Archive

Author Archive

Setting Gmail as your default mailto handler

December 19, 2015 Leave a comment

1) Configure firefox to use gmail for mailto links.
Options> Applications> mailto> use Gmail

2) Delete all other mailto options and set URL Protocol to nothing under: HKEY_CURRENT_USER\SOFTWARE\Classes\mailto

3) Add firefox as a handler: HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations\ reg_sz: mailto = “FirefoxURL”

4) Delete all options in: HKCU\Software\Microsoft\Windows\Shell\Associations\URLAssociations\MAILTO\Userchoice

5) open a mailto link and set Firefox.

If you don’t set the mailto Application in firefox, it’s default is set to firefox, which will make firefox load firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox GOTO loading firefox

Security software for personal PC

November 25, 2015 Leave a comment

I’ve been meaning to create a quick list of personal PC security software for some time, but haven’t gotten around to it. well…

RG0BS1U
  • Some antivirus… Windows defender is okay, but not great.
  • Immunet: this “cloud based antivirus” is the free version of Cisco/Sourcefire AMP for Endpoints and will provide you with access to TALOS intelligence on file integrity.
  • EMET: Yes. This probably won’t cause too much trouble.
  • Glasswire: Easy to use network awareness.
  • Sysmon: Well, if you’re in the position of “supporting” your family/friend’s PCs, then you might want to be wise to malware infections. You can get crafty here.
  • Papertrail/LogEntries/SumoLogic/Loggly with nxlog: if you want to get real crazy, real quick, configure cloud-based event logging with alerting, as long as you can provide them with a work Email address. Papertrail supports alerting via Email and integration into other platforms (like librato, slack, zapier, stathat, pagerduty… anything that supports webhooks (which excludes IFTTT)) for free out-of-the-box.

That’s it for now. I guess I’ll expand when I come across other things.

Native powershell support for VSS snapshot mounting

October 30, 2015 Leave a comment

This link contains two functions that allow you to mount then dismount VSS snapshots in powershell. I’ve copied them a gist as I have a healthy fear.

“Application Initiation Error” with Adobe installer?

October 12, 2015 Leave a comment

To assist detection of malicious Adobe installers, Adobe seems to have taken the proactive step of not having their Download Manager/Installer respect the Windows certificate store and instead uses certificate pinning (an embedded cert) for it’s connection to download the Adobe installer.

An easy way around this is to download the installer itself by obtaining the redistribution package at https://www.adobe.com/products/flashplayer/distribution3.html .

I came to this conclusion via a forum post that showed how to perform debug logging of the Adobe Download Manager.

1) Create an empty text file named ADM.trace inside your %temp% directory (usually C:\Users\YourUserID\AppData\Local\Temp\).  The file extension itself is .trace, not .txt or anything else.

2) If your computer is not configured to show file extensions you'll want to enable this to ensure the file extension is .trace and not something such as .trace.txt

3) Run the online installer again (the online installer deletes itself after it's launched, so you'll need to download it again)
When the installer window displays the error obtain the Adobe_ADM.log and Adobe_GDE.log files from the %temp%\Adobe_ADMLogs directory (e.g. C:\Users\YourUserID\AppData\Local\Temp\Adobe_ADMLogs directory)

This revealed the error was related to the above and the Download Manager’s connection to the distribution servers:

10/12/15 13:23:17:430 | [TRACE] |  | ADM |  | WorkflowManager |  |  | 4408 | HTTPConnector::HTTPSend :: After callback : error Type : 0, error code : 0
10/12/15 13:23:17:430 | [WARN] |  | ADM |  | ApplicationContext | HTTPSend |  | 4408 | Certificate not matching.
10/12/15 13:23:17:430 | [FATAL] |  | ADM |  | WorkflowManager | HTTPConnectorError |  | 4408 | Error occurred while getting application xml: -4 extended error: 0
10/12/15 13:23:17:430 | [DEBUG] |  | ADM |  | ApplicationContext |  |  | 4408 | Showing screen: initErrorScreen

Oh… and for the URL list the ADM debug file also lists:

10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | White listed URLs are
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | get.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | get2.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | aihdownload.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | admdownload.stage.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | admdownload.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | airdownload.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | ardownload.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | ardownload2.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | download.macromedia.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | fpdownload.macromedia.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | fpdownload2.macromedia.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | fpdownload.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | fpdownload2.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | platformdl.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | platformdl-stage.corp.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | wwwimages2.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | wwwimages.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | wwwimages.stage.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | wwwimages2.stage.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | dlmping.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | dlmping2.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | dlmping3.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | dlmping4.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | get3.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | get3.stage.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | adobetag.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | promotion.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | stats.adobe.com
10/12/15 13:40:41:916 | [INFO] |  | ADM |  | ApplicationContext |  |  | 4196 | sstats.adobe.com

Bootable USB drive of windows

September 30, 2015 Leave a comment

Here’s some good steps on creating a bootable USB to load the Windows.

Fast grep for powershell

September 29, 2015 Leave a comment
get-childItem -recurse | Select-String -pattern "XML" | group path | select name

source

Exchange item security woes

August 21, 2015 Leave a comment

Everyone knows you can mail-enable a global security group in order to have it’s members’ mailbox account logons gain access to an object (I mean, c’mon!). But, you might be pulling your hair out as to why, say…. a public folder you’ve added an ACE for this mail-enabled security group is not reflected on the users’ mailboxes via their Outlook session (it’s my friend’s Outlook session, I swear).

Simple… as you do with user sessions and group membership (by way of kerberos cert grants), you need to log out and back on. What’s that you say? “I’ve rebooted several times and still nothing. It’s Friday afternoon… I don’t need this shit.”

Well, silly! Why don’t you just go into Outlook’s account settings> email account settings> more settings> security tab> check off “always prompt for logon credentials” under “User identification”> OK your way out. Close outlook. Reopen it. Log back on to Exchange, and the god damn permissions granted by the m*fing ACE will actually be reflected.

Go back in and uncheck that option, and you’re back to normal. And you only developed a single twitch in process.

Follow

Get every new post delivered to your Inbox.

Join 54 other followers

%d bloggers like this: