Grey Panthers Savannah

Category: windows

  • And you thought the JRE was big

    I was updating a VM with WinXP today and it downloaded the “Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)”, which weight in at a whopping 238MB! An update! WTF? As a comparison: the Java 6 JRE is around 15MB.

  • Improvement to Software Restriction Policies in Windows 7

    While listening to the episode of RunAs Radio about Windows 7 I’ve heard about AppLocker, a beefed up version of Software Restriction Policies. It is an interesting improvement, but I expect that it will still be enforced from User Mode, making it not as secure as it could be. Also, given the recent mishaps with…

  • Possible PE file trick

    I was reading this: pefile and LOAD_CONFIG and took a look at the structure: IMAGE_LOAD_CONFIG_DIRECTORY Structure. Some things which I found interesting: GlobalFlagsClear – The global flags that control system behavior. For more information, see Gflags.exe. GlobalFlagsSet – The global flags that control system behavior. For more information, see Gflags.exe. LockPrefixTable – The VA of…

  • Disabling accessibility features on the Welcome Screen for Windows XP

    As I said before, one of the first thing I do when I install WinXP is to disable the accessibility features. However this is a per user setting and I would like to disable it on the welcome screen also. This is especially useful for the default setup I do: an administrative user and a…

  • Loading the Meterpreter in a DLL

    After ranting about Metasploit I played around a little bit and tried out a little and here a part of what I found: Some times it may be useful to load the Meterpreter (or any payload in fact) as a DLL. Two scenarios I can think of: Software Restriction Policies (and many other whitelisting products)…

  • How permissive is the Windows autorun.inf parsing?

    While reading the F-Secure blogpost titled When is AUTORUN.INF really an AUTORUN.INF?, I was reminded of this masking technique – putting extra data between the relevant lines. But how tolerant is the autorun.inf parser (which I suppose in fact is the INI file parser) really? The example showed by F-Secure is quite mild, in the…

  • A few tips for pshtoolkit

    pshtoolkit is short for Pass The Hash Toolkit, and is a program (or rather a small collection of programs) written and released as OSS by CORE. Its basic use is to authenticate to Windows systems by passing the hash of the password – hence the name – rather than the password. Here are a couple…

  • An interesting Windows feature

    This one has been around for ever (possibly since Windows ’95), but it just so happens that I stumbled over it recently: You can use the “desktop.ini” file to (amongst other things) change the name displayed for the given folder by Explorer (and other file-navigators which are based on Explorer – like Windows Total Commander…

  • Short tip

    PsExec doesn’t seem to work with “Simple File Sharing” under Windows XP, so you might want to try to turn it off if it fails on you.

  • (Re-)dial your connection automatically with Windows (XP)

    Currently I’m on a quest of finding configuration options to make computers easier to use. One of my recent problems was how to make sure that internet connections “just work”, especially in a dial-up kind of situation (where there are usernames and passwords involved). Here is the method that I developed for Windows XP (probably…