Windows 8 and Linux multi-boot

To add Linux to the Windows boot loader you need to copy the Linux boot sector into a file on the active partition of the system (using dd). Then execute the following commands within Windowsw to add a boot entry.

bcdedit /create /d Linux /application BOOTSECTOR
bcdedit /set {ID}  path \linux.bin
bcdedit /displayorder {ID} /addlast

Disclaimer: I have only used this set of commands when the Linux partition(s) is on the same drive as the Windows partition(s). I have not tested it with Linux installed on a separate drive.

Windows Software

Desktop software

Investigation tools

Browsers & Web Utilities

Development tools

Text utilities

  • Notepad++
  • Emacs
  • Vim

Security Tools

Misc tools

Other info

Repository locations

Windows security resources

Microsoft Security Blog http://blogs.technet.com/b/security/

Security Research & Defense Blog http://blogs.technet.com/b/srd/archive/2013/05.aspx

Microsoft File Checksum Integrity Verifier http://support.microsoft.com/default.aspx?scid=kb;en-us;841290

Microsoft Security Survival Guide

Security Tools Blog Series

IIS Security

Below is a PowerShell fragment to script out the creation of IP address filter settings. Note, the scope of the get and add is slightly different to meet my own requirements:

$formatString = 'add-webconfiguration /system.webServer/security/ipSecurity -location "IIS:\Sites" -value @{{ipAddress="{0}";subnetMask="{1}";allowed="{2}"}} -pspath IIS:\'
Get-WebConfiguration /system.webServer/security/ipSecurity -pspath "IIS:\Sites\Default Web Site" | % {$_.Collection} | % {($formatString -f $_.ipAddress,$_.subnetMask,$_.allowed)} | % {$_ -replace ';subnetMask="255.255.255.255"',""}

Pass the hash

Pass the hash whitepaper http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating%20Pass-the-Hash%20(PtH)%20Attacks%20and%20Other%20Credential%20Theft%20Techniques_English.pdf

Sans Pass-the-hash attacks: Tools and Mitigationhttp://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283

Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently) http://pentestmonkey.net/uncategorized/from-local-admin-to-domain-admin

Golden ticket https://mva.microsoft.com/en-us/training-courses/how-to-avoid-golden-ticket-attacks-12134

Credential protection

Credential Locker Overview

An Overview of KB2871997

KB2871997 and Wdigest – Part 2

Decrypting LSA Secrets

SysKey and the SAM

Other useful resources

NSRL

Settings for UAC control

Full disk check: chkdsk C: /f /x /r

Windows Integrity

Extracting the Boot Key/Sys key http://moyix.blogspot.co.uk/2008/02/syskey-and-sam.html