Windows: Enable Bitlocker without a TPM module


by default Bitlocker could only activated when a TPM chip is physically present.

If you want to use Bitlocker without a TPM module you must change your (local) policy. Open the Group Policy Object Editor (gpedit.msc), navigate to
More »

Advertisment to support

Powershell: List members of an Active Directory Group


here are the code snippets to list all members of an Active Directory Group.

Some constants

# Define LDAP search root, the Global catalog of the domain
# The Groupname to looking for

More »

Windows: List all users who are currently logged on


if you want to list all Users which are currently logged on to the box use the query command.

List all sessions

c:\> query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
>rdp-tcp#0         user1                     2  Active  rdpwd
 rdp-tcp                                 65536  Listen

Or list all users

c:\> query user
>user1                 rdp-tcp#0           2  Active          .  21.02.2015 19:42

You can also list the processes of the user

c:\> query process
 USERNAME              SESSIONNAME         ID    PID  IMAGE
>user1                 rdp-tcp#0            2   6076  taskhost.exe
>user1                 rdp-tcp#0            2   6592  rdpclip.exe
>user1                 rdp-tcp#0            2   4840  dwm.exe
>user1                 rdp-tcp#0            2   4680  explorer.exe
>user1                 rdp-tcp#0            2   7092  vmtoolsd.exe


Security: Install mimikatz offline plugin to volatility (DRAFT!!!)


here are the steps to install the mimikatz offline plugin to get it running under volatility on a Windows 7 x64 Operating system. Currently draft but works for me.

1. Install volatility
get the latest Python 2 Version and install it. In this example to target directory d:\Python27. Use the x86, 32Bit Version even on x64 systems. Otherwise the volatility installer won’t found the python installation. Choose also a installpath without spaces.

Install Volatility 2.4 Windows Python Module Installer (not the binary installer)
More »

Windows: Initate a kernel memory dump


for deeper inspection of Windows it is sometimes necessary to get a memory dump of the machine to analyse these output with tools like volatility .

There are several ways to provoke windows to write a dump.
More »

Original Theme by Schiy · Powered by WordPress