An excellent site to look at tweaks and optimization of your operating system is TweakHound. TweakHound gives step by step guides and hundreds of tweaks – they also help you look at these individually and explain why they are good or bad.
Go check them out.
If you are a gamer or in IT, you may have noticed a performance degradation after changing your video card or after upgrading the driver.
Display Driver Uninstaller helps to remove orphaned files and registry keys.
Go over to TECHSPOT and download the uninstaller.
irst thing –
Next, avoid latency of your network card by adjusting the network adapter priorities.
Open PowerShell as an Administrator – Type Get-NetIPInterface
You will see the Interfacemetric numbers that vary from 11 to 90.
If you want a higher priority, set the interface to a lower number – I use wi-fi – therefore I can type the command –
Set-NetIPInterface -InterfaceIndex “11” -InterfaceMetric “11”
Our old article on using the GUI
If you use more than one network card for mutliple LANS or connections, you can set the metric of each card to send IP packets through the fastest card first or the desired card.
For instance if you have a network card that connects to other servers and computers on one LAN and a network card that connects to a separate LAN that has security cameras; metrics can be used to compute the routing algorithm.
The one card would be set to a lower metric in order to go to the web and the security camera system would be set to a higher metric thus giving priority to the lower number.
Here’s an example of my home LAN which uses a printer and cameras on a separate network and my wireless which connects to the Internet.
So how do you change it? Open the Network and Sharing Center – Click on Adapters – Right click the desired adapter – Select Properties – Double click TCP/IP – Click Advanced – Uncheck the Automatic Metric – Change to the desired number
Wireless
Above the wireless is set to 1. Below the LAN which has a static IP address and no Gateway is configured with a 20.
Valid values are 1 to 9999.
Don’t forget to set the binding order of the network cards. Go to the Adapter. Hit the ‘Alt’ key once for the menu. Click on Advanced and then Advanced Settings.
Move the network card with a higher priority to the top.
If you can’t see your AHCI Link Power Management from the Power Options, there is a way to add it. Always backup your computer before modifying the registry.
You can add the GUID to the registry by going opening the registry (regedit) and creating a key under the following key -0012ee47-9041-4b5d-9b77-535fba8b1442
The easiest way is to copy the information in italics to notepad or notepad++ and save as AHCI.reg.
After saving this, double click on the .reg file and reboot.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPowerPowerSettings
If you receive the error 1935, take the following steps-
Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority. (Host/DNS resolution)
The tweak works by increasing the priority of four processes.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider
LocalPriority = 4 (DWORD, the default is 499, change to 4)
HostPriority = 5 (DWORD, the default is 500, change to 5)
DnsPriority = 6 (DWORD, the default is 2000, change to 6)
NetbtPriority = 7 (DWORD, the default is 2001, change to 7)
You can use this script at a command prompt (as Admin) or in PowerShell (as Admin)-
reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “LocalPriority” /t REG_DWORD /D 4 /F
reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “HostsPriority” /t REG_DWORD /D 5 /F
reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “DnsPriority” /t REG_DWORD /D 6 /F
reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “NetBtPriority” /t REG_DWORD /D 7 /F
taskkill /f /im explorer.exe
start explorer.exe
Have you noticed high resource utilization? CPU, Memory or Disk at 100%? Of course this could be malware, a virus, a startup app or program. It could also be memory compression.
Windows 10 offers memory compression which takes little-used elements and stores them in RAM. This saves memory and is faster than your pagefile.
If you experience latency or high memory utilization, you can turn off memory compression by using PowerShell.
Open PowerShell and type the following-
Get-mmagent
You should see Memory Compression is True.
If you are having issues with memory, Open PowerShell as an admin and type –
Disable-MMAgent -mc
This will disable memory compression
Reboot
You can enable memory compression by typing-
Enable-MMAgent -mc
There truly is no reason why you should disable memory compression. Users have reported what they believed was corrupt compressed memory. After disabling and re-enabling, users reported their systems had stabilized.
If the performance has improved with memory compression disabled, you can leave Windows 10 with the compressed memory disabled.
You can also see Memory Compression by using the Task Manager or Resource Monitor.
You can also use set-mmagent and use the maximum number of prefetch files from 1 through 8192.
Computer not responding? Restart your graphics driver by using the following shortcut keys-
Fabian Wosar, CTO of EMSISOFT is known as the most prolific ransomware killer in the world. We reached out to Fabian and asked him ten questions.
Look for our Live Interview and video late next week…
Steve: You’re the cybercriminal…Create ransomware or steal and sell data? Why?
Fabian: There can be a whole bunch of motivations at play. Some people are just interested in the challenge. They just want to proof that it is possible to break a system or to write malware for a certain system. Then you have people who just do it “for the lulz” or are somehow politically motivated. These people usually want to highlight certain issues or just want to have fun. The vast majority however, especially when it comes to ransomware, are financially motivated. Decently successful ransomware groups make tens of millions of dollars each month. Gandcrab for example managed to generate 2 billion US dollars worth of ransom money within about a year.
Steve: Do you see patterns from the “cyber gangs” in the reuse of code when they program new ransomware or variants? Are these ‘gangs’ becoming smarter? Are they recruiting better programmers?
Fabian: It very much depends on the gang and campaign. Ransomware code is readily available not only on blackmarkets but also on places like Github. So the barrier of entry is somewhat low. There are also a whole bunch of “Ransomware as a Service” offers available, where everyone who is interested in getting into ransomware can just sign up, infect a bunch of people, and then get a cut of the revenue generated. That is how Gandcrab operated for example.
The gangs behind ransomware haven’t necessarily have become smarter, but they adjusted and changed tactics a lot. While in the beginning, ransomware very much was a home user problem, the focus has shifted towards companies in the recent years. Instead of spreading ransomware through spam, exploit kits and pirated software, attackers try to break into systems directly in order to encrypt them.
Steve: Are you seeing a collaboration of cybercriminals where opposing criminals are ‘teaming’ up with one another?
Fabian: There definitely is a lot of teaming up going on. Take a look at Ryuk for example, which is often deployed through existing bot infections. Whether the bot herders are behind Ryuk itself or whether the Ryuk gang is buying infected systems from the bot herders isn’t exactly clear. There is obviously also a lot of auxiliary stuff going on. It’s one thing obtaining a large amount of bitcoin. It’s another to turn that bitcoin into clean cash that you can use and buy things with. So the same organised crime structures that are involved in money laundering are present in cyber crime as well.
Steve: Is Microsoft keeping up with updates and patches and are you seeing more neglect from IT personnel?
Fabian: There certainly is a bit of apathy going on. Every couple of weeks there is a new big vulnerability threatening your security. It becomes difficult to keep up, especially when you have lengthy test cycles for new patches to make sure they work in your environment or if you rely on certified hardware and software, that can’t be easily patched without breaking the certification.
Outsourcing was often seen as a solution to this problem, but especially recently there have been attacks on MSPs, often with catastrophic results. We have seen cases where MSPs got hacked and thousands of their clients got hit by ransomware that was deployed through the RMM sytems used by those MSPs.
Steve: IoT and Network Area Storage is getting hit by Ransomware today. Do you foresee new threats that go into Automotive/Transportation, SCADA/PLC, Linux and Mac Oss that involve a more sophisticated Ransomware?
Fabian: We have already seen some of those cases. A while ago a bunch of PHPBB communities got targeted by a rather unique ransomware. They replaced the database driver on those communities with one that would transparently encrypt and decrypt all data during access. The forums continue to work fine, often for months, until the attacker pulls the key out of the driver, making the database inaccessible. Since the driver often has been there for months, backups may have already been rotated out. But even if they weren’t, a large portion of content that was added since the attack may be encrypted with no recovery possible. I would suggest more of these types of attacks in the future.
Steve: When did you first notice code in Ransomware had your name in it? Were you shocked? Is this something you are seeing more of? Are you constantly receiving threats?
Fabian: The first time it happened was about 3 years ago in a ransomware called Radamant. I wasn’t exactly shocked to be honest. I was more surprised and also a little bit proud. It’s the greatest form of compliment you can get in my line of work. It still happens occasionally in addition to ransomware authors contacting me directly on Twitter or in various online communities. The threats have become less, but they still happen occasionally. The biggest reason for that is that I am less public about my work and often help victims directly or provide information to other researchers who then release the decrypters.
Steve: Generally how long does it take to reverse engineer ransomware and provide keys if possible?
Fabian: That very much depends on the ransomware. But on average, it takes me less than 30 minutes to take the ransomware apart, find the encryption routines, and figure out whether the encryption scheme is secure or not. Writing a decrypter then takes another couple of hours. About 4 on average I would say. A lot of QA and testing goes into these decrypters. The last thing we want is damage the user’s files after all. So we tend focus on being careful instead of being the first. However, more often than not we are the first anyway.
Steve: Are you seeing more shady security companies who negotiate with the cybercriminals without the victim knowing?
Fabian: It continues to happen, yes. It’s important to drag these companies into the open and tell people what they are doing. People often think I am against paying the ransom under any circumstance. While that would obviously be the ideal, I am well aware that when it comes push to shove, people prefer to part with a large sum of cash rather than kiss their entire livelihood goodbye. So I am not against paying the ransoms per se, if there truly is no other way, and I also don’t think that a data recovery company should be ashamed of paying ransoms. Quite frankly engaging with a company that has experience with these types of negotiations can be quite beneficial. Not to mention that your accountants will probably prefer you paying a legitimate third party instead of buying bitcoins and sending them somewhere without any kind of invoice.
Ideally data recovery companies should just be honest about how they came up with the amount they charge their clients and outline exactly what they are doing. That doing so can make you hugely successful can be seen in the case of Coveware for example, who are very open about their processes and cost structure.
Steve: How did you get involved in Information Technology?
Fabian: I bought my first PC when I was about 10 years old. It didn’t take long until I got my first computer virus (Tequila.B). I was really fascinated by the concept, so I went into the library (sort of an offline Wikipedia for the young people out there ;)) and they actually had a bunch of books about computer viruses. So I got really into the topic, which led me to eventually learning assembly and Pascal programming and writing my own little anti-virus tools when I was about 11 years old. I never really moved away from that.
Steve: Finally, what is your recommendation other than the usual protection methods that someone can use to protect themselves against ransomware?
Fabian: Backups are by far the best protection. I recommend everyone who isn’t on some data limited plan to go with a cloud based backup solution. Preferably one that can operate using “zero-knowledge”, so that your data is encrypted on your system and the backup provider has no knowledge of what data is being stored on their service. Besides backups, practicing proper cyber hygiene is key. Stick to well known software and keep it updated. Don’t download and install software from places that aren’t trustworthy. Don’t have your data laying around openly on the internet. Have all access points to your network and systems protected using strong authentication (ideally based on certificates, not passwords; but if you have passwords, make sure they are of high complexity). Things like that.
Security software can obviously help quite a bit as well, but there are limits. I am always surprised how customers who had RDP enabled on their systems and trivial passwords complain that our product didn’t protect them. No product will in those cases. The attacker can just turn them off or uninstall them before running their ransomware. Once someone gained access to your system like that, it is game over.
Best regards,
Fabian Wosar
Chief Technology Officer EMSISOFT
Need to optimize and check a MySQL database on a Windows computer?
Open a command prompt as an administrator.
Change into the folder where your MySQL is located.
An example is below –
type cd\Program Files\MySQL\MySQL Server 5.7\bin
Hit enter
type mysqlcheck -u root -p –optimize –databases {enter your database name here}
Hit enter
Be patient and wait. You may be asked to enter your root password for your MySQL when prompted
If you receive “Cron failed to run in 200 seconds, you can write a batch file and place the batch file in a folder under c: drive (name the folder cron). The script below is if you are running Moodle on a Windows based server.
The content of the batch file should contain the follow:
echo on
c:
rem enter the path to your php on the next line
cd\Program Files\php\v7130
php c:\inetpub\wwwroot\{your moodle directory}admin\cli\cron.php
echo Cron Job Success!
rem the next line waits 180 seconds to prevent resource usage
timeout 180
cd\cron\cronhourly
start cmd /k Call c:\cron\cronhourly.bat
exit
The CLI or Command Line Interface, is a text-based interface used to program devices such as switches and other network equipment. So it’s 2019. Why are we still using a CLI?
The reason? It allows a granular ability to program devices for hundreds of configurations. You see, a GUI is going to be limited (even though some have hundreds of options) and CLI uses less resources and truly can give you more control of the configuration.
Thus you can generally program a CLI faster than a GUI interface once you become skilled using the CLI. With a CLI, you aren’t waiting between commands and with a GUI interface, you are.
Below is a series of screenshots and several commands on the Dell N1548 switch (For more information on how technical it can be, see the 2410 page Dell PDF) . In this tutorial, we’ll show a novice how they can take a switch with no IP address and program the switch so that it can be accessed by a GUI interface with a static IP address.
While there are a million more options using a CLI, this is only an introduction to the CLI and does not imply this is the only way to program switches by any means. CLI commands can vary on manufacturers.
In order to use the CLI, you can use Putty or other software on your computer. You’ll also need the console cable that came with the device or a standard console cable.
With the switch off, connect the console cable to your computer and plug the opposite end into the console port of the switch.
Open Putty and select the serial connection or SSH (this will depend on your device). Generally a speed of 9600 will be ok if connecting via a serial cable.
Power the switch on and click Open on Putty. You should see the boot sequence for the device. If your screen is garbled, trying increasing the baud rate.
As the device loads, you will see information about the device scroll by on your console screen.
Once the device boots, you will (in this case) see console>
Next, type enable. This enables commands and the programming of the switch.
Once you hit enter, you will see console#
Next type configure in order to begin the configuration of the switch and hit Enter. You can normally type help or ? in order to get the command syntax as you enter different areas of the CLI.
Next type username {username you want} password {The password you want} and privilege 15
Note: The password and username used in this example are just that – examples. Privilege levels are determined by the switch or device manufacturer.
Next type ip default-gateway {Enter your gateway address}
Next type interface vlan 1
You will now see console {config-if-vlan1} – you can now type the IP address and subnet that you want by entering ip address {your ip address} {your subnet}
Next, type exit
To check your configuration, type show ip interface vlan 1
You should now be able to login to your switch using a browser by typing in the IP address in the address bar – This of course is after setting a static number on your NIC if your computer is not on your lan and has not received a DHCP number.
Log into the switch and you can hit the save button to make sure your configuration is saved.
Again, this is a tutorial for beginners. While you should disable protocols such as http, telnet and limit users on the switch, you have to remember there are hundreds of CLI commands and GUI configurations.
Always update your firmware and disable protocols that are not secure.
The TN Department of Safety and Homeland Security along with TCAT Shelbyville and the Cyber Conference committee are working on the 2019 Middle TN Cyber Conference agenda. Look for speakers such as Jayson E. Street (http://jaysonestreet.com/), Brent White of We Hack People, (https://wehackpeople.wordpress.com/), Daniel Elliot (National Cybersecurity Alliance) and Mark Burnett, Derek Rush, & Bill Dean (LBMC-Anatomy of a Hack).
Other speakers will be announced soon.
Join the 400+ professionals and register at:
https://middletncyberconf.com
Have the above error? Copy and paste this in a command prompt as administrator. This will work a majority of the time. This configuration error re-registers the dlls that may have issues during or after an upgrade.
cd\
cd\windows\system32
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s
cd\
cd\Program Files (x86)\Common Files\Rockwell
For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s
pause
Note: You may have to replace the ‘ symbol with the apostrophe. Also this often corrects other programs that display this error.
The world is divided into a grid of 3m x 3m squares and each grid is assigned a unique 3 word address.
Because most of the world is not addressed, you can locate any place on the planet by three words. Take a look at the technology and features behind what3words – https://what3words.com/about/
If you get an error on Moodle that states “Error Writing to Database” generally when logging on, that WAS working prior to upgrading, clear or purge the Moodle Cache. Generally when you shutdown Apache or IIS to upgrade, the sessions or cached sessions may be corrupt.
By purging the cache, it will flush the cache and new sessions will be initiated. This is why it is important to announced maintenance at a predetermined time and to place Moodle in Maintenance Mode.
Where do you Purge all cache? Go to Site Administration, Development and Purge All Caches.
Remember, if you get “Error Writing to Database other than logging in (randomly), try purging the cache first.
If you cannot connect to your Microsoft SQL Server after installing a web SSL Certificate, you may need to get the thumbprint of your certificate and copy it (without spaces) to your registry.
Go to Hkey_Local_Machine\software\Microsoft\Microsoft SQL Server\{Find your instance of SQL}\MSSQLServer\SuperSocketNetLib
There you will find a string that says Certificate – put the thumbprint of your certificate there without spaces – reboot your computer.
If the string does not exist, create a string that says certificate
Remember – Always have a backup of your server (configuration, database and other information) before working with the registry.
When you are networking computers, wireless access points, printers and other nodes in multiple rooms, try to avoid daisy-chaining switches or using small 4-8 port switches when you are in a hurry. Replace any hubs on your network as soon as you can.
With a hub, collisions can be >20% and utilization can stand at >50%. By replacing a hub alone, you can reduce collisions to 5% on switches in rooms and <1% in the server room. Switches help to isolate traffic, relieve congestion, separate collision domains (reduce collisions), segment and restart distance/repeater rules.
Daisy Chaining Switches -what not to do
Real world scenarios may require you to temporarily daisy chain switches. If you do, test the network and run additional backbones or replace core switches to accommodate more nodes as soon as you can. (remember, replace any hubs in your network)
One of many solutions is to run independent lines to the core switch
Basic tips on optimization of your network –
This is the very basics behind network switch infrastructure. Managing switches and using the IEEE standards above along with optimizing your network and managing the network infrastructure is important.
Excellent articles on Networking Infrastructure
http://www.lantronix.com/resources/net-tutor-switching.html
http://www.techrepublic.com/blog/it-consultant/only-novices-daisy-chain-switches/
Is your Wireless dropping? Update your driver of course and then try changing your Scan Valid Interval. By default, most wireless cards are set to 60. This is the amount of time before your wireless ‘looks’ for other access points (for roaming). Try changing the interval to 120.
Open the device manager, double click on the wireless adapter, under advanced, click on Scan Valid Interval – change this to 120. If you have a card that has roaming under advanced, select the lowest option.
Note: If you have a laptop and are moving around in an area, you may need to lower this number.
Also, you may want to lower the Beacon Interval in your router if your signal is low or if you have drops. This sends beacons more frequently and can help with your signal. This may slightly decrease your bandwidth (wireless) and use a little extra battery on mobile devices.
While the default is 100, did you know if you increase this time (assuming you have a great signal in your home or business) that you can increase wireless bandwidth (slightly) and even increase your battery life of devices?
Got Atheros? Follow this link to drivers.
Also, do a quick survey of your entire home. As you can see, one side of our house has interference on channel 11. Because the ‘user’ of the other wireless is using Channel 6 + 10 (40 mhz ) spread, Channel 6 and 11 are NOT optimal. Therefore, channel 1 is the optimal channel (you can see two devices – my AP and printer)
Left – host computer Right – TightVNC into another computer in my home.
Remember, router position and direction matters. As you can see below, repositioning the router got rid of “Saw Tooth” (signal that goes up and down).
12th Year2007-2018
Top 50 Higher-Ed Blogs 2016
National Vulnerability Database Krebs on Security
