Many companies surprisingly aren’t worried about employees using a private USB stick or Hard Disk to get some data from the company network and do some work at home. However, portable storage devices pose a serious security threat. It can be lost or intentionally be used to leak sensitive data, and introduce serious trouble into… Read More
Services hardening within Windows Server 2008 and Windows 7
In the past Windows services are causing a large amount of attacks on the Windows platform. An attacker can rely on Windows services because the most common are almost always present on a Windows Machine. Like this creating a highly predictable situation and of course this all comes with the privilege level of services. This… Read More
Working with Windows User Account Control (UAC) and how to disable
Daily user don’t want to think about their rights on a machine to get their work done. It’s simple and gives us the biggest freedom to have the highest rights possible. So, Windows users are used to work with administrative privileges in both the enterprise organization and at home. This article discusses Windows User Account… Read More
Windows integrity level mechanism (WIL)
Vista and later versions of Windows include a new feature called “Mandatory Integrity Controls” but also became known as “Windows Integrity Levels” (or WILs). Under WIL, every object that can have permissions can also have a label, stored in roughly the same place as it stores permissions, that identifies its “integrity level.” this article dicusses… Read More
NTLM and Kerberos within Windows 7, Windows Server 2008
The LAN Manager hash was one of the first password hashing algorithms in Windows operating systems. Newer operating systems today still support the use of LM hashes for backwards compatibility purposes. The good thing is; it is disabled by default for Windows Vista and Windows 7. This article discuss the support for LM, NTLM and… Read More
Windows 7 firewall facts
The serious Windows Firewall was introduced with Windows Vista, and at the time represented a major improvement over XP. The firewall in Windows 7 supports filtering for in – and outgoing traffic, as well as application-aware outbound filtering, which gives it full bi-directional control. This article dicusses the Firewall and its settings. The firewall is… Read More
Using bitlocker encryption within Windows
Theft or loss of corporate intellectual property is an increasing problem and concern for organizations. Protection is particularly valuable with mobile computers and portable media like USB sticks, which are more vulnerable to theft or loss. Microsoft introduced Bitlocker in Windows. This article discusses Bitlocker, the possibilities, using USB keys and portable media with Bitlocker… Read More
Investigating and understanding processes on a Windows System
Besides knowing what is happening on the network level it is interesting to know about the processes that run on a Windows system and the specific meaning of that process. From an administrator perspective it can be useful information in troubleshooting a machine. From a forensics perspective it is necessary that a system is being… Read More
Determining DNS activity on a Windows System
It is interesting and necessary to identify current and recent network activity on a Windows system. In this article we’ll discuss how to get crucial DNS information and how to understand this information.
Determining network activity on a Windows System
In investigating a potentially infected or compromised system, it is essential to identify current and recent network activity. This information includes inspecting possible network connections and recent requests. In addition to this network activity analysis in common it might be interesting to know specific portnumber on which communication occurs and of course the processes on… Read More
