How to be sneaky and hide data using alternate data streams

| 0 comments

Have you heard of Alternate Data Streams (ADS)? If not, sit back and relax and learn what you can do with ADS. Before I get to far into the subject it is important to understand what ADS is used for. In short, ADS was introduced with the Microsoft NTFS file system and allows for more than a single stream of data to be associated with a file. So what does this really mean? Have you ever looked at the properties on a given file? If so, you have likely noticed the data entry areas for the author or title attributes. Of course there are number of additional attributes, but my point is this is where ADS comes into the picture. Keeping in mind this example you can see the benefit of ADS. It is also important to understand that when you leverage ADS it does not change the the file size and it is virtually impossible to know if the data stream has been exploited. Note that I said virtually impossible. In Windows XP Service Pack 2 Microsoft introduced what is known as Attachment Execution Service (AES) which provides warnings to the end users concerning files that may received. Of …

Continue reading

Microsoft Assessment and Planning Toolkit explained

| 0 comments

What does the MAP toolkit do? The Microsoft Assessment and Planning (MAP) Toolkit 8.0 is an inventory, assessment, and reporting tool that helps you assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs. The MAP toolkit uses Windows Management Instrumentation (WMI), Active Directory Domain Services (AD DS), SMS Provider, and other technologies to collect data in your environment and inventories computer hardware, software, and operating systems in small or large IT environments without installing any agent software on the target computers. The download is free, but it has a laundry list of prerequisites: .Net framework, Windows Installer version 4.5, .Net Framework 3.5 SP1, Microsoft Office, machine can’t be a domain controller, and so forth. The installer will also try to download and install SQL Server Express if you don’t already have it on the system. MAP is an ideal assessment and planning tool for the following: Discovery of computers and applications Hardware and software readiness migration Capacity planning for server, desktop and virtualization projects Public and Private Cloud capacity and migration planning Software usage tracking Once you install it in your environment, MAP takes an inventory of the systems found on the network and …

Continue reading

Encrypting file system in Windows

| 0 comments

Did you know that you can encrypt and decrypt files and folders within Windows without the need of any third party software? Encrypting File System (EFS) is a feature within New Technology File System (NTFS) where the individual who is currently logged into the operating system (OS) has the ability to perform encryption. If you encrypt a folder then any files that you move or copy into this folder also become encrypted and this all happens on the fly. The beauty of this is if you have a computer that is shared by multiple individuals this is a good way to secure your sensitive data. Now one thing that you need know is while the data in encrypted those same files and folders can be deleted by anyone how is assigned to the administrator group. It is also worth mentioning that these encrypted files or folders do not maintain the encryption while in transit.  In other words, if you are going to email a file or copy to an external drive you lose the encryption. EFS encryption doesn’t occur at the application level but rather at the file-system level; therefore, the encryption and decryption process is transparent to the user …

Continue reading

A look at Microsoft SQL Server Database security

| 0 comments

Security and web applications is something that I speak and write about often and I believe one aspect of overlooked security is the database itself. For the purpose of this article I am focusing on Microsoft SQL Server. I am by no means a database administrator therefore this article is from the point of view of a developer and general in nature. Since web applications typically have an interface to the database the best way to think about security is the fact that the web application is the key to the database and for this reason you must take a number of steps to protect the database. In general there are a number of steps you can take and those steps include patch management, authentication, access control, management of services, and finally protocols. Installation Process The ideal installation is a single server that is solely for the database itself. The worst thing you can do is to install SQL Server alongside the web application server, domain controller, proxy server and so on. This may not always be feasible, but you should make every effort to separate the various services and products that you intend to run. By doing so should …

Continue reading

Sysinternals PsInfo

| 0 comments

In the area of digital forensics information gathering and documentation is critical. While there are a number of available tools available I want to focus on PsInfo which is a command-line tool that gathers key information about the local or remote Windows NT/2000 system, including the type of installation, kernel build, registered organization and owner, number of processors and their type, amount of physical memory, the install date of the system, and if its a trial version, the expiration date. General Use psinfo [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] [-h] [-s] [-d] [-c [-t delimiter]] [filter] \\computer Perform the command on the remote computer or computers specified. If you omit the computer name the command runs on the local system, and if you specify a wildcard (\\*), the command runs on all computers in the current domain. @file Run the command on each computer listed in the text file specified. -u Specifies optional user name for login to remote computer. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. -h Show list of installed hotfixes. -s Show list of installed applications. -d Show disk volume information. -c Print …

Continue reading