archiveren

HowToImproveTheWorld

A cool trick that was shown a couple of years ago, called BadUSB, turns random USB devices into possible snooping devices.

What if you plugin a USB-stick you found on the street and it turns out to open up an Internet Browser and steers you into a specific website, downloading and launching an application? USB has many profiles, so instead of a “mass storage device” (what you would expect from a USB drive that looks like an mass storage device) it imitates a HID device such as a keyboard or mouse… So your “drive” becomes a keyboard!
Automate some pre-defined keystrokes that randomly start after plugging in the USB device, like windows-logo+r, type https://mendelonline.be/temp/runme.exe, press enter a couple of times, and then run the same with %userprofile%\downloads\runme.exe and you’ll be pretty close running your executable without any user interaction!

Edit 26/05/2016: Exactly like this: https://www.informationsecurity.ws/2016/01/pwning-windows-7-with-avg-av/

Not that many technologies exist to prevent this from happening on Windows though… But I found some document on irongeek explaining how to block USB devices using Group :Policy. (local policy can also be used, you don’t need to have a domainjoined computer): http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devices

Open your local policy editor, open up “Computer Configuration->Administrative Templates->System->Device Installation->Device Installation Restrictions”, and start messing around 🙂

Capture

local group policy settings

I started with checking which USB devices were already known on my computer… You can use, always awesome, nirsoft’s “USBDevview” to have a look at your USB history.

So, I deleted all history, with the idea to start clean.
After deleting everything, I let Windows re-discover all devices default to my laptop.
Next, I started plugging some USB devices I owned and let it register and install.

Then, the actual blocking policy was enabled.

Another USB-device I didn’t install for testing purposes was plugged into my computer. And nothing happened.
Perfect 😎

I still needed to install that device anyway, but starting device manager with administrative credentials, allowed me to overrule the blocking policy, and to install the USB device for future use…
(Note: once a USB device is “installed”/”registered” into windows, it can be plugged in an used anytime in the future without the admin-overrule technique…)
Or you can start defining classes of usb devices, manufacturers, etc… Just check irongeek’s page 🙂

computermanagement

unrecognized

usbdevview

datatraveler not being used

computer

update driver as administrator

cptmgmtinstalled

good to go

installed

datatraveler active!

So, a quick little overview of my home audio setup 🙂

All UPnP/DLNA based…

Suggestions to improve, questions and comments are always welcome! 😎

Currently still not looking at Spotify actually… Most of the music I play are either podcasts or online sources (stubru 🙂 )

 

http://www.hdkn.net/ is pretty awesome for a headless torrent client! It even has a native PowerShell module! But it doesn’t implement everything you want. (runs only in x86 shell, no magnets support, …)

Here a quick (and very dirty) PoSh snippet to add magnets to the download engine using its REST API… (don’t judge me on code quality!)

Accesstoken is the “api key” from the upper right corner, id is whatever you want it to be, and the convertto-json can probably be used as well.. But it was late, and this works :-).


$accesstoken="111111-11111111-11111"
$url="http://host.ext:port/jsonrpc"
while($magnet = read-host "gimme magnets")
{
$body = @"
{"id":74,"jsonrpc":"2.0","method":"torrents.addUrl","params":["$magnet",{"name":"","savePath":"E:\\ServerFolders\\Linuxes"}]}
"@
Invoke-RestMethod -Method Post -Uri $url -Header @{ "Authorization" = "Token $accesstoken" } -Body $body -ContentType "application/json"
}
$body = @"
{"id":1,"jsonrpc":"2.0","method":"torrents.getAll","params":[]}
"@
$res=Invoke-RestMethod -Method Post -Uri $url -Header @{ "Authorization" = "Token $accesstoken" } -Body $body -ContentType "application/json"
$res.result |ft

Eigenlijk een schandalig verhaal over concurrentievervalsing…

spot de beste tv!

spot de beste tv!

Neem nu de foto hier rechts. Een stukje van een demo-muur voor televisies.

Kies hier nu eens de de tv uit met mooiste beeld?

Waarschijnlijk zou je hier “rechtsboven” kiezen.
Goed gesatureerde kleuren, niet overbelicht gelijk de anderen, scherp, … Alles wat je moet hebben eigenlijk?

Wel, een verkoper heeft 30 min bezig geweest met ons dat model (LG) proberen te verkopen.
Het was ook gewoon het beste beeld dat er tussen stond.
“Kan niet beter, meest verkocht, super bouwkwaliteit, …”
Het typische verkooppraatje, je kent het wel…
Nu, het toeval wil dat we het grote broertje van die LG op kantoor hebben hangen.
En het beeld is misschien wel goed, ik vind die interface op niks trekken, die menustructuur, …

Ik wou een andere…
Een Sony 😎
De online reviews waren overal lovend.
Zwartwaarden, kleur, inputlag, software, interface, …
En als ik iets in men kop heb, mjah… 😀

Maar het verschil in beeldkwaliteit tussen die sony en die lg was echt vreselijk groot.
Die Sony was flauw, vaag, onscherp, overbelicht, … Gewoon slecht…

Dusjah, een vreemde situatie: Internet zegt dat die goed is, realiteit is totaal anders?

Anyway, we gaan naar een andere filliaal van dezelfde keten, zelfde scenario.
En we gaan zelfs naar nog een ander filliaal, nog eens hetzelfde scenario!

Intussen had ik nog eens het internet gecheckt, en nog steeds kwamen enkel positieve kwaliteiten van die tv’s naar boven.
Raaaaaar…

Bij de laatste winkel stond ik gewoon nog steeds te twijfelen welke ik nu zou pakken (en ik was effectief naar LG aan het neigen).
Gelukkig kan mijn liefste vriendinnetje nog een beetje out-of-the-box denken.
In het gebouw waar we in stonden bevat naast keten-X ook Krefel! Lucky us!

We snelden daar even binnen, gingen naar een heel gelijkaardige muur vol met TV-toestellen, en tot onze grote verbazing was dit een totaaaal ander beeld op diezelfde Sony. 😯

Dezelfde Panasonic, dezelfde LG, dezelfde Samsung en dezelfde Sony toestellen als bij X, maar gewoon naast elkaar. Zonder rare zaken, allemaal even scherp, allemaal mooie kleuren, allemaal zoals ze horen…
Dank aan Krefel om tenminste fair te spelen!

Doet X nu zo extreem aan vervalsing? Hun klanten zo “in’t zak proberen te zetten”?
Niet dat LG een slecht merk is, zeker niet, maar waarom profileren ze het als enige “goed” tv merk? Commissie? Omkoperij?…
Of zouden ze toch op andere vlak gelijk hebben, en hebben zoveel mensen toch problemen met Sony?
Slechts enkele personen weten het echte antwoord…

Dus heb ik toch maar Sony gekocht 🙂
Bij Krefel

So, to run “Microsft Exchangesigned&unsigned Troubleshooting Assistant”, also known as ExTRA, you need admin permissions on the machine you’re working on.
No reason given. You just need localadmin.

I don’t agree on that 🙂

Most .net executables are somewhat containers and can be opened with 7zip or others. So is extra.exe 🙂
Of course 7zip can’t compile it again, so this was a dead end.

Second issue, the executable is digitally signed by Microsoft. For obvious reasons. So editing something in the file will prevent a successfull match on its sha256-hash value…

So, at first the signatures had to be removed. Nirsoft’s SNremove didn’t work out, but unsigntool @ http://koti.mbnet.fi/vaultec/software.php did the job.

unsignedThe exe could still be executed successfully.

Now, according this super user thread, the manifestfile included inside the executable should be edited.
This was done using XN Resource Editor

Simply replace the “requireAdministrator” with “asInvoker” .

xn resource
And save the assembly again…

Now we have a signature clean executable that doesn’t require administrator permissions 😎

Tip of the day.
Something I’ve been missing in any default Windows installation…

Create a new shortcut to “cmd”.
Call it whatever you want. (cmdshortcut.lnk)
Right click it, go to properties, go to shortcut tab, click “advanced”, and mark “run as administrator”.
Ok both windows.

advance propertiesMove the shortcut to c:\windows\

Create a new batch-file.
Call it “elevate.cmd”
Edit it with notepad++. (yes, very important to edit it with this editor!)
Enter “%windir%\cmdshortcut.lnk” in there.
Move the batch-file to c:\windows\

Enjoy 🙂

 

 

–edit–

The above is for cmd and run.
For PowerShell, read my previous entry: https://mendel129.wordpress.com/2014/01/02/powershell-profile/

For using mouse or touch, you’ll need a keyboard: “ctrl+shift” .

BitLocker_icon

Bitlocker is that often forgotten FDE tool from Microsoft.
It basically gives you the ability to encrypt your entire hard drive (or any external device), and roam safely around the globe without fear.

Default setting is AES with a 128 bit key with diffuser.

There are some powershell commands in windows with kernel 6.2+ and two bde-commands for other windowses 🙂
And the console of course…

Most configuration is done using Local Group Policies. Some of those changes must be made BEFORE encrypting your disk…
So check out the options before encrypting everything!

bitlocker components_2

To quickly check your current status (and which encryption type you’re using):

PS C:\Windows\system32> manage-bde -status
 BitLocker Drive Encryption: Configuration Tool version 6.3.9600
 Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
 BitLocker Drive Encryption:
 Volume C: []
 [OS Volume]
Size: 237,96 GB
 BitLocker Version: 2.0
 Conversion Status: Used Space Only Encrypted
 Percentage Encrypted: 100,0%
 Encryption Method: AES 128
 Protection Status: Protection On
 Lock Status: Unlocked
 Identification Field: Unknown
 Key Protectors:
 TPM
 Numerical Password

Sidenote on this subject

AES 256 isn’t safer then AES with an 128 bit key length.

Choose the encryption strength

BitLocker supports two levels of cipher strength for BitLocker: 128-bit and 256-bit. Both use the Advanced Encryption Standard (AES) to perform encryption. Longer encryption keys provide an enhanced level of security and are less likely to be successfully attacked by the use of brute-force methods. However, longer keys can cause slower encryption and decryption of data. On some computers, using longer keys might result in noticeable performance degradation. You can use Group Policy to change the length of the encryption key used by BitLocker.

In addition, BitLocker supports a Diffuser algorithm to help protect against ciphertext manipulation attacks, a class of attacks in which changes are made to the encrypted data in an attempt to discover patterns or weaknesses. By default, BitLocker uses AES encryption with 128-bit encryption keys and Diffuser. You can also select encryption without Diffuser by using Group Policy if your organization is Federal Information Processing Standard (FIPS) compliant.

It is recommended that most organizations use AES 128-bit with Diffuser. For organizations that are required to use 256-bit encryption, the AES 256-bit with Diffuser option can be enabled by using Group Policy. => howto

http://lukenotricks.blogspot.be/2010/04/aes-128-versus-aes-256-encryption.html

http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149

https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

http://www.bolehvpn.net/blog/2013/10/what-data-encryption-algorithm-should-we-use/

http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles/DDJ/2007/0710/070901me01/070901me01.html

http://technet.microsoft.com/en-us/library/ee706531%28v=ws.10%29.aspx

 

Sidenote on recovery key

Keep that key somewhere quickly accessible. Especially with windows 8…
On your phone, a hardcopy in your wallet, a tattoo on your arm…

When Windows 8 detects something has gone wrong booting itself, it will try to recovery.
But it can’t recover without the partition unlocked. So you’ll need to enter the key.
When you cannot unlock it, and reboot again, it’s just going to try to recover again.
And you’re looping forever…

Damn windows 8!