Tech-Wreck Help Area - The Information Technology Sieve

Tech-Wreck Help Area - The Information Technology Sieve News

Security - Hack - Use Backtrack to Bypass Vista Login

Security - Hack - Use Backtrack to Bypass Vista Login - This is quite a unique, innovative, and definitely effective hack! Bascially lets you get access to Vista under the System context without having to break any of the accounts passwords or even add a new account on the system. Pretty nifty!

PS - I believe the same technique can be used on XP by modifying the sethc.exe in Windows/System32 directory.

2008-08-24 06:42

Windows Security - Threats and Countermeasures Guide

Windows Security - Threats and Countermeasures Guide - A MUST HAVE reference if you are analyzing security and hardening settings for Windows XP or Windows 2003 boxes.

2008-08-24 06:25

Network Security Appliance - Untangle - Open Source

Network Security Appliance - Untangle - Open Source Free Network Security Gateway

Live CD - Easy to install, be up and running with a complete network security gateway in less than 20 minutes.

2008-08-23 21:36

Security / Sys Admin - PC Log In Now - Reset Windows Passwords

PC Log In Now - Reset Windows Passwords - Open Source Live CD and works like a charm

2008-08-23 21:30

Security Audits - NIST Test Cases

Nist Test Assurance Cases - Great help when getting ready for test cases for a C&A.

http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

2008-08-23 21:27

Need to update / patch systems without being connected to the internet? Take this free tool for a spin

Autopatcher was the perfect solution to update your Windows operating system while it lasted. You could download all patches to your local computer and execute them there. This made it possible to download patches once and update several computers locally without download the patches several times from Microsoft servers.
Autopatcher has been closed down by Microsoft. There is an alternative, a great one that can be used instead. It is called c’t Offline Updater. It supports Microsoft Windows 2000, Windows XP, windows Server 2003, 64-bit editions of XP and Server 2003 as well as Windows Vista. Besides the operating systems it also supports Office 2000, Office XP, Office 2003 and Office 2007. As you can see from the screenshot below lots of different languages are supported as well.
The user has the option to exclude service packs and to create iso images, either one CD iso for every operating system or Office edition or one DVD iso that contains all the patches. A click on start begins the download process which can take some time. When the download finishes you find the created iso(s) in the /iso subdirectory.
Internet Explorer 7, automatically reboot and recall or show the log file.
A click on start begins the update process. The Offline Update is an excellent way to download all patches for your operating system in one go.

2008-06-15 07:17

Can you spot the "bad" stuff?

Can you spot more “unusual” processes from this output?

(I highlighted a couple in yellow but there are more).

Try to find the keylogger.

When you do a CTRL-ALT-DEL, then choose Task Manager,

then the Processes Tab this is the kind of information

 you can view.

This shows you current running processes on your machine

and the associated user context under which they are running.

Often if you have spyware, Trojans, and other Malware it is

a good place to start looking for “unusual” programs that

are running.  This is not a foolproof way to isolate

malware but often for a majority of the lazy malware

writers you can quickly identify some programs that are

not suppose to be on your system here.

See if you can find more.

One way to investigate this type of data is by

googling the process name or by going to one of many legitimate

process list databases on the web such as

http://www.processid.com/processes.html,

http://www.tasklist.org/,

or http://www.processlibrary.com/,

http://www.liutilities.com/products/wintaskspro/processlibrary/

NOTE: be careful when you are googling an executable

that maybe a malware program (example: the one in the

list below that says PSof1.exe).

Although you will find many legitimate sites

that offer valid information about the program) and what

type of malware it is (like the ones above) malware authors

sometimes put out PHONY information sites about malware.

This is to lure you into their site so they can put

malware on your system.  (ironic isn’t it?)

PROCESSES OUTPUT

Process           PID  User

Idle              0

System            8

SMSS.EXE          188  NT AUTHORITY\SYSTEM

csrss.exe         216  NT AUTHORITY\SYSTEM

WINLOGON.EXE      212  NT AUTHORITY\SYSTEM

services.exe      268  NT AUTHORITY\SYSTEM

LSASS.EXE         280  NT AUTHORITY\SYSTEM

svchost.exe       472  NT AUTHORITY\SYSTEM

SPOOLSV.EXE       492  NT AUTHORITY\SYSTEM

msdtc.exe         540  NT AUTHORITY\SYSTEM

tcpsvcs.exe       640  NT AUTHORITY\SYSTEM

svchost.exe       656  NT AUTHORITY\SYSTEM

llssrv.exe        680  NT AUTHORITY\SYSTEM

regsvc.exe        724  NT AUTHORITY\SYSTEM

mstask.exe        788  NT AUTHORITY\SYSTEM

snmp.exe          892  NT AUTHORITY\SYSTEM

termsrv.exe       960  NT AUTHORITY\SYSTEM

VMwareService.e   1000 NT AUTHORITY\SYSTEM

WinMgmt.exe       1032 NT AUTHORITY\SYSTEM

wins.exe          1048 NT AUTHORITY\SYSTEM

dfssvc.exe        1092 NT AUTHORITY\SYSTEM

dns.exe           1128 NT AUTHORITY\SYSTEM

inetinfo.exe      1152 NT AUTHORITY\SYSTEM

svchost.exe       1432 NT AUTHORITY\SYSTEM

VMwareTray.exe    1488 WIN2KSERV\Administrator

VMwareUser.exe    1444 WIN2KSERV\Administrator

dllhost.exe       772  NT AUTHORITY\SYSTEM

vecmvpjwlfoa.ex   748  WIN2KSERV\Administrator

syncagent.exe     1656 WIN2KSERV\Administrator

PSof1.exe         1832 WIN2KSERV\Administrator

ADDEST~1.EXE      2008 WIN2KSERV\Administrator

explorer.exe      1320 WIN2KSERV\Administrator

rundll32.exe      1880 WIN2KSERV\Administrator

VIRTUA~1.EXE      2100 WIN2KSERV\Administrator

explorer.exe      2000 WIN2KSERV\Administrator

ykczdob.exe       1616 WIN2KSERV\Administrator

accwiz.exe        1864 WIN2KSERV\Administrator

explorer.exe      1528 WIN2KSERV\Administrator

weirdontheweb.e   2068 WIN2KSERV\Administrator

QB.exe            2076 WIN2KSERV\Administrator

bundlep.exe       2572 WIN2KSERV\Administrator

s6kpfah4.exe      2764 WIN2KSERV\Administrator

installer_MARKE   2540 WIN2KSERV\Administrator

helix.exe         1796 WIN2KSERV\Administrator

cxtpls_loader.e   1532 WIN2KSERV\Administrator

cxdxregt.exe      1340 WIN2KSERV\Administrator

wft.exe           364  WIN2KSERV\Administrator

ntvdm.exe         2200 WIN2KSERV\Administrator

cmd.exe           2276 WIN2KSERV\Administrator

pulist.exe        2688 WIN2KSERV\Administrator

  PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND

        8       0       0          8    ?    0 15:24:48 *** unknown ***

      188       0       0        188    ?    0 13:49:56 \SystemRoot\System32\smss.exe

      212       0       0        212    ?    0 13:50:25 \??\C:\WINNT\system32\winlogon.exe

      268       0       0        268    ?    0 13:50:30 C:\WINNT\system32\services.exe

      280       0       0        280    ?    0 13:50:30 C:\WINNT\system32\lsass.exe

      472       0       0        472    ?    0 13:50:40 C:\WINNT\system32\svchost.exe

      492       0       0        492    ?    0 13:50:43 C:\WINNT\system32\spoolsv.exe

      540       0       0        540    ?    0 13:50:47 C:\WINNT\System32\msdtc.exe

      640       0       0        640    ?    0 13:50:50 C:\WINNT\System32\tcpsvcs.exe

      656       0       0        656    ?    0 13:50:50 C:\WINNT\System32\svchost.exe

      680       0       0        680    ?    0 13:50:53 C:\WINNT\System32\llssrv.exe

      724       0       0        724    ?    0 13:50:54 C:\WINNT\system32\regsvc.exe

      788       0       0        788    ?    0 13:50:55 C:\WINNT\system32\MSTask.exe

      892       0       0        892    ?    0 13:50:59 C:\WINNT\System32\snmp.exe

      960       0       0        960    ?    0 13:51:00 C:\WINNT\System32\termsrv.exe

     1000       0       0       1000    ?    0 13:51:01 C:\Program Files\VMware\VMware Tools\VMwareService.exe

     1032       0       0       1032    ?    0 13:51:05 C:\WINNT\System32\WBEM\WinMgmt.exe

     1048       0       0       1048    ?    0 13:51:05 C:\WINNT\System32\wins.exe

     1092       0       0       1092    ?    0 13:51:06 C:\WINNT\system32\Dfssvc.exe

     1128       0       0       1128    ?    0 13:51:06 C:\WINNT\System32\dns.exe

     1152       0       0       1152    ?    0 13:51:06 C:\WINNT\System32\inetsrv\inetinfo.exe

     1432       0       0       1432    ?    0 13:51:31 C:\WINNT\System32\svchost.exe

     1488       0       0       1488    ?    0 13:51:53 C:\Program Files\VMware\VMware Tools\VMwareTray.exe

     1444       0       0       1444    ?    0 13:51:53 C:\Program Files\VMware\VMware Tools\VMwareUser.exe

      748       0       0        748    ?    0 14:06:54 C:\WINNT\vecmvpjwlfoa.exe (def. not good running in root of WINNT)

     1656       0       0       1656    ?    0 14:19:03 C:\Program Files\Sync Manager\agent\syncagent.exe

     1832       0       0       1832    ?    0 14:20:29 C:\WINNT\System32\PSof1.exe (def. not good running in root of System32)

     2008       0       0       2008    ?    0 14:22:03 C:\PROGRA~1\ADDEST~1\ADDEST~1.EXE

     1320       0       0       1320    ?    0 14:22:11 C:\WINNT\Explorer.exe

     1880       0       0       1880    ?    0 14:22:12 C:\WINNT\System32\rundll32.exe

     2100       0       0       2100    ?    0 14:22:25 C:\PROGRA~1\VBouncer\VIRTUA~1.EXE

     2000       0       0       2000    ?    0 14:23:57 C:\WINNT\explorer.exe

     1616       0       0       1616    ?    0 14:24:01 c:\winnt\system32\ykczdob.exe

     1864       0       0       1864    ?    0 14:24:04 C:\WINNT\System32\accwiz.exe

     1528       0       0       1528    ?    0 14:24:15 C:\WINNT\explorer.exe

     2068       0       0       2068    ?    0 14:24:52 C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe

     2076       0       0       2076    ?    0 14:25:15 C:\WINNT\system\lmapejpma.exe

     2572       0       0       2572    ?    0 14:26:48 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bundlep.exe

     2764       0       0       2764    ?    0 14:28:04 C:\WINNT\System32\s6kpfah4.exe

     2540       0       0       2540    ?    0 14:29:08 C:\Documents and Settings\Administrator\installer_MARKETING30.EXE

     1796       0       0       1796    ?    0 14:37:05 D:\helix.exe

     1532       0       0       1532    ?    0 14:38:05 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cxtpls_loader.exe

     1340       0       0       1340    ?    0 14:38:46 c:\winnt\system32\cxdxregt.exe

      364       0       0        364    ?    0 14:40:35 D:\IR\wft\wft.exe

     2200       0       0       2200    ?    0 14:40:39 C:\WINNT\system32\ntvdm.exe

     1448       0       0       1448    ?    0 14:40:46 C:\Program Files\Internet Explorer\iexplore.exe

     2276       0       0       2276    ?    0 14:40:48 D:\IR\wft\cmd.exe

     2688       1    2688       2688  con  400 14:40:54 /cygdrive/d/IR/wft/ps

The last section here is the output from running the netstat command. netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing) that are in various states of connectivity. For example if a state shows it is listening it means it is awaiting a connection on that port, if a state shows established it means there is actual data transfer going on between the parties annotated and the ports shown.

NETSTAT OUTPUT

Active Connections

  Proto  Local Address          Foreign Address        State

  TCP    0.0.0.0:7              0.0.0.0:0              LISTENING

  TCP    0.0.0.0:9              0.0.0.0:0              LISTENING

  TCP    0.0.0.0:13             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:17             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:19             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:42             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:53             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:637            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1002           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1033           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1035           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1037           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1039           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1259           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1264           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:1267           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2204           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2206           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2208           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2209           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2211           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2212           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2216           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2217           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2228           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2230           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2232           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2233           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2235           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:2772           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:3372           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:5205           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:27374          0.0.0.0:0              LISTENING

  TCP    127.0.0.1:445          127.0.0.1:2235         ESTABLISHED

  TCP    127.0.0.1:2235         127.0.0.1:445          ESTABLISHED

  TCP    192.168.100.102:139    0.0.0.0:0              LISTENING

  TCP    192.168.100.102:2772   192.168.100.101:1044   ESTABLISHED

  TCP    192.168.100.102:27374  192.168.100.101:1043   ESTABLISHED(WHY IS THIS VERY, VERY BAD?)

  UDP    0.0.0.0:7              *:*

  UDP    0.0.0.0:9              *:*

  UDP    0.0.0.0:13             *:*

  UDP    0.0.0.0:17             *:*

  UDP    0.0.0.0:19             *:*

  UDP    0.0.0.0:42             *:*

  UDP    0.0.0.0:68             *:*

  UDP    0.0.0.0:135            *:*

  UDP    0.0.0.0:161            *:*

  UDP    0.0.0.0:445            *:*

  UDP    0.0.0.0:1032           *:*

  UDP    0.0.0.0:1034           *:*

  UDP    0.0.0.0:1036           *:*

  UDP    0.0.0.0:1038           *:*

  UDP    0.0.0.0:1645           *:*

  UDP    0.0.0.0:1646           *:*

  UDP    0.0.0.0:1812           *:*

  UDP    0.0.0.0:1813           *:*

  UDP    0.0.0.0:3456           *:*

  UDP    127.0.0.1:53           *:*

  UDP    127.0.0.1:1029         *:*

  UDP    127.0.0.1:1030         *:*

  UDP    127.0.0.1:1031         *:*

  UDP    127.0.0.1:1141         *:*

  UDP    127.0.0.1:1487         *:*

  UDP    127.0.0.1:1503         *:*

  UDP    127.0.0.1:2096         *:*

  UDP    127.0.0.1:2101         *:*

  UDP    127.0.0.1:2111         *:*

  UDP    127.0.0.1:2214         *:*

  UDP    192.168.100.102:53     *:*

  UDP    192.168.100.102:67     *:*

  UDP    192.168.100.102:68     *:*

  UDP    192.168.100.102:137    *:*

  UDP    192.168.100.102:138    *:*

  UDP    192.168.100.102:500    *:*

  UDP    192.168.100.102:2535   *:*

2008-06-14 14:31

Remove Hidden Data Tool

Proprietary and sometimes sensitive information is often stored in documents, embedded in comments, and resides in markup unknown to the user. When you send a finalized version of a document to someone, unless you have sanitized it completely, they can easily go back and view all the markup, comments, revisions, etc. Depending on the markups and the revisions in the document this could sometimes lead to information being available to the recipient of the document which you did not intend. Luckily there is a solution for Microsoft Word documents. Microsoft has a free add-in tool that integrates into MS Office that allows you to save a finalized and sanitized version of your document once you are ready to send it. This is called the Remove Hidden Data Tool.

With this add-in you can permanently remove hidden data and collaboration data, such as change tracking and comments, from Microsoft Word, Microsoft Excel, and Microsoft PowerPoint files.

http://www.microsoft.com/downloads/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360&displaylang=en

Download, install, and restart MS Office and when you now go to select Save from the File menu you will see another option that allows you to remove all hidden data from the document so you can create a clean finalized version.

2008-06-14 14:23

Cert VTE Security Labs

If anyone is interested in learning more about security from a more technical aspect please check out the CERT VTE Security Labs. These labs cover everything from vulnerability assessments, system hardening, TCP/IP security, Forensics, Linux, and much more. These are not “general” security articles but step by step technical labs in a virtualized environment all accessible with just your browser that show you how to implement some of the most prevalent and widely used security tools and techniques. If you are interested in actually doing the CERT VTE labs please follow the link below and sign up for a 30 day free trial.

https://www.vte.cert.org/vteweb/Library/Library.aspx

Here is a listing of the security centric virtual labs available. Additionally the rest of the material on this site is free to the general public without any kind of trial membership. The 30 day free access would give you access to the following “hands on” virtual labs. Access to the labs also includes step by step lab manuals in pdf format. These alone are worth getting a free trial for to download and keep as reference or to use in constructing your own lab environment with virtualization technology such as Vmware or Virtual PC.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Building_a_Microsoft_PKI_v1_0

Identifying_MAC_and_IP_Address_Spoofing_Attacks_with_ARPWatch_v1_0

Install_and_Configure_a_Spam_and_Virus_Filtering_Mail_Relay_v1_0

Install_and_Configure_Snort_with_ACID_on_Linux_v1_0

Linux_Host_System_Hardening_v1_0

Multiplatform_Network_Traffic_Encryption_with_IPSec_v1_0

Network_Monitoring_with_Nagios_1

Network_Traffic_Monitoring_with_NTop_v1_0

Network_Vulnerability_Assessment_with_Retina_v1_0

Network_Vulnerability_Scanning_v1_0

Packet_Sniffing_with_Etheral_and_TCPdimp_v1_0

Secure_Outlook_Web_Access_1

Security_Auditing_and_Attack_Prevention_v1_0

TransitioningToAnIPv6Network_v1_0

VTELab10_SecuringInternetInformationServeron0Windows_2000

VTELab3_EnforcingWindows2000SecuritywithGroupPolicyandSecurityTemplates

VTE_5

VTE_Heterogeneous_Backup_with_Secure_Archival_FINAL_1

VTE_Lab13_SecuringWindowsFileSharing

VTE_Lab18_EncryptingEmailandFileswithGnuPGEnigmailAndWindowsPrivacyTray

VTE_Lab19_InstallingAndSecuringTheApacheWebServerOnLinux

VTE_Lab23_MultiPlatformNetworkTimeSynchronization

VTE_Lab24_CentralizedSystemLoggingForWindowsAndLinux

VTE_Lab28_DetectingRogueDHCPServersWithTCPDump

VTE_Lab29_ForensicCollectionAndAnalysisOfVolatiledata

VTE_Lab30_ForensicCollectionAndAnalysisOfPersistentdata

VTE_Lab32_Analyzing_Log_Files_with_Microsoft_Log_Parser

VTE_Lab34_Viewing_and_Filtering_Evidence_with_FTK

VTE_Lab35_Filesystem_Searching_with_FTK

VTE_Lab36_Managing_evidence_with_FTK

VTE_Lab38_Capturing_a_Running_Process

VTE_Lab39_Data_Carving_With_dd

VTE_Lab40_Splitting_Image_Files_With_dd

VTE_Lab46_Registry_Collection_and_Analysis_with_OnLineDFS

VTE_Lab48_Capturing_a_Volatile_Snapshot

VTE_Lab9_InstallingAndSecuringWebminWithSSL

VTE_Lab_11_File_Integrity_Monitoring_on_Windows_and_Linux

VTE_Lab_5_Hardening_Microsoft_SQL_Server_2000

VTE_Lab_8_Vulnerability_Assessment_with_Nessus

Vulnerability_Remediation_with_Citadel_Hercules_4[1].1_v1_0

W2K3_Hardening_3

WebApplicationVulnerabilityAssessment_v1_0

WindowsServerUpdateServices_v1_0

Windows_2000_Host_System_Hardening_v1_0

Windows_Firewalls_v1_0

Windows_Vista_Domain_Security_FINAL

2008-06-14 14:22

Free Personal Security software you SHOULD be running at home

This is a great article outlining 10 really good security products you should be using in order to protect your home pc and network. Aside from the 10 included in this list I also HIGHLY recommend the following:

KeyScrambler Personal 2.0: the anti-key logging program protects all parts of the browser and encrypts everything you type into a web page—logins, account numbers, addresses, and email messages. Absolutely Free.

http://www.qfxsoftware.com/Download.htm

It is an anti-key logger that works by encrypting the key stroke data at the driver level, prior to it even being able to be intercepted by any web form. It requires no user interaction once installed and simply encrypts your keystrokes whenever you fill in any form data on a web page. I have been using it for quite sometime along with the majority of the other programs mentioned in the article.

Again the reason I send out security information related to personal systems is because security incident analysis often indicates that many of the newer attack vectors are from personnel inadvertently not practicing secure computing at home. This can then, and research has shown, often spill over into the enterprise via various ingress routes.

2008-06-14 14:21

Security / Windows Scripting - Find Local Admin Group even if Renamed Through the use of WMIC

Security / Windows Scripting - Find Local Admin Group even if Renamed Through the use of WMIC - From an article on windowsnetworking.com

Using WMIC Interactively

For example, let’s say the built-in Administrators local group and Administrator local user account haven’t been renamed on the system. If this is the case, you can use WMIC interactively to display a list of all members of the built-in Administrators local group by opening a command prompt and typing the following command:

C:\Documents and Settings\myself>wmic path win32_groupuser where (groupcomponent="win32_group.name=\"administrators\",domain=\"%computername%\"")

GroupComponent PartComponent

win32_group.domain="XP191",name="administrators" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="Administrator"

win32_group.domain="XP191",name="administrators" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="sjones"

win32_group.domain="XP191",name="administrators" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="gsmith"

win32_group.domain="XP191",name="administrators" \\XP191\root\cimv2:Win32_Group.Domain="TEST",Name="Domain Admins"

Looking at the second column, we can see that the Administrators local group on this machine has three user accounts belonging to it: Administrator, sjones and gsmith. In addition, the Domain Admins global group is a member of the Administrators local group on this system.

Now what if the built-in Administrators local group on the system has been renamed? Running the above command now gives the following result:

C:\Documents and Settings\myself>wmic path win32_groupuser where (groupcomponent="win32_group.name=\"administrators\",domain=\"%computername%\"")No Instance(s) Available.

Why did the command fail? Obviously because the name of the group being queried for is hard-coded into the command. But if the built-in Administrators local group has been renamed, how can we determine its new name? The simple answer is that whatever this group may have been renamed to, it’s still the same old group under the hood. In other words, it’s security identifier (SID) hasn’t changed and must still be S-1-5-32-544 (see KB 243330 for a list of well-known SIDs).

So how can we determine what the name of a group is if we know it’s SID? Well, we can use WMIC again, like this:

C:\Documents and Settings\myself>wmic group where (sid = "S-1-5-32-544" and localaccount = true) get nameName
JustAnotherGroup

Aha! The built-in Administrators group on this system has been renamed to JustAnotherGroup! A very clever and yet ultimately futile attempt at security through obscurity, no? Heh!

Anyway, now that we know the name of this group, we can use WMIC to query for its members:

C:\Documents and Settings\myself>wmic path win32_groupuser where (groupcomponent="win32_group.name=\"justanothergroup\",domain=\"%computername%\"")

GroupComponent PartComponent

win32_group.domain="XP191",name="justanothergroup" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="JustAnotherUser"

win32_group.domain="XP191",name="justanothergroup" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="sjones"

win32_group.domain="XP191",name="justanothergroup" \\XP191\root\cimv2:Win32_UserAccount.Domain="XP191",Name="gsmith"

win32_group.domain="XP191",name="justanothergroup" \\XP191\root\cimv2:Win32_Group.Domain="TEST",Name="Domain Admins"

And we can see from the command output that there are three local admins on this machine: sjones, gsmith, and JustAnotherUser. And of course the Domain Admins global group is a member of JustAnotherGroup as well.

2008-02-13 11:03

System Administration (Imaging) - Clonezilla

A bit off the main vibe of my blog but seems like a cool tool nonetheless. Clonezilla claims it can do for you what Symatnec Ghost Corporate can do for you but faster and for FREE!

Read more about it at secguru.com and go take it for a spin.

http://www.secguru.com/link/clonezilla_opensource_clone_system

2008-02-07 06:26

Security / Sniffer - NetworkMiner

From Sourceforge.

A passive network sniffer/packet capturing tool for Windows with a great user interface. It can detect OS's, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.

Have not tried yet but I believe it can be thown onto a thumbdrive for the ultimate in portable sniffing.

2008-02-01 11:12

Linux Live Security Distro - Protech (Ubuntu Based Security Distro)

New Linux security distro with Ubuntu based. Have not yet had a chance to try but from reading a couple blogs sounds worth the download and ISO burn.

2008-01-16 04:47

Windows Permissions/ACL's - StationX: Windows Permission Identifier

This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine.

2008-01-15 10:36

Wi-Fi Security - iPIG - Secure yourself at Wi-Fi Hotspots

Using powerful 256-bit AES encryption technology, the iOpus Private Internet Gateway (iPIG) creates a secure "tunnel" that protects your inbound and outbound communications (Email, Web, IM, VOIP, calls, FTP, etc.) at any Wi-Fi hotspot or wired network

2008-01-15 09:47

Safe Surfing - Why you should use OpenDNS

I have blogged about this before but worth another iteration since this article explains it much better. ScrubIT also offers the same type of service.

2008-01-10 06:50

Wireless - Poor Man's Vista Netstumbler

Very cool, works great!

2008-01-09 10:57

Forensics - MetaData Extraction Tools

Metadata Extraction Tool http://meta-extractor.sourceforge.net/

The Revisionist http://www.darknet.org.uk/2008/01/the-revisionist-metadata-retrieval-tool/

Metagoofil - http://www.edge-security.com/metagoofil.php

3 VERY good reasons you should be using Microsofts Remove Hidden Data Tool.

http://www.microsoft.com/downloads/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360&displaylang=en

2008-01-09 09:42

Linux Distros - Linux Distros Links

Live Linux Distros - Frozentech Live CD List

All Linux Distros - Reviews, links to downloads, latest releases, etc. Distrowatch.com

2007-12-27 17:02

Security and System Utilities - Small Tools, Big Power, All FREE

Security and System Utilities - Small Tools, Big Power (All FREE). From Forensics, System Security, System Utilties, and System Information these sites have tons of free VERY SMALL programs that can come in handy. Perhaps these can fit nicely on a USB drive and allow you to do some investigative work.........mmmmmmmm.

NirSoft

SysInternals

Foundstone

2007-12-26 06:49

Privacy - EPIC Online Guide To Privacy Tools

Privacy - EPIC Online Guide To Privacy Tools - HUGE list of software, solutions, guides, and links for online privacy. Everything from encryption tools, anonymous proxies, secure deletion, VPN technologies, secure email, instant messaging encryption, and much, much more! This is a must have bookmark if you want quick accesss to privacy related tools.

2007-12-19 06:56

Pen Testing - Cool New Releases

Backtrack V3 is in Beta - go here to read about it and get it.

Nmap has a new verision out with a very cool and useful new frontend that makes doing scans even easier than before. Go here to get it.

2007-12-15 18:02

Security Software - Comodo Security Software

Security Software - Comodo Security Software - Let Comodo take care of all your security needs for FREE! Check out the article from security-database that sums up all the free offerings Comodo has then go download the software!

I do not know about their other offerings but I have tested out their firewall software and I have to say it is VERY impressive. Not only does it work extremely well but it is HIGHLY configureable with a great interface. It impressed me so much I actually pulled ZoneAlarm off a couple of my PC's and let Comdo take over as my main software Firewall.

2007-11-30 21:25

Netstat Commands - Useful Netstat Commands for Security

Netstat Commands - Useful Netstat Commands for Security - This short article has some very useful netstat commands with security implications.

2007-11-20 18:00

Auditing Tools - Nipper - Network Device Auditing Tool

Auditing Tools - Nipper - Network Device Auditing Tool - From Sourceforge: Nipper processes network device configuration files, performs a security audit and outputs a security report with recommendations and a configuration report. Nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices.

2007-11-14 05:17

Penetration Testing Tools - Inguma Free Pentesting Toolkit

Penetration Testing Tools - Inguma - From Sourceforge - Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

Read the darknet.org article about it here.

2007-11-14 05:08

Wireless Security - WiFiZOO

Wireless Security - WiFiZOO - Mentioned before but worth a repeat.

WifiZoo is a tool to gather wifi information passively. Similar to dsniff but for wireless work, the author wanted to do something wifi-related somewhat helpful in wifi pentesting. Something of an extension of Ferret from Errata. (From Darknet.org)

2007-11-13 16:48

MS Office Security - 2007 Microsoft Office Security Guide

The 2007 Microsoft Office Security Guide provides IT professionals with best practices and automated tools to help strengthen the security of computers that run either Windows Vista™ or Windows® XP SP2 and the following applications:

•	Microsoft Office Access™ 2007
•	Microsoft Office Excel® 2007
•	Microsoft Office InfoPath® 2007
•	Microsoft Office Outlook® 2007
•	Microsoft Office PowerPoint®2007
•	Microsoft Office Word 2007

Microsoft has also released GPOAccelerator, a tool that automatically creates the Group Policy objects for deploying the security settings for the latest version of Office applications -- Access, Excel, InfoPath, Outlook, PowerPoint, and Word -- as well as for Windows XP and Vista. (From Darkreading.com)

2007-11-13 16:45

Information Technology FREE Training - CERT Virtual Training Environment (VTE)

I have posted this before but definitely feels its worth reposting every once in awhile to the top so people find out about it. This is a GREAT resource that is for the most part totally free. Interactive training, presentations, PDF's, demos, and much more on a long list of Information Technology and Information Security topics. Do yourself a favor and go check out some of the stuff at this site. If you are prepping for some certifications you DEFINITELY have to go here and go through the site to see what topics may help you.

2007-10-29 07:58

Scripting/Tricks - Cool netsh commands

A couple cool netsh tricks. One is a poormans wireless broadcast monitor and the other is for doing network troubleshooting.

1. netsh wlan show networks mode=bssid

2. netsh diag gui

2007-10-11 10:30

FTP Security - Secure FTP , A How To

FTP Security - Secure FTP , A How To - Great little article showing you it is fairly easy to setup your own secure FTP services with a couple freeware apps and some self generated keys.

2007-10-08 10:06

IT Tips - Apps/Programs to use for S/M Business that are totally free!

Tips - Apps/Programs to use for S/M Business that are totally free!

Here is a list of programs/applications that I reccommend to small and medium sized businesses that are cost effective (FREE!) and can help in their IT infrastructure.

Program Purpose

1. OpenOffice Free Microsoft Office compatible Office Productivity Suite

2. TrueCrypt Free Encryption Program for File/Folder/and or Drive Encryption

3. SSLExplorer Free SSL VPN Server Program

4. VMWARE Server Free Virtualization Product

5. Eraser Free Data Deletion Program

6. Nessus & Nmap Free Vulnerability Scanner and Free Port Scanner

7. ClamWin Free Anti-Virus Program

8. Apache2Triad Free Windows Apache, Python, Perl, MySql Server Bundle

9. 7-zip Free Compression Utility

10. WinSCP Secure Copy / SSH Utility

11. Ubuntu Free Linux Operating System / Easy to use and Install

12. OpenDNS Free DNS Service

13. TightVNC Remote Desktop Tool

14. SpiceWorks Free Network Inventory Software

15. SIW Free Systme Information Program

16. Synergy Free Multiple Computer Monitor/Keyboard/Mouse Sharing

17. SQL-Ledger Finance/Accounting Server/ERP System

18. GNUCash Open Source Finance/Accounting Software

19. ShowmyPC Remote Admin Support

More to come later......................

2007-09-27 17:05

Wireless Security - OSWA Live CD - Organizational Systems Wireless Auditor

Free Linux Live CD with a focus on Wirless Auditing.

2007-09-26 19:02

Security - Free Security / Hardening / Standardization Tools & Guides

Tools

1. MBSA (Microsoft Baseline Security Analyzer)

2. Windows Security Analyzer

3. CIS Benchmark Tool (Center For Internet Security Benchmark Tools)

4. SCAP (Security Content Automation Program)

5. Bastille Linux

6. DoD General Purpose STIG, Checklist, and Tool Compilation CD (aka, SRR Lite CD)

7. Disa SSR's includes Scanning only GoldDisk

8. System Security Analyzer (SSA)

9. TIGER - The Unix Security Audit and Intrustion Detection Tool

10. Proactive Security Auditor - http://www.elcomsoft.com/psa.html

Guides

****Guide To NIST Information Security Documents******

Security Technical Implementation Security Guides (STIGS)

NIST Special Publications

NSA Security Configuration Guides (SNAC)

FIPS (Federal Information Processing Standards)

Center For Internet Security Standards

SOMAP - Security Officers Management and Analysis Project

Windows Vista Security Guide

Windows XP Security Guide

Windows XP Predefined Security Templates

Windows Server 2003 Security Guide

Security and Compliance Solutions Guidance (From Microsoft)

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP

NIST Special Publications

AuSCERT - Unix & Linux Security Checklist

2007-09-25 12:13

Pentesting - Toolsets/Programs links

http://www.darknet.org.uk/category/hacking-tools/

http://www.security-database.com/toolswatch/

http://www.cqure.net/wp/

http://www.securiteam.com/tools/archive.html

2007-09-25 06:56

Network Management / Inventory - Spiceworks 1.7

Network Management / Inventory - Spiceworks 1.7 - Does FREE get much better than this? If you are an admin of a small to medium sized network then DEFINITELY give this a spin. Kind of makes me wish I was a sysadmin again.

http://www.spiceworks.com/

2007-09-17 09:51

Child Internet Safety - Use Public DNS Filtering Services

Child Internet Safety - Use Public DNS Filtering Services - Want to lock down a PC from browsing undesireable sites without installing software or maintaining a list? Well then use one of several Public DNS services and let them do the work for you. Just pick one of the services below, configure your Internet connection to use their DNS IP's and let them do the work for you. If you want to apply it to your entire LAN then just plug the DNS settings into your central ROUTER.

ScrubIT.com

OpenDNS.com

2007-09-16 07:19

Child Internet Safety - CNET'S Keeping your Family Safe Online Resource Center

Child Internet Safety - CNET'S Keeping your Family Safe Online Resource Center - A really useful inoformative site with tips, links, programs, and reference material to keep your family safe on the Internet.

2007-09-16 07:10

Security / Encryption - SecureZIP - Compression and Encryption Combined!

Security / Encryption - SecureZIP - Compression and Encryption Combined! - Free program from the makers of PKZIP. Compress and encrypt files, folders, and much more. Also has MS Outlook integration to help encrypt and secure your email.

2007-09-16 07:07

Security / VoIP - How to Encrypt Your VoIP

Security / VoIP - How to Encrypt Your VoIP - Short, quick article with some good tips and pointers.

2007-09-16 07:04

Remote PC Help - Showmypc.com

Remote PC Help - Showmypc.com - Same concept as CrossLoop but uses SSH to increase security. Remote screen sharing has never been easier. No excuse not to fix Grandma's PC now.

2007-09-16 06:55

Security / Search Engine Hacking - Search Engine Security Auditing

2007-09-14 11:07

Security / Certification - CISSP Security Bookmarks

Security / Certification - CISSP Security Bookmarks - Great list of links to help individuals study for the CISSP examination. Practice tests, study aides, articles galore!

2007-09-14 05:55

Security - 6 Hot Security Products

2007-09-14 05:44

Security / Sites - Rational Security Blog

Security / Sites - Rational Security Blog - Great site with useful information on InfoSec topics with a recent focus on security issues surrounding Virtualization.

2007-09-13 09:50

Security / Databases - Hacking Hardened Oracle Databases

Security / Databases - Hacking Hardened Oracle Databases - Good article / presentation that shows you attack vectors for a hardened Oracle installation.

2007-09-13 06:08

Forensics - Online Forensics of a Win32 System

Forensics - Online Forensics of a Win32 System - Good article with some good tips.

Real Digital Forensics: Live Incident Response - Windows

2007-09-12 09:59

Security / Virtualization Issues - Virtualization Security Issues

Security / Virtualization Issues - Virtualization Security Issues - Many good articles here on security issues pertaining to virtualized machines and environments.

Great PDF/PowerPoint presentation here.

Another article on VM Security from Dark Reading and another here.

The Center for Internet Security Benchmark for securing Virtual Machines can be obtained here.

2007-09-12 05:07

Security / Policy - Information Security Policy Template Aligned with ISO17799

Great template here from the extremely helpful blogger at http://rationalsecurity.typepad.com/blog/

2007-09-12 04:57

Security - The 8 Most Dangerous Consumer Technologies

Security - The 8 Most Dangerous Consumer Technologies - Have these found a way into yoru enterprise?

2007-09-11 09:51

Security Tools - iSEC Partners Free Security Tools

Security Tools - iSEC Partners Free Security Tools - Have not tried them all but looks like a nice set of free security tools.

2007-09-11 07:36

VoIP Security - SIP Vicious Tools for Auditing SIP

VoIP Security - SIP Vicious Tools for Auditing SIP - Dragos Lungu's Security Tools and Tips has a quick article on the SIP Vicious Toolset project used to audit SIP.

2007-09-11 07:30

Wireless Security - Sidejacking with Hamster

Wireless Security - Sidejacking with Hamster - Point and click MiTM cookie and session hijacking. Interesting articles and tools.

2007-09-11 07:27

Patching - AutoPatcher is Dead for Now! Sad day indeed....

Patching - AutoPatcher is Dead for Now! Sad day indeed.... - Autopatcher. The great site and utility that has aided so many of us sys admins over the years was basically given a cease and desist order from Microsoft. What a shame........Slashdot article on it here.

Possible alternative here? I ain't saying :-P

2007-08-31 08:17

Security Training - Free - CERT's Virtual Training Environment (VTE)

Security Training - Free - CERT's Virtual Training Environment (VTE) - A really nice resource that has free online classes, presentations, and much more covering many topics that are integral to security.

2007-08-29 15:48

Forensics - Dig into XP's User Assist to Dig out information!

Forensics - Dig into XP's User Assist to Dig out information! - Very interesting article that describes how to extract crucial forensic information that may be helpful from a little known XP application. PS - I tried it and it works like a charm.

2007-08-29 15:45

Security Tools - Netcat for the Masses

Security Tools - Netcat for the Masses - Great tutorial on how to use Netcat with examples.

2007-08-01 07:46

Web Application Security - Web Application Cheat Sheet from SecGuru

Application Security - Web Application Cheat Sheet from SecGuru

2007-08-01 07:42

Computer Security Videos - Security-Freak.net

Computer Security Videos - Security-Freak.net - Cool short videos showing usage of some common tools and concepts in computer/network security.

2007-08-01 05:54

Wi-Fi Vulnerability Scanner - WiFiDEnum

2007-07-27 10:33

Security Threats - Beyond, or (behind?) the perimeter, often the real threat.

Security Threats - Beyond, or (behind?) the perimeter, often the real threat. A quick article hitting on some of they key, but often missed aspects of security.

2007-07-27 05:26

Cryptography - Gdataonline - Online MD5 Hash Database

Cryptography - Gdataonline - MD5 Hash Database

2007-07-27 05:12

Security Tools - Sites that keep a watch on the latest security tools.

http://www.dragoslungu.com/

http://www.security-database.com/toolswatch/

2007-07-27 05:08

Security Logs - Windows Security Log Encylopedia

Security Logs - Windows Security Log Encylopedia - Recently I have had to do some analysis on security logs and research alot of event ID's. This was one of the better resources that aided me.

2007-07-26 05:10

IIS Security - Securing your Webserver From Prying Eyes

IIS Security - Securing your Webserver From Prying Eyes - Good tips in this article on how to tighten up your IIS security.

2007-07-25 10:17

Patching / Updates - Secunia Personal Software Inspector

Secunia Personal Software Inspector - Free tool to see if your applications are up to date. Just another tool to add for layered security.

The Secunia PSI detects installed software and categorises your software as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

2007-07-25 10:06

Security / Firewalls - The hole trick - How P2P can bypass your firewall.

2007-07-20 05:27

Wireless Security - A more secure home Wi-Fi Design

Wireless Security - A more secure home Wi-Fi Design - Great article with some really sound, easy to implement tips that will bolster your Wi-Fi security.

2007-07-19 08:22

Cool Tools - Updated Nmap and Sancat Web/Web App Scanner Free Edition

Cool Tools - Updated Nmap and Sandcat Free Edition -

Nmap - updated with several new scanning features.

Sandcat - Web application vulnerability scanner. Free edition lets you scan away and gives you results you just cant produce reports. Really nice interface, intuitive, and extremely easy to use.

2007-07-18 18:48

Data Auditing Protection (DAP) vs. Data Leakage Protection (DLP)

Data Leak Prevention Tools

7 Requirements of Data Loss Prevention

2007-07-18 18:22

Exploits - Exploit Archives

http://www.secwatch.org/exploits/

http://www.securiteam.com/exploits/

2007-07-10 17:05

AntiForensics - How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab

AntiForensics - How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab - Interesting article with good references to modern computer antiforensics programs.

2007-07-10 17:00

PenTesting - VoIP Security Tools

2007-07-03 06:45

Pentesting - Wireless Penetration Testing Framework

2007-06-18 13:09

Firewall - Zone Alarm for Windows Vista Released - FINALLY!

2007-06-18 06:54

Web Content Filtering - Block out Porn and Tasteless Sites for free without Installing Software

2007-06-18 06:51

Security Tools - Pen Testing / Vuln Assessment Security Tools Watch

Security Tools - Pen Testing / Vuln Assessment Security Tools Watch - Keeps up and links to the current tools being produced and updated

2007-06-18 06:13

Windows Updates - DIY Windows Offline Updater Script

Windows Updates - DIY Windows Offline Updater Script - This free program/script downloads ALL of the MS updates you need for either 2000/XP/2003 and then creates an ISO image of them for you to burn all in one fell swoop. The script uses WGET to retrieve and compile all the servicepacks and updates and then creates and ISO out of them. AWESOME!! If you want to get all the updates for your OS WITHOUT going to MS update site to get them via Windows Update then this is for you.

2007-06-17 09:06

Linux Networking - Linux Network Administration Tutorial

Great resource with lots of examples on all aspects of Linux Networking.

2007-05-31 06:23

Security - 10 Ways To Protect Your Home Network

Security - 10 Ways To Protect Your Home Network - From Daily Cup Of Tech (A great IT BLOG!) comes a really nice article that not only tells you how to do it but points you to free software solutions to help you do it!

2007-04-27 19:05

iPod Fun - iPodifier - Too Cool!

iPod Fun - iPodifier - Too Cool! -From Lifehacker.com

Windows only: Freeware application iPodifier monitors user-defined folders for videos, automatically transcodes them to an iPod-compatible format, adds them to iTunes, and then syncs them with your iPod

2007-04-27 17:54

Security - Why you need to either get a secure Browser or secure the one you have!

2007-04-24 17:02

Penetration Testing - Updated PenTest Framework 0.24

2007-04-23 18:01

InfoSec Events - InfoSec Google Calendar

2007-04-23 17:58

Security - Web 2.0 meet Information Gathering 2.0

Security - Web 2.0 meet Information Gathering 2.0 "Paterva Evolution" - Bringing passive reconnaissance and information gathering to the masses.

2007-04-23 17:56

Quick Reference Cards - Many Technology Quick Reference Cards

Quick Reference Cards - Many Technology Quick Reference Cards - Covering windows, linux, security, programming, and much more......download, print, and keep handy!

2007-04-23 11:38

I Want a Freeware Utility To................

Go here. This guy has just about every "I want to" covered for FREE with these open source, shareware, and GPL programs.

2007-04-19 07:33

Security - Learn to read WireShark (Ethereal) Packet Captures

Security - Learn to read WireShark (Ethereal) Packet Captures -

With this repository of sample packet captures that describe the activity.

2007-04-19 07:18

Forensics - Live View

From the website:

Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.

Have not had a chance to test this one yet but from reading the tech boards it sounds like it works extremely well. Could come in handy for those of you who need to perform some type of forensic analysis on computers.

2007-04-19 07:07

IA Security Policies - Need to make some IA Security Policies? Start here......

Sans Security Policy Project - Templates, Guides, Articles to get you up and running and in the right direction.

2007-04-17 16:57

Ports - Look up information on a specific port - Port Authority Database

Just enter the port number to get detailed information about the port and services associated with it.

2007-04-17 09:33

Protocols - Protocols.com

Protocols - Protocols.com - Everything you wanted to know about protocols but were afraid to ask.

From the site:

Protocols.com offers a comprehensive listing of data communications protocols, their functions in respect to the OSI model, the structure of the protocol and various errors and parameters.

2007-04-17 09:28

My Picks! - Keep your PC Safe and from Needing Repair with these FREE programs.

My personal picks for PC programs that I feel are proven and work extremely well! Most of these, or some varition of them should be on your pc if you want your pc to last and not need repair anytime soon. All are FREE (now if I could only find beer like that). Most of these you can get from the GREAT site www.majorgeeks.com

PS - I am in NO way affiliated with any of these programs they are just programs that I have found that I have used NUMEROUS times in order to repair peoples PC's and keep them optimized and safe.

1. Anti-virus - Anti-vir or AVG

2. Firewall - ZoneAlarm or Comodo

3. Anti Spyware (Real-time protection) - Spyware Blaster, MS Defender, SpywareGuard, PC-Clean

4. Spyware Cleaners - Ad-Aware, Spybot Search & Destroy

5. Trojan Removers - Trojan Remover

6. Virus Removal Tools (For the REALLY stuborn Virus!) - McAfee Avert Stinger,

Navigation

TOP 10

The five questions posted most recently:

Tech-Wreck Help Area - The Information Technology Sieve News

Using WMIC Interactively

This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine.