Radical Development

Technical Without the Technicalities

How To Be Sneaky And Hide Data Using Alternate Data Streams

| 0 comments

Have you heard of Alternate Data Streams (ADS)? If not, sit back and relax and learn what you can do with ADS. Before I get to far into the subject it is important to understand what ADS is used for. In short, ADS was introduced with the Microsoft NTFS file system and allows for more than a single stream of data to be associated with a file. So what does this really mean? Have you ever looked at the properties on a given file? If so, you have likely noticed the data entry areas for the author or title attributes. … Continue reading

Microsoft Assessment and Planning Toolkit Explained

| 0 comments

What does the MAP toolkit do? The Microsoft Assessment and Planning (MAP) Toolkit 8.0 is an inventory, assessment, and reporting tool that helps you assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs. The MAP toolkit uses Windows Management Instrumentation (WMI), Active Directory Domain Services (AD DS), SMS Provider, and other technologies to collect data in your environment and inventories computer hardware, software, and operating systems in small or large IT environments without installing any agent software on the target computers. The download is free, but it has a laundry list of prerequisites: .Net … Continue reading

Encrypting File System in Windows

| 1 Comment

Did you know that you can encrypt and decrypt files and folders within Windows without the need of any third party software? Encrypting File System (EFS) is a feature within New Technology File System (NTFS) where the individual who is currently logged into the operating system (OS) has the ability to perform encryption. If you encrypt a folder then any files that you move or copy into this folder also become encrypted and this all happens on the fly. The beauty of this is if you have a computer that is shared by multiple individuals this is a good way … Continue reading

A Look At Microsoft SQL Server Database Security

| 0 comments

Security and web applications is something that I speak and write about often and I believe one aspect of overlooked security is the database itself. For the purpose of this article I am focusing on Microsoft SQL Server. I am by no means a database administrator therefore this article is from the point of view of a developer and general in nature. Since web applications typically have an interface to the database the best way to think about security is the fact that the web application is the key to the database and for this reason you must take a … Continue reading

Sysinternals PsInfo

| 0 comments

In the area of digital forensics information gathering and documentation is critical. While there are a number of available tools available I want to focus on PsInfo which is a command-line tool that gathers key information about the local or remote Windows NT/2000 system, including the type of installation, kernel build, registered organization and owner, number of processors and their type, amount of physical memory, the install date of the system, and if its a trial version, the expiration date. General Use psinfo [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] [-h] [-s] [-d] [-c [-t delimiter]] [filter] \\computer Perform the … Continue reading

Harden The Operating System With Microsoft Attack Surface Analyzer

| 0 comments

Just a few days ago Microsoft released what is known as the Attack Surface Analyzer which helps to harden the operating operating system by using snapshots. The idea is knowing what changes occur in the following areas: Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform IT Professionals to assess the aggregate attack surface change by the installation of an organization’s line of business applications IT Security Auditors to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews IT Security … Continue reading

Find And Address Security Vulnerabilities With Tenable Nessus

| 0 comments

Have you ever really stopped for a moment to consider just how vulnerable you are every time you turn on your computer? If your answer is no, I implore you to take security seriously as the threat is real and the reality is it is not difficult at all for the black hat (attacker) to find a vulnerability on your end and possible then exploit that vulnerability. HP’s 2011 Top Cyber Security Risks Report states that while vulnerabilities are down over recent years roughly 24% of recent vulnerabilities were classified as critical. The percentage is important because even though vulnerabilities … Continue reading