Detecting Windows Lateral Movement

I came across a great article on detecting windows lateral movement and wanted to share it with everyone: CERT-EU Security Whitepaper 17-002 “Detecting Lateral Movements in Windows Infrastructure” https://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf

Windows Batch Programming Notes and Examples

Recently I’ve been writing a lot of windows batch files that need to be compatible with both Windows 7 and Windows 10. I’ve decided to document some of what I have learned below. Check if .bat file was ran with elevated privileges WHOAMI /Groups | FIND "12288" >NUL IF ERRORLEVEL 1 ( ECHO This batch... » read more

Analyzing Windows Registry Keys on OSX

I’ll be reviewing how to analyze a .reg file for unique values on OSX Prerequisite dos2unix will be required brew install dos2unix Instructions In this example we will assume you have dumped all of HKEY_CURRENT_USER\Software\ in to a file named software-all.reg Converting the .reg file to UTF-8 The .reg file must be converted to a... » read more

Extracting Password Hashes from Active Directory

Extracting hashes from Active Directory To extract hashes from Active Directory you must first obtain a copy of the underlying Active Directory database; ntds.dit For more information on the Data Store Architecture please refer to this Microsoft Technet article Prerequisites You must be logged on to a domain controller. Extracting the Database To extract the... » read more

Using lzop on Windows

I wanted a fast way to backup an AppDynamics MySQL database directory on windows. The answer was lzop. Tools GoW 0.8.0 (GNU on Windows) lzop for Windows Setup Set your Enviornment PATH After installing GoW and extracting lzop.exe set your environment PATH to include the directory where you extracted lzop.exe Stop AppDynamics Controller and Database... » read more

backup perfmon counters

How to backup your perfmon counters The easiest way to backup your perfmon counters is to use the lodctr tool Lodctr Registers new Performance counter names and Explain text for a service or device driver, and saves and restores counter settings and Explain text. Syntax lodctr [\\ComputerName] FileName [/s:FileName] [/r:FileName] Example lodctr /s:"perf backup1.txt"

useful active directory scripts

Scripts to manage Active Directory Users Appending a Multi-Valued Attribute Appending a Phone Number Adding a Route to the Dial-In Properties of a User Account Adding a User to Two Security Groups Appending Address Page Information for a User Account Appending a Home Phone Number to a User Account Assigning a Published Certificate to a... » read more

Red Hat Linux cheat sheet commands examples RHEL

Useful Linux Commands (Red Hat) (http://www.cse.buffalo.edu/~eisner/DLW) Revised 3/1/2000 Getting information man commandname display the manual page for a particular command named commandname man -S sectionnumber commandname display the manual page under a specific section numbered sectionnumber for the command named commandname. Sometimes the same command will exist in more than one section. man alone will... » read more

How to Print a Windows Directory

Need to print a windows directory? Here’s how: 1. Open up notepad 2. paste this text in Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\printdir] @="Print Directory" [HKEY_CLASSES_ROOT\Directory\shell\printdir\command] @=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,70,00,72,00,69,\ 00,6e,00,74,00,64,00,69,00,72,00,2e,00,62,00,61,00,74,00,20,00,22,00,25,00,\ 31,00,22,00,00,00 3. Save file as printdir.reg 4. Open up a new notepad window 5. paste this in: @echo off dir %1 /-p /o:gn /S > "%temp%\Listing" start... » read more

SELECT permission denied on object ‘USERS’, database ‘qcsiteadmin_db’, owner ‘dbo’

How to resolve this error: [Mercury][SQLServer JDBC Driver][SQLServer]SELECT permission denied on object 'USERS', database 'qcsiteadmin_db', owner 'dbo'.; Stack Trace: java.sql.SQLException: [Mercury][SQLServer JDBC Driver][SQLServer]SELECT permission denied on object 'USERS', database 'qcsiteadmin_db', owner 'dbo'. at com.mercury.jdbc.base.BaseExceptions.createException(Unknown Source) at com.mercury.jdbc.base.BaseExceptions.getException(Unknown Source) The reason this error is occurring is because user td does not have rights to the tables... » read more