Computers, Programming, Technology, Music, Literature

Archive for September 2014

Process Explorer vs Process Hacker–Part 1 of 2

leave a comment »

chentiangemalc

Process Explorer the tool we’ve all come to love as “Task Manager on Steroids” has been for many IT pros one of the essential tools in their troubleshooting toolkit. Process Explorer was originally released in 1998 under the name NTHandlEx. Here is a screenshot of version 1.22. Notice the lack of processes in Windows NT 4.0!

image

By version 2.01 it had been renamed to HandleEx added some more process properties and kill feature.

image

It wasn’t until 16 June 2001 when Version 5.0 came out that it got renamed to Process Explorer. ( I was hoping to have a screenshot of this version as well but couldn’t find it anywhere…) In any case as of May 2011 with version 14.12 the tool has come a long way to be one of the most advanced “task manager” tools available:

image

However an open source project has been working on a competing product since…

View original post 1,637 more words

Advertisements

Written by gmaran23

September 28, 2014 at 1:27 pm

Posted in Uncategorized

Process Explorer vs Process Hacker–Part 2 of 2

leave a comment »

chentiangemalc

Continuing from Part 1 here http://chentiangemalc.wordpress.com/2011/06/13/process-explorer-vs-process-hackerpart-1-of-2/ we will now compare more advanced features of Process Explorer & Process Hacker.

Run As Options

Both Process Explorer and Process Hacker have “Run” options. Process Explorer has “Run” and “Run As Limited User”.While Process Hacker has “Run”, “Run As Limited User”, and “Run As”

In both programs “Run As Limited User” will launch the process with “Low” integrity security level on Vista and higher.

However Process Hacker’s Run As is the most powerful with many special options…

image

User name can be any standard user name but also can include special accounts such as:

image

We can also select what “type”

image

Specific sessions can be targeted

image

as well as Desktops…

image

Finding Open Handles/DLLs

In Process Hacker this is found via Hacker | Find Handles or DLLs menu option, in Process Explorer it is via Find | Find Handle or DLL

The main difference here is…

View original post 757 more words

Written by gmaran23

September 28, 2014 at 1:26 pm

Posted in Uncategorized

Devouring Security: Cross Site Scripting [XSS]

leave a comment »

 

 

http://www.slideshare.net/gmaran23/insufficient-data-validation-risks-xss

 

 

 

 

Agenda in <ul><li>

 

·         Risk, Stories & the news

·         XSS Anatomy

·         Untrusted Data Sources – Well, Where did that come from?

·         Shouldn’t it be called CSS instead?

·         Types of XSS

          Type 0 [DOM based]

          Type 1 [Reflected or Non-persistent XSS]

          Type 2 [Persistent or Stored XSS]

·         Live Demo: XSS 101 with alert(‘hello XSS world’)

·         Live Demo: Cookie Hijacking and Privilege Escalation

          Face/Off with John Travolta and Nicolas Cage

·         Live Demo: Let’s deploy some Key loggers,huh?

·         Mitigations

          Input Sanitization

          Popular Libraries for .Net, Java, php

§  Demo: Input sanitization

          Whitelists (vs. Blackists)

          Output Encoding

§  Contextual

§  Demo: Output Encoding

          Browser Protections & bypasses

          Framework Protections & bypasses

          Content Security Policy (CSP) in brief

·         Secure Code reviews: Spot an XSS, How?

·         Tools: Do we have an option?

·         XSS Buzz and how to Fuzz

·         Renowned Cheat sheets

·         Further reading & References

 

Does your Autolock Domain Workstation policy fail sometimes? But why?

leave a comment »

 

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/does-your-autolock-domain-workstation-policy-fail-sometimes-but-why/

 

The “Password Protect Screensaver” and the “Screen Saver Timeout” controlled by the group policy enables the screen saver to kick in at the specified interval of inactivity and on resume

displays the logon screen and so the workstation needs to be unlocked.

 

Then the normal procedure if you are doing it for the first time, you do a GPUDATE /FORCE. The policy would work like expected, however if some users/managers keep quibbling about their workstation not getting locked after the specified interval, check if any of the below exceptions apply.

 

  1. There is a video playing in YouTube or any website that uses flash based or html5 video player. This should be the active window.
  2. There is a video playing in vlc, windows media player. Main window or the application need not have the focus, could be inactive (minimized, or hidden at the system tray).
  3. There is an audio playing in vlc, windows media player. Main window or the application need not have the focus, could be inactive (minimized, or hidden at the system tray).
  4. There is an automated test running. Desktop app automation or browser automation.
  5. A PowerPoint slideshow in progress.

 

The moment a computer is joined to a domain domain the policy would be effective and in case it did not work then it could be because of the above exceptions or the computer was not a part of the domain. The exceptions are asserted based on the fact that they let the operating system know that the computer is not idle. If you think this is not the expected behaviour, think how ecstatic you’d be when your screen get’s locked while you are enjoying a movie or you are in the middle of a presentation.

Written by gmaran23

September 26, 2014 at 2:08 pm