Diagnosing your network? Here’s a GUI program to ping and get averages and speeds over a period of time – nine years ago we featured Performance Pinging by Carsten Schmidt and cannot find a working website from the author to download this program. Fortunately, SnapFiles has the program available.
The program is an excellent portable utility that measures ping and transfer speeds on your network.
Microsoft did recommend to disable short names in a security guide some times back. There is evidence that file operations in directories (folders) that contain a large number of file can be slowed by short file name creations. So does it improve performance? The short answer – Yes.
Now should you disable short names? This answer is going to be on a case by case basis. Some questions to ask yourself –
Below is a pic showing the improvement by disabling and stripping
Image: Blog Technet Microsoft
Here’s what you need to do –
Example:
References:
You’ve discovered hundreds or even thousands of default_error_stack files. What should you do and what are they?
These files tend to be driver errors and can be safely deleted. There were over 2.3 GB of these data files on my personal computer.
Having connection issues and no viruses or malware? Hardware OK?
Try typing the following at a command prompt to fully reset the TCP/IP Stack-
netsh winsock reset
netsh int ip reset
netsh interface ipv4 reset
netsh interface ipv6 reset
netsh interface tcp reset
netsh int reset all
ipconfig /flushdns
nbtstat -R
nbtstat -RR
netsh interface tcp set global autotuninglevel=disabled
netsh advfirewall reset
You can also use PowerShell (as an administrator) and type –
Get-NetAdapter | Restart-NetAdapter
If you need system information about your BIOS, Motherboard and more, open PowerShell as an Administrator and past the following into PowerShell –
Get-WMIObject -Class Win32_ComputerSystem
Get-WMIObject -Class Win32_BIOS
Get-WMIObject -Class Win32_Baseboard
Get-WMIObject -Class Win32_Processor
Get-WMIObject -Class Win32_LogicalDisk
Get-WMIObject -Class Win32_DiskDrive
Get-WMIObject -Class Win32_PhysicalMemory
Get-WMIObject -Class Win32_NetworkAdapter
Get-WMIObject -Class Win32_NetworkAdapterConfiguration
Disclaimer: You must own or have permission to run Ncrack on any network or device. This post is used for educational purposes.
IT admin personnel can test different devices and their setups with ncrack. If devices are set up in a network, services such as SSH, FTP, HTTP, SNMP or others can inadvertently be left on with simplex or default passwords. Many printers and other devices have these default services left on. Some devices such as IoT may have hard coded usernames and passwords.
Ncrack for Linux, Mac or Windows can be found here
If you install Ncrack, you can use common username and password list that come with ncrack. Other lists can be found here. You can use Notepad++ to add usernames or passwords to the lists.
To run Ncrack, you must use (in this case Windows) a command prompt.
Change into the directory that contains Ncrack. In the example below, we have moved the user files and password files into the same folder as the executable.
Below -Ncrack was installed and then moved to the root of c:
The password and user lists were selected and cut.
The password and user lists were then moved (pasted) in the Ncrack folder.
Below is an example of the user file. Remember you can add usernames to the list. You can do the same for the password lists.
To test a router (one that we own), we ran –
ncrack -vv -U minimal.usr -P default.pwd 192.168.1.1:23 (the 23 represents telnet’s port number)
Below you will see the username and password for telnet.
Running ncrack again with port 80 we can see below, two usernames and passwords are given. One for root and one for admin.
Reusing the credentials below show control of a (lab based) router.
How do you protect against this?
Years ago we found GeGeek.com (Credit goes to Rick over at What’s on My PC) and realized that the website and Toolkit was an unreal resource and treasure for young IT Professionals.
Recently we struck a conversation with Jason of GeGeek and asked several questions about this amazing resource. The toolkit, software and website have gotten an overhaul over the years and it continues to be the best resource on the web for enthusiast and professionals. (See our evaluation of the software)
Here’s what Jason has to say –
First and foremost I am not the original developer of GeGeek that was Mike. Mike actually retired from living in the USA and moved to ASIA, GeGeek was to be buried. When I came along I started helping Mike with the website which was completely different and once I took over I started migrating to a new server and updating a lot of the content from the old schema to the new.
The toolkit itself needed a massive overhaul since a lot of the software that was originally with it was either outdated or even contained crapware that the developers didn’t care. So the introduction to shift out a ton of software and bring the toolkit into a later stage with new content.
The other downside was the toolkit was originally distributed with everything included, so every 2 weeks a 1.7gb file was uploaded, not only did this cause havoc on the server but people often complained about the file being corrupted. It was at this time when Mike left that I thought that the toolkit needed a change, I can’t upload 1.7gb, internet in Australia wouldn’t cope lol, so I stripped out the contents then started again, it still wasn’t enough. I’ve stripped back the toolkit now 18 times and no longer a zip file but now an installer. Run, Install, Done.
Every 3 months a new update is released.
I got into computers when I was about 14 and I started computer programming, Visual basic, then Machine Code, Cobol, Fortran, before moving back to Visual Basic. A few years later VB.NET was my new hunger and today strongly using .NET.
Outside of GeGeek I am also a game developer writing on my PC game, yet again more programming and outside of that I am a Computer Technician in a retail store, solving customers riddles with Malware/Spyware and setting up new PC’s.
In the beginning updating the software was time consuming, plus you can’t hotlink to many websites since they forbid it, it was easier for some applications to just host it on our SSL Server, that way I can update everything on the fly. Its amazing how much old equipment I still use as well as new equipment to keep ahead of the times, when VR first came out I jumped onboard with the Oculus, that was several years ago and today I am using the HTC Vive, it’s a fun toy.
For anyone studying IT, keep at it, if you’re interested in any sort of programming, get in there and learn, there are so many different places out there online that offer programming assistance that its all free to learn. Depending on what direction you want to go with IT its a real game changer out there in the world and technology for the world is only just starting, what you learn today you could be one of the people in the future living on Mars or Saturn building a better future for tomorrow.
Jason of GeGeek
Thanks Jason for allowing us to evaluate and test the Kit! We’ll continue to pass this great resource on to hundreds of young IT professionals at our college and we’ll continue to evaluate it over the years.
We did a review of GeGeek’s Toolkit back in 2014 after hearing about the website and toolkit from Rick over at “What’s On My PC’. Recently, Jason of GeGeek reached out to us and gave us the latest release of GeGeek’s Toolkit.
If you haven’t heard about GeGeek’s website or Toolkit, go over and pay him a visit.
Since 2014, the website has undergone an entire revision. With a blog on the home page and hundreds of links and resources for the IT professional or the computer enthusiast, the new website has a ton of topics about every topic you can imagine.
The GeGeek Toolkit download is only around 12 MB in size. However, once you start the installation and updates, there is more than 7 GB of files. While this may take some time to download, you won’t be disappointed.
The installation is straightforward. With over 600 programs, 340+documents and over 500 weblinks, you’ll find that this program contains tools that will meet all of your needs.
With three installation types, you can select typical, custom or full. For this installation, we selected the complete installation to try out all of the programs.
After selecting the ‘type’ of installation you want, select the Next button.
The Windows UAC may appear, select Yes to continue with the setup.
During the installation, GeGeek will create a folder under your C drive. You can copy the folder to a USB drive to use the programs while on the go.
Once files are copied to your HDD or SSD, you can finish the installation and begin the updates.
After installing and starting the program, you’ll see a floating icon on your desktop that allows you to move the icon anywhere on your desktop.
This icon along with the toolbar icon 
allows you to access the tools found in GeGeek.
Once we started the program, we immediately went to the configuration settings and selected to update the programs. You can begin the update by pressing the run icon 
found in the SyMenu .
Once you press the update button, a Window appeared to update the programs.
The Update screen allows you to select which programs to update or you can select all of the programs found in the software inventory.
The update process is smooth and error free. Progress bars next to each software title allows you to see the progress of the updates.
So what are the programs found in GeGeek? Everything you can imagine. This Toolkit is a must have. Go over and check them out at GeGeek.com
The following commands help to reset Windows Update History along with resetting and re-registering components. Open an elevated command prompt and type (or copy and paste) the following (in italics)-
(References below – double check before running)
net stop bits
net stop wuauserv
net stop appidsvc
net stop cryptsvc
rmdir %windir%softwaredistribution /s /q
Del “%ALLUSERSPROFILE%Application DataMicrosoftNetworkDownloaderqmgr*.dat”
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
cd /d %windir%system32
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wucltui.dll
regsvr32.exe /s msxml.dll
regsvr32.exe /s msxml3.dll
regsvr32.exe /s msxml6.dll
regsvr32.exe /s actxprxy.dll
regsvr32.exe /s softpub.dll
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
regsvr32.exe /s shdocvw.dll
regsvr32.exe /s browseui.dll
regsvr32.exe /s jscript.dll
regsvr32.exe /s vbscript.dll
regsvr32.exe /s scrrun.dll
regsvr32.exe /s wintrust.dll
regsvr32.exe /s dssenh.dll
regsvr32.exe /s rsaenh.dll
regsvr32.exe /s gpkcsp.dll
regsvr32.exe /s sccbase.dll
regsvr32.exe /s slbcsp.dll
regsvr32.exe /s cryptdlg.dll
regsvr32.exe /s oleaut32.dll
regsvr32.exe /s ole32.dll
regsvr32.exe /s shell32.dll
regsvr32.exe /s initpki.dll
regsvr32.exe /s…
View original post 90 more words
BackBox is more than an operating system, it is a Free Open Source Community Project with the aim to promote the culture of security in IT environment and give its contribute to make it better and safer.
BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, automotive and exploitation. It has been built on Ubuntu core system yet fully customized, designed to be one of the best Penetration testing and security distribution and more. How do I get it? You can get it here. Does it co-exist with Windows 10? Yes, if you install it, it will detect your Windows Version and make a DUAL boot system that allows you to select BackBox or Windows.
BackBox.org, in partnership with the most innovative cybersecurity companies, offers a range of Penetration Testing services to simulate an attack on your network or application.
OK, how do i update it? Go to the menu, System, Software Updater. Enter your password when prompted.
Want to analyze your network? Some of the top filters for Wireshark are below. This by no means is a user guide for Wireshark which is the best freeware protocol analyzer available.
Want to see if your traffic is efficient? Use the following filter to identify problems in your traffic.
tcp.analysis.flags
This flag helps to look at problems you may have in a trace file. By using this filter, you can see re-transmissions, acknowledgement problems and more.
Are you experiencing latency in traffic to a server? Are you being SYN attacked?
tcp.flags.syn==1
This flag can help you detect syn based attacks against a server. While thousands of packets may be found, it is the pattern of syn requests that can indicate if you are being attacked by someone.
Troubleshooting a connection? Do you know the port number for the application?
tcp.port==443
Following a stream of data on a specific…
View original post 334 more words
TCP Spurious Retransmissions may be seen from time to time when using Wireshark. How do you see them? Capture some data with Wireshark on your workstation or server. Click on Statistics, IO Graphs and click throughout the graph on the color that indicates TCP errors. You’ll see the Wireshark main screen change to the point in time you are clicking.
Analyze the content and look for Spurious Retransmission. These packets may indicate that the sender sent a retransmission for data that was already acknowledged.
TCP will show some packet loss, so these are normal events. If these are common, they may start to impact application and/or performance across your network. Here’s what you can do.
How can you correct too many of these?
Have you heard that hiding your SSID is a good idea? Think again.
With BackBox or Kali (in fact in form of Linux), you can run sudo airodump-ng phy1.mon at a terminal (replace phy1.mon with your network card number) – onboard cards would be phy0.mon.
Using a WINDOWS computer, you can type netsh wlan show networks mode=BSSID and see all networks and information about the network including hidden networks.
You will also see the Hidden Network using Windows 10 GUI. Although this network is ‘OPEN’, you’ll have to guess the name to connect to the network which is nearly impossible.
What you can do is install BackBox or Kali and use Airodump-ng. Below you will see airodump running and the network card is phy1.mon (replace this with phy(number).mon . The numeric value is the number of your card. 0 will be onboard and 1 will be an add-on card.
As you can see below (top half) that there are two SSIDs you can connect to. You will also see that no one is associating or deauthenticating with the Wireless that is available.
If you wait long enough, someone will associate with the SSIDs – Here you will see someone connecting to one of the Wireless Access Points. (look below ‘Probe’ and you will see the Station that is associating with the AP.
Waiting a few more minutes, you will see another station authenticating with the Wireless AP (look under ‘Probe- you’ll now see two stations associated with the SSID).
When a wireless access point comes online, (look below the arrow) – you’ll see the number of characters the name is (in this case it is nine), yet hidden.
When a station authenticates or connects to the ‘hidden network’ you’ll see the SSID name of the hidden network. In this case, look below ‘Probe’ and you will see Tomato242 which we set up to find.
So is hiding an SSID a good thing to do? It is one step of obfuscation. The other steps include – setting the WAP to WPA2 (CCMP/AES), using mac filtering and keeping your passphrase confidential.
In the scenario above, when the Wireless came online and was open, because it does not have a password, you could connect to this wireless AP just be clicking on hidden and typing in no password.
Are you running Wireshark in Linux? You may have to give permission to a non-root user to sniff packets. How do you do this?
Open Terminal
Next, type –
sudo dpkg-reconfigure wireshark-common
Enter YES in the screen that ask for permission
Next, enter-
sudo adduser $USER wireshark
Log out and log back in. You can now sniff with Wireshark
Looking for cleanup in Windows 10. Look under Settings, System, Storage and click on Free up space now.
Do you have several dozen or more computers in your organization? Perhaps your organization is too small for an update server. Here’s something that you can do to Windows 10 pro to control bandwidth during updates.
Open the Group Policy Editor
Go to Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization.
You might get this error when you start the Office 2016 or Office 2013 versions of Excel, Word, Outlook, PowerPoint, Publisher, or Visio on your PC:
Microsoft Excel has stopped working.
Microsoft Word has stopped working.
Microsoft Outlook has stopped working.
Microsoft PowerPoint has stopped working.
Microsoft Visio has stopped working.
Microsoft Publisher has stopped working.
There’s always some kid out there better at hacking than a Russian team over seas.
https://motherboard.vice.com/en_us/article/mb44nn/autralian-teen-hacked-apple-network
The dark and deep web
https://winteriscoming.net/2018/08/16/pirates-selling-hundreds-passwords-hbo-go-services-dark-web/
https://thehackernews.com/2018/08/google-chrome-vulnerability.html
https://thehackernews.com/2018/08/microsoft-office365-phishing.html
Even the rich and intelligent can be caught.
https://thehackernews.com/2018/08/microsoft-reveton-ransomware.html
https://thehackernews.com/2018/08/man-in-the-disk-android-hack.html
Thanks Stephen!
News-August 15th
https://www.pcgamer.com/grab-a-960gb-solid-state-drive-for-only-dollar127/
https://www.networkworld.com/article/3298157/linux/linux-and-l1tf.html
More IEEE standards??
Okay this has nothing to do with IT or computer technology but it’s actually quite interesting.
These Are the 25 Highest-Paying Jobs in the U.S. Right Now
Since the FBI couldn’t even get people to restart a router I can’t imagine the damage that is about to happen. FBI warns of potential ATM bank heist that could steal millions globally
Are you leaking DNS Information?
“Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.”
Visit: https://www.dnsleaktest.com/
12th Year2007-2018
Top 50 Higher-Ed Blogs 2016
National Vulnerability Database Krebs on Security
