Antivirus – Microsoft Safety Scanner

I would like to mention Microsoft Safety Scanner.

It is a scan tool that permit to find and remove malware.

Usage is really simple, after downloading you simple need to run it to start scanning threat search.

It can be launched only on demand and is available only for 10 days after being downloaded.

BE AWARE to download allways the latest web version

REMARK: For real-time protection with automatic updates, use Windows Defender Antivirus on Windows 10 and Windows 8 or Microsoft Security Essentials on Windows 7. These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on removing difficult threats.

About troubleshooting related to Microsoft Safety Scanner you can review this article too:

https://support.microsoft.com/en-us/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner

Veeam - Direct SAN Access

I would like to mention this Veeam Article that was useful in the past to configure Direct SAN Access feature to enhance Backup Veeam Speed and workload.

Direct SAN Access

The Direct SAN access transport mode is recommended for VMs whose disks are located on shared VMFS SAN LUNs that are connected to ESX(i) hosts over FC, FCoE, iSCSI, and on shared SAS storage.

In the Direct SAN access transport mode, Veeam Backup & Replication leverages VMware VADP to transport VM data directly from and to FC and iSCSI storage over the SAN. VM data travels over the SAN, bypassing ESX(i) hosts and the LAN. The Direct SAN access transport method provides the fastest data transfer speed and produces no load on the production network.

The Direct SAN access transport mode can be used for all operations where the backup proxy is engaged:

Backup
Replication
VM copy
Quick migration
Full VM restore
VM disk restore
Replica failback

Azure - How to install Azure Powershell modules on Windows/Linux/macOS

I would like to mention this Microsoft article that easily explain how to install Azure Powershell module on Windows/Linux/MacOS.

Here it is step by step Microsoft article

Install and configure Azure PowerShell

If you want to take confidence with Azure powershell here it is an introduction web guide:

Getting started with Azure PowerShell

With Azure powershell you can easily create Lan Settings, virtual Machines and relative resources, define users, Firewall rules....

Be aware that Azure powershell could be used on web browser too (Cloud Shell)




Windows 10 - SMBv1 disabled by default on Windows 10 Fall Creators Update

About SMBv1 is no longer installed and, if after 15 days is no longer used, it is uninstalled automatically. This is due security problems (that raised at first with Wannacry), you can review these old blog articles as well:

Hacker - MS17-010 patch KB4012598 against Wannacry Ramsoware

Antivirus - WannaCry Free Decryptor tool

Official Microsoft article is:

SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709

Be aware that shared folder using SMBv1 would no longer accessible from computer using Windows 10 1079.

You can re-enable SMBv1 as temporary solution before upgrading shared folder to a newer SMB protocol version.

Related articles:

https://www.devadmin.it/2017/12/11/windows-10-1709-e-smbv1/


Tool - DNS Query Sniffer di Nirsoft

Today I would like to mention this NirSoft Tool (DNS Query Sniffer) that shows DNS queries sent from your PC/Server.

For each query several information are available (Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records).

It is possible to export DNS queries in csv format.

These information are useful for troubleshooting purpose too.

REMARK: On some systems, capturing packets with the 'Raw Sockets' method may not work properly, and thus you'll need to install the WinPcap capture driver or the Network Monitor driver
Even if the 'Raw Sockets' method works properly on your system, it's recommended to install the WinPcap capture driver or Microsoft Network Monitor driver (version 3.4 or later) in order to get more accurate date/time information ('Request Time', 'Response Time', and 'Duration' columns).



DNS - new record CAA CAA (Certificate Authority Authorization)

Today I would like to mention taht since January 2013 (RFC 6844) it was defined a new DNS entry.

This entry it permit to define a Certification Authorities (CAs) authorized to grant certificates for specific domain.

This DNS entry it permit to avoid to have released certificates from not approved CA.

You can use this web link to test if a specific domain has already configured a specific CAA Record:

https://caatest.co.uk/

From 8th September 2017 it has been decided (ballot 187) that CAA checks are mandatory during CA certification releasing process.

[original article: https://www.devadmin.it/2017/11/27/dns-caa-resource-record/]

Freeware - ControlMyMonitor v1.05 Monitor change setting tool

I would like to mention this Nirsoft Software that permit to change, at lower level, several monitor settings. 

http://www.nirsoft.net/utils/control_my_monitor.html


Cloud - Azure Exam 70-533 and 30 days trial link

Considering that companies are moving slightly to hybrid cloud I would like to mention this Microsoft that permit to gain following certification:

https://www.microsoft.com/en-us/learning/exam-70-533.aspx

At precedent link several resources link and exam information are available.

About precedent exam it would be useful evaluate Azure 30 Days trial period account creation.

https://azure.microsoft.com/en-us/offers/ms-azr-0044p/

We offer eligible customers $200 in Azure credits (“Credits”) to be used within the first 30 days of sign-up and 12 months of select free services (services subject to change)

Here they are some old blog articles related to cloud:

Microsoft - Azure and Veeam Connect

HyperV 2012 - Free Download Ebook

[update 2018.06.17]

Here it is link to have a new free trial 30 days account on Azure:

https://azure.microsoft.com/en-us/free/?CR_CC=200246113&WT.mc_id=A062BFFBA

Video Audio - Online free converter

I would like to mention this website that permit online convertion about these Audiovideo formats:

https://www.apowersoft.it/convertitore-video-gratuito

MP4, MOV, AVI, WMV, MKV, SWF, ASF, FLV, VOB, RM, 3GP, WEBM, MPG, DV, M4A, M4R, MP3, WAV, FLAC, WMA, AC3, AAC, OGG e RA

4K, 3D, HD, AVCHD, HEVC


Program - Brute Force Wordpress Plugin

About Wordpress I would like to mention this Wordpress plugin that work with .htaccess file.

Brute Force Login Protection  can be found/downloaded here:

https://wordpress.org/plugins/brute-force-login-protection/

Here they are major features:


  1. Limit the number of allowed login attempts using normal login form/Auth Cookies
  2. Manually block/unblock/(whitelist trusted)  IP addresses
  3. Delay execution after a failed login attempt (to slow down brute force attack)
  4. Option to inform user about remaining attempts on login page
  5. Option to email administrator when an IP has been blocked
  6. Custom message to show to blocked users

about plugin installation it is decisevely straight:


1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
2. Activate the plugin through the WordPress admin panel.
3. Customize the settings on the settings page.

Hacker - WPA2 password crack

We are all aware about security weakness that Wi-Fi it has, that does not dipend from protocol used.

Infact Wifi it has allways some risks that could never become equal to 0.

Vulnerability found it is related to Wi-fi Protected Access 2 (WPA2). It does not permit to acquire WPA2 password but man in the middle


The idea it is that each person that is near to Wi-Fi could implement  Key Reinstallation AttaCK (KRACK) and read trassferred data between PCs and router/access point (man in the middle attack with password, email, sensitive date reading...).

this kind of attack is really efficace against Android/Linux that use wpa_supplican during wi-fi connection process  (but it could be applied to all O.S./devices as well)

You can take a look to this article that better explain an example on how to get this result.


These results could be reached using these tools:

Kali Linux, la suite per gli attacchi WiFi Aircrack-ng, il software per eliminare la protezione HTTPS denominato SSLstrip e WireShark.

Summarizing attack procedure steps:

  1. Using vulnerability it create a Wifi fake with same SSID but on different channel.
  2. It switch remote device to connect to new fake Wifi and decript all traffick that became in clear mode.
To solve issue you should:

1. Upgrade Router/access point firmware 
2. pcs/mobile devices o.s. (more urgently)

It is available this Python Script to understand if your devices is vulnerable: