.
- A better way of Analyzing HTTP Packet Captures from Cloudshark (by: Jason Walls) - LoveMyTool blog
- Secrets of Vulnerability Scanning: Nessus, Nmap, and More (by Ron Bowes) - LoveMyTool blog
- Penetration testing tool masquerades as surge protector - HelpNet Security & Power strip or network hacking tool? It’s both, actually - Ars Technica . One more thing to keep a watchful eye out for at work. Great.
- Wireshark - Download for the latest stable release (1.8.1). More details see this Wireshark 1.8.1 Release Notes.
- “Remote” Collections with WinFE, a neat trick - Windows Forensic Environment - I’m wondering if Devio: Remote drive access and acquisition might be another alternative.
- A little reminder about ‘write protection’ - Windows Forensic Environment - Good reminder from Brett Shavers.
- Colin’s Final Version of his write protect application - Windows Forensic Environment. See link below for project details
- Windows Forensic Environment - Great WinFE project building site by Colin Ramsden.
- New plugins have been coming in - RegRipper
- regdecoderR99.zip - registrydecoder - 1.3 Minor Bug Fix - Automated Acquisition, Analysis, and Reporting of Registry Contents - Google Project Hosting
- Combining Techniques - Journey Into Incident Response blog takes some fresh look at how malware and fraud investigation techniques compliment each other.
- Parallels hard drive image converting for analysis - Forensic Focus blog - How to approach Parallels virtual drive analysis.
- UserAssist Windows 2000 Thru Windows 8 - Didier Stevens - updated to version 2.6.0
- Redline version 1.6 - Mandiant’s tool received an update back on July 11.
- New Open Source Tool: Audit Parser - Mandiant’s community spirit continues with another tool to help sort and manage XML data output into tab-delimited text format for CSV/Excel work.
- Looking at Mutex Objects for Malware Discovery and Indicators of Compromise - Lenny Zeltser posts at SANS Computer Forensics and Incident Response blog.
- Beyond good ol’ Run key - Hexacorn blog - Additional tricks and tips to be on the watch for regarding auto-launch techniques you may see deployed.
- Cuckoo Sandbox - Updated to version 0.4 back on July 24th.
- Adding Value to Timelines - Windows Incident Response blog - Great perspective on timelines and their usefulness, when taken in larger context.
- Malware Root Cause Analysis - Journey Into Incident Response - Excellent review on how to approach an analysis, including use of timelines and artifacts. Love the report diagram as well. Very concise and presentable to non-techies.
- Attack Surface Analyzer 1.0 Released - The Security Development Lifecycle - interesting tool to baseline a system before a software change, then re-run to examine impact to security the installation may have caused.
- Links and Updates - Windows Incident Response blog - Nice walkabout looking at some new sites, tools, and forsec posts.
- A Simple USB Thumb Drive Duplicator on the Cheap - Open Security Research - Interesting post on a do-it-yourself technique for replicating an USB drive image when you don’t have the $$ for a hardware-based specialty appliance.
- ImageUSB - Write an image to multiple USB Flash Drives - OSForensics - Software based USB duplication tool.
- USB Image Tool - alex's coding playground - my own preference for capturing and duplicating a USB drive image to additional drives.
Utilities and Miscellanea
- From TechEd: Legacy Web App Issues, Sysinternals Gems, webcast with Mark Russinovich - Aaron Margosis' "Non-Admin" and App-Compat WebLog - great video links.
- TSSessions utility - Aaron Margosis' "Non-Admin" and App-Compat WebLog
- Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3 - Sysinternals Site Discussion
- Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1 - Sysinternals Site Discussion
- quarkspwdump - Windows credentials extraction - Google Project Hosting - recently updated to version 0.2b on July 16th.
- MultiMonitorTool - NirSoft - New tool release to help manage multiple display setups.
- Peppermint OS - Interesting “light” (under 512 MB) LiveCD distro built on MintLinux.
- NoVirusThanks Process Dumper - NoVirusThanks. CLI tool for dumping “…all commited regions of a process’ virtual memory to a .dmp file that can be later analyzed.” More details in this company blog post: Dump Processes with NoVirusThanks Process Dumper. Compare with Sysinternal’s ProcDump.
- CCEnhancer -SingularLabs - Updated to version 3.5. Great easy-to-use tool to simply upgrade the fantastic Piriform product CCleaner with a whole lot more scrubbing power. Take a peak also at SingularLab’s System Ninja system optimizer and cleaner app.
- Directory Monitor - Brutal Developer - Updated to version 188.8.131.52. Available in x32, x64, and portable versions. Sweet!
- GeekUninstaller - Nice freeware app to not only uninstall apps from Windows systems, but also do some advanced system scanning and program super-cleaning of the bits and pieces that get left behind. More in this CyberNet News post; Cleanly Uninstall Windows Applications and Remove Leftover Files.