Logical Access Library

Windows Smartcard Authentication

MSDN Magazine (2007) Customising login experience with credential provider

NXP documents:

Windows 8 virtual smart card Understand and evaluate virtual smart cards

tpmvscmgr.exe  create /name testvsc /pin prompt /puk prompt /adminkey random /generate

Security Monitoring

Here are some links related to security monitoring.


Microsoft LogParser to send events to ELSA

"c:\Program Files (x86)\Log Parser 2.2\logparser.exe" -i:EVT -o:SYSLOG "select * INTO @1xx.xx.xx.xx from \\SyslogHost\Security"

Evtsys config file to include sysmon logs

XPath:Application:<Select Path="Application">*</Select>
XPath:Security:<Select Path="Security">*</Select>
XPath:System:<Select Path="System">*
XPath:Microsoft-Windows-Sysmon/Operational:<Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>

Accessing the ELSA api from PowerShell, and the git respostory
Selecting images and SHA hashes from Sysmon log

(New-ElsaResults -query "host=xx.xx.xx.xx eventid=1").results | % {$_ -Replace '^.*Image: (.+) CommandLine:.+SHA1=([a-f0-9]{40}) .*$','$2,$1'} | Sort-Object -Unique

Get the addresses of all DCs logging to ELSA for current domain or all domains in the forest

((Get-ADDomainController  -Filter *).HostName | Resolve-DnsName).IpAddress | % {(New-ElsaResults -query "host=$_" -limit 1).results} | % {$}
((Get-ADForest | % {$_.Domains} | Get-ADDomain | % {(Get-ADDomainController -Filter * -Server $_.PDCEmulator)}).HostName | Resolve-DnsName).IpAddress | % {(New-ElsaResults -query "host=$_" -limit 1).results} | % {$}

Useful resources

Pcaps for testing (security onion)

Open Source Security Tools
Critical Stack Intel Feeds Tao Security Blog

IDS Testing

SQL Alias

SQL Alias is accessible through the registry. I first came across this through

Copied from the above blog:

#This is the name of your SQL Alias
$AliasName = "SPFarmAlias"
#This is the name of your SQL server (the actual name!)
# In this case we're using the current computer name as we are assuming SharePoint and SQL are on the same server
# Change this if this isn't the case in your environment!
$ServerName = $env:computername
#These are the two Registry locations for the SQL Alias locations
$x86 = "HKLM:\Software\Microsoft\MSSQLServer\Client\ConnectTo"
$x64 = "HKLM:\Software\Wow6432Node\Microsoft\MSSQLServer\Client\ConnectTo"
#We're going to see if the ConnectTo key already exists, and create it if it doesn't.
if ((test-path -path $x86) -ne $True)
    write-host "$x86 doesn't exist"
    New-Item $x86
if ((test-path -path $x64) -ne $True)
    write-host "$x64 doesn't exist"
    New-Item $x64
#Adding the extra "fluff" to tell the machine what type of alias it is
$TCPAlias = ("DBMSSOCN," + $ServerName)
#Creating our TCP/IP Aliases
New-ItemProperty -Path $x86 -Name $AliasName -PropertyType String -Value $TCPAlias
New-ItemProperty -Path $x64 -Name $AliasName -PropertyType String -Value $TCPAlias
# Open cliconfig to verify the aliases
Start-Process C:\Windows\System32\cliconfg.exe
Start-Process C:\Windows\SysWOW64\cliconfg.exe

Windows Phone

Universal Windows Apps

Windows development centre

API Reference

Building universal Windows apps


        public event PropertyChangedEventHandler PropertyChanged;
        private void NotifyPropertyChanged(String info)
            if (PropertyChanged != null)
                if (Windows.ApplicationModel.Core.CoreApplication.MainView.CoreWindow.Dispatcher.HasThreadAccess)
                    PropertyChanged(this, new PropertyChangedEventArgs(info));

Universal analogue clock sample


MSDN Bluetooth reference

Bluetooth api

Windows Store and Windows Phone App-to-App communication over Bluetooth

Windows 8.1: Play with Bluetooth Rfcomm

Tap and send



Datagram sockets

Other links

Windows Phone MVVM

Getting started with MVVM in 10 minutes

Reusable ICommand

Windows Phone MVVM with local database

A reorder list box

Twenty four weeks of Windows Phone Metro

Windows Phone dev resources

The system administrator has set policies to prevent this installation

Rebuilding systems frequently means I am constantly coming across the message: The system administrator has set policies to prevent this installation. For unmanaged MSI’s the registry key DisableMSI is required:

DisableMSI REG_DWORD value 0 

If this is unsuccessful consider the Software Restriction Policies within Local Security Policies.

Daktronics RTD

Taken from

Position Text message:

<syn> + HEADER + <soh> + CONTROL + <stx> + TEXT + <eot> + SUM + <etb>


<syn> ::= 0x16
<soh> ::= 0x01
<stx> ::= 0x02
<eot> ::= 0x04
<etb> ::= 0x17
HEADER ::= '20000000'
CONTROL ::= '004010NNNN' 
(NNNN is the decimal offset to place text)
TEXT ::= message to be sent to screen
SUM ::= sum of character values from header to (and including) <eot> mod 256 as hex string

Example to place the string 'hello' at offset 35:


Venus will respond with an acknowledge - so if you are using a 422/485 link, just connect the 422 rcv instead of the 485, or else the ack may collide with your next message.

Manuals, Software and controller manuals

Description of serial RTD FAQ

Security Onion configuration

snort configuration file /etc/nsm/SO2012-eth3/snort.conf

Managing over active signatures

Rules to ignore various packets


pass udp 53 -> any (msg:"Ignore google dns"; sid:22222228;)
#pass tcp $HOME_NET any <> $WINDOWS_UPDATE 80 (msg:"Ignore Windows Update"; sid:
pass tcp $HOME_NET any <> any 80 (msg:"Ignore Windows Update"; content:"Host|3a|"; http_header; classtype: web-application-activity;
pass tcp $HOME_NET any <> any 80 (msg:"Ignore DynDNS Updates"; content:"Host|3a|"; http_header; classtype: web-application-activity; sid:2222


1:2013914 # User Agent to Backtrack Repository
1:2014726 # Outdated Windows Flash Version ID
1:15169 # XBOX Live Kerberos authentication request
1:16739 # FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap over

119:19 # http_inspect: LONG HEADER
123:8 # frag3: Fragmentation overlap
128:4 # ssh: Protocol mismatch
129:4 # stream5: TCP Timestamp is outside of PAWS window
129:5 # stream5: Bad segment, overlap adjusted size less than/equal 0
129:7 # stream5: Limit on number of overlapping TCP packets reached
129:12 # stream5: TCP Small Segment Threshold Exceeded
129:15 # stream5: Reset outside window
138:5 # sensitive_data: sensitive data - eMail addresses

Update Rules: /usr/bin/rule-update

Fine tuning snort rules:

ELSA Parsers

Merging parsers

Integrating business data with ELSA

Apache failing