Windows: Enable Bitlocker without a TPM module

Hi,

by default Bitlocker could only activated when a TPM chip is physically present.

If you want to use Bitlocker without a TPM module you must change your (local) policy. Open the Group Policy Object Editor (gpedit.msc), navigate to
More »

Advertisment to support michlstechblog.info

Powershell: List members of an Active Directory Group

Hi,

here are the code snippets to list all members of an Active Directory Group.

Some constants

# Define LDAP search root, the Global catalog of the domain
$sLDAPSearchRoot="LDAP://yourDomain.com:3268"
# The Groupname to looking for
$sGroupName="USR_GRP_IN_AD"

More »

Windows: List all users who are currently logged on

Hi,

if you want to list all Users which are currently logged on to the box use the query command.

List all sessions


c:\> query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
>rdp-tcp#0         user1                     2  Active  rdpwd
 rdp-tcp                                 65536  Listen

Or list all users


c:\> query user
 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
>user1                 rdp-tcp#0           2  Active          .  21.02.2015 19:42

You can also list the processes of the user


c:\> query process
 USERNAME              SESSIONNAME         ID    PID  IMAGE
>user1                 rdp-tcp#0            2   6076  taskhost.exe
>user1                 rdp-tcp#0            2   6592  rdpclip.exe
>user1                 rdp-tcp#0            2   4840  dwm.exe
>user1                 rdp-tcp#0            2   4680  explorer.exe
>user1                 rdp-tcp#0            2   7092  vmtoolsd.exe
....

Michael

Security: Install mimikatz offline plugin to volatility (DRAFT!!!)

Hi,

here are the steps to install the mimikatz offline plugin to get it running under volatility on a Windows 7 x64 Operating system. Currently draft but works for me.

1. Install volatility
get the latest Python 2 Version and install it. In this example to target directory d:\Python27. Use the x86, 32Bit Version even on x64 systems. Otherwise the volatility installer won’t found the python installation. Choose also a installpath without spaces.

Install Volatility 2.4 Windows Python Module Installer (not the binary installer)
More »

Windows: Initate a kernel memory dump

Hi,

for deeper inspection of Windows it is sometimes necessary to get a memory dump of the machine to analyse these output with tools like volatility .

There are several ways to provoke windows to write a dump.
More »

Original Theme by Schiy · Powered by WordPress