Real quick and dirty, I wanted to note this Chart of Windows Powershell supported operating systems. If you run into some Server 2008 instances, you will want to enable Powershell in Programs | Add Features of your control panel.
Server 2008 R2 ships with Powershell, but Non-R2 versions look to need having it enabled for support. Be warned, some installers just presume powershell is installed, and will error out when that package is running. Happy Admining. 
There is a 400 GB dump around of the Hacked Team pages where various social network and internal servers were compromised disclosing various international war crimes against human rights, not excluding journalists targets for oppressive government regimes.
Essentially most all of them, despite claims and ‘compliance’ against doing so intentionally.
Recent weeks have been intense with matters such as default Cisco SSH Keys on many devices.
Keep tinkering and exploring. Personally, I have been playing less games and trying more hardware, different operating systems and things. I have been enjoying trying to project our more learning and reading.
I’ll play an inspired game, but I would rather not waste time on click or pay to win style that dominates most recent video game design.
No hate though. Vidya Games for life, just not worth playing most % of it. FTB challenge.
Uninstall Adeobe Flash
Top o the morning (technically about noon). This thread is an outline of life as a Windows Server based admin. Focuses in this thread relate to Active Directory user credentials, system and application services, while also touching on analysis of existing business systems.
Traveling and supporting various systems over the years, one thing that stands out in a windows server topology, is especially how Application and Database servers are configured and secured. I should say ‘secured’ because most often with things like MS SQL Server, you will see those services running as a ‘NETWORK SERVICE’ account, as opposed to being setup with a Service Account. You might ask what a service account is and why would you use it? Allow me to list some reasons for doing so.
Howdy Funtime / BlissPC visitors. Some layout changes and things are in the works and will eventually make it online. Since I have a day job, some of my project time has taken a hit.
The last year especially in the infosec scene has been filled with massive bugs, exploits and data leaks. Keeping up on these things is a job in itself, however I have been doing this for a decade and some change now, so it is pretty natural for me to check out vulnerability articles and disclosures. The scope of this (BlissPC.com) will extend as I fork into new sections, as is also the case with my girlfriend. We’ll have fun disclosing what we come across, while also exploring the Philadelphia security scene and meeting people working in said scene.
Have fun, never stop exploring and be safe + smart about it
Especially helpful on malware detection side, many of the command-line tools in windows, support remote machines too.
While you can use ‘Computer Management’ to connect to a remote console, many commands such as tasklist and taskkill support remote system commands.
tasklist /s 'computername or IP'
Replace the ‘quote text’ with said machine or IP address. If you want to output these to a text file for review and archiving, any command you use will support ‘less than’ > pathing for your results to be dumped into a flat-file.
tasklist /s 'computername or IP' > C:FileName.log
I recommend writing to a sub-directory and not the root of the C: drive, as users without admin privileges will get an error creating the file.
If you are really in a pinch and want to invoke a soft-shutdown of a windows machine, taskkill the svchost.exe processes and one of them will invoke a reboot. This is helpful if you get an error trying to execute the following shutdown command for a remote PC.
shutdown /m 'computername or IP' -r
The -r designates a reboot, while the -m in this case is specifying to do this on a remote PC and not your local PC.
So I did a reinstall and forgot to run MozBackup on my old OS before I wiped it. I did however get a drive backup and copy of my C:Users folder.
Turns out with Mozilla (browsers and email clients) you can copy the contents of the profile folder, into the new one. The folder name should remain the same on the new PC, so copy the contents of the old profile into the new one.
C:Users$Username$AppDataRoamingMoonchild ProductionsPale MoonProfiles$string$.default
This will restore all your history, logged in sessions and likely saved password, if you do the saved password thing.
I found it amusing that a new machine with the folder contents copied over, registered as the same machine. Interesting vector if you are an exploiter or hand lots of system deployments with data migration.
Remember, what is nefarious for one person, can be used to help someone else out.
Replace the Pale Moon path with a relevant Firefox install directory. It will also live in the Roaming portion of your profile AppData folders. Pale Moon is a forked browser based off Firefox.
I have not done much security posts, because honestly is has been non-stop. Back to subject, NSA releases 12 years of documents with verified abuse. Not that such a mousetrap surely did not have abusers of their ‘powers’.
Logging into Google Maps builds more of a complete travel landscape than one might think. After checking this article and logging into the google maps chart, you will see Google Maps and logged in users are certainly tracked.
You can see a day by day chart of your location history with google by logging into said location history page on Google. This has been one of those theories I had for some time, but seeing the charts vividly prove the suspicions is really surreal. It also appears that some triangulation occurs by cellular towers, as I keep my GPS function off most often to preserve battery.
Interesting stuff indeed. Lots of power and money in that tracking data, I am sure. Please give these charts a read, if you doubt the level of tracking in the world today. Because the proof is in the pudding.
Oh hey. One of my theories about IP and attack spoofing being leveraged to make ‘enemies’ appears to be a real thing.. If you also thought it was convenient that attacks from “China” matched up with current global news, then got extra suspicious when “Russia” became a buzzword source of hacking theft claims, to match local and national news… you might be interested in Monstermind. This is a NSA project.
Samba is likely a familiar topic for any Linux users, who interact with Windows environments. Last week or so, it was disclosed that an exploit allowing Root (superuser) access was found in the SMB equivalent, Samba.
Also of note are the newer cars with big old exploit issues. Bluetooth running on the same bus as the steering and brake systems, is kind of a huge issue. Top models to be exploited are:
TOR has been shown to be violated a few solid times now, but also in the last week or so, more info on the tainted endpoints has been covered. Also of note, Blackhat 2014 conference was within the last week or so. As this is where some of these conversations hit the public dialog.
This may be a re-covering of the http://www.wired.com/2014/08/operation_torpedo/]malware that was planted on some Tor nodes to infect users, by that good olde FBI.[/url]