Fixing things or breaking them...

Hello, I had a simple malware sample (keylogger) I could show  to reinforce what my previous posts touched on. https://tntrex77.blogspot.com/2018/10/quick-tip-sysinternals.html https://tntrex77.blogspot.com/2018/12/how-i-use-sysinternals.html This was an executable file (.exe) hanging out in the startup folder, trying to be all innocent named "msdefender.exe".   "I don't believe you, more like bsdefender.exe!" https://www.virustotal.com/gui/file/0fd7513668d18c2c6be2ed2eed170b86217734d0af0385bca8eddb94404f05f5/detection There were also a few detections from VirusTotal, ( VT blog entry ) First thing I usually do is blast a file with sigcheck:  sigcheck -h -v <File>    (Hash and VT switches) (Similar output to the VT website, use what you like) Then I pop the file into DIE (Detect It Easy) just to verify file type and quick entropy and strings check. A .rar archive? "But you said you were msdefender.exe!"  Let's pop it i...

I have been asked a few times how to get started in IT?  Thinking back at what sparked my enthusiasm for it... I remember downloading a bunch of different Linux distro ISO's and firing them up.  I would try different desktop environments and mess around with configurations, not always successfully.  When I did "break" the virtual machine I could just revert or restore it back to a state it was working.  This allowed me to "experiment" without fear of actually "breaking anything". Virtualization is a huge topic so in this post I just wanted to give a quick and dirty, up-and-running guide. First, I would check your BIOs and make sure you have any supported virtualization options "Enabled".  (VT-x, AMD V) Then go to  https://www.virtualbox.org/ and download VirtualBox. https://download.virtualbox.org/virtualbox/6.0.4/VirtualBox-6.0.4-128413-Win.exe  (<-4daLazy) Run the installation.  "Next" it out.  (Your network ...

Hey, In my previous post I demonstrated how to add the Sysinternals tools to your computer from  https://live.sysinternals.com/ .  "Neat, now what?"  This is not a comprehensive guide to Sysinternals merely how I use these tools to increase my cyber safety. If you browsed to  https://live.sysinternals.com  you'll notice there is numerous tools.  I just want to quickly show a few of the tools I have found most useful and how I use them. 1.) Sigcheck  - " Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains." You can run it via: PS C:\Users\Matt> \\live.sysinternals.com\tools\sigcheck.exe -h -v "C:\Users\Matt\Downloads\pro cesshacker-3.0.1424-setup.exe" >> sigchecktest.txt This command is run against a "file", usually something you just downloaded/received.  You are unsure about it's safety.  You can run "Sigcheck...

I been slacking on this blogging thing.  Anyway I wanted to show a quick tip that I want to build off going forward with more posts. Sysinternals is a great free tool that can help you with numerous computer issues. https://docs.microsoft.com/en-us/sysinternals/ Another cool thing is Sysinternals Live , basically a website that hosts all the Sysinternals Tools. https://live.sysinternals.com/ The really cool feature I wanted to go over, is mounting this website as a local drive, or calling these tools straight from the command line. P$> \\live.sysinternals.com\tools\procmon.exe This command will fire up procmon.exe. (I got a post coming up for procmon) Syntax= \\live.sysinternals.com\tools\ TOOL.EXE It may take a moment but all the Sysinternals tools are available to you, over the wire.  Pretty neat.  Another way to demonstrate this is by mapping that entire web directory to a location on your computer. Click "This PC" > "Compute...

So here's another quick post I wanted to share with you. Have you ever needed an app and go to the webpage only to be lost and not find the actual "Download" button you want. Forget all that mess and use Ninite . Ninite is a repository of the most commonly used apps.  (Assuming you use Windows) What's great about Ninite is that you can pick multiple apps, hit the "Get Your Ninite" button and a single installer will be downloaded to your machine.  Run this download and it will sequentially install all the apps you picked.  This really shines after you you do a fresh install of your OS; a quick way to get back into everyday computing. Just wanted to share this site with you guys, more to come. https://ninite.com/

Hello again, I wanted to make another quick post.  This is what you can do if you think you already have a infection. The tool I use is MalwareBytes . You can snag the "FREE" version but again I would recommend looking into the "Premium" version. After installing Malwarebytes, you'll get the main menu shown below. You can see the "Premium" version has a lot more features; but the main thing we are after is the "Scan" feature.  Marked in Red After you let Malwarebytes run for a bit (it can take quite some time), you'll be presented with the results window.  Hopefully looking like this: Now if Malwarebytes does detect something it is going to place it into "Quarantine".  This is storage holder isolating the detected file.  Malwarebytes gives you the opportunity to review the detected file and decide if you truly want to delete it from your system.  (False positive could occur flagging a normal f...