Smartcard

Logical Access Library http://liblogicalaccess.islog.com/wiki/doku.php/start

Windows Smartcard Authentication http://msdn.microsoft.com/en-us/library/windows/desktop/aa380142(v=vs.85).aspx

MSDN Magazine (2007) Customising login experience with credential provider http://msdn.microsoft.com/en-us/magazine/cc163489.aspx

NXP documents:

Windows 8 virtual smart card http://windowsitpro.com/windows-8/creating-virtual-smart-card-windows-8 Understand and evaluate virtual smart cards

tpmvscmgr.exe  create /name testvsc /pin prompt /puk prompt /adminkey random /generate

Security Monitoring

Here are some links related to security monitoring.

ELSA

Microsoft LogParser to send events to ELSA

"c:\Program Files (x86)\Log Parser 2.2\logparser.exe" -i:EVT -o:SYSLOG "select * INTO @1xx.xx.xx.xx from \\SyslogHost\Security"

Evtsys config file to include sysmon logs

XPath:Application:<Select Path="Application">*</Select>
XPath:Security:<Select Path="Security">*</Select>
XPath:System:<Select Path="System">*
XPath:Microsoft-Windows-Sysmon/Operational:<Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>

Accessing the ELSA api from PowerShell, and the git respostory
Selecting images and SHA hashes from Sysmon log

(New-ElsaResults -query "host=xx.xx.xx.xx eventid=1").results | % {$_ -Replace '^.*Image: (.+) CommandLine:.+SHA1=([a-f0-9]{40}) .*$','$2,$1'} | Sort-Object -Unique

Get the addresses of all DCs logging to ELSA for current domain or all domains in the forest

((Get-ADDomainController  -Filter *).HostName | Resolve-DnsName).IpAddress | % {(New-ElsaResults -query "host=$_" -limit 1).results} | % {$_.host}
((Get-ADForest | % {$_.Domains} | Get-ADDomain | % {(Get-ADDomainController -Filter * -Server $_.PDCEmulator)}).HostName | Resolve-DnsName).IpAddress | % {(New-ElsaResults -query "host=$_" -limit 1).results} | % {$_.host}

Useful resources

Pcaps for testing (security onion)

Open Source Security Tools
Critical Stack Intel Feeds Tao Security Blog

IDS Testing http://www.testmyids.com http://secanalysis.com/black-sunday-in-your-idsips-for-testing/

SQL Alias

SQL Alias is accessible through the registry. I first came across this through http://habaneroconsulting.com/en/insights/Automating-the-SharePoint-2013-installation-and-creating-a-farm-with-PowerShell.aspx#.UmUrb7hwbyE

Copied from the above blog:

#This is the name of your SQL Alias
$AliasName = "SPFarmAlias"
  
#This is the name of your SQL server (the actual name!)
# In this case we're using the current computer name as we are assuming SharePoint and SQL are on the same server
# Change this if this isn't the case in your environment!
$ServerName = $env:computername
  
#These are the two Registry locations for the SQL Alias locations
$x86 = "HKLM:\Software\Microsoft\MSSQLServer\Client\ConnectTo"
$x64 = "HKLM:\Software\Wow6432Node\Microsoft\MSSQLServer\Client\ConnectTo"
  
#We're going to see if the ConnectTo key already exists, and create it if it doesn't.
if ((test-path -path $x86) -ne $True)
{
    write-host "$x86 doesn't exist"
    New-Item $x86
}
if ((test-path -path $x64) -ne $True)
{
    write-host "$x64 doesn't exist"
    New-Item $x64
}
  
#Adding the extra "fluff" to tell the machine what type of alias it is
$TCPAlias = ("DBMSSOCN," + $ServerName)
  
#Creating our TCP/IP Aliases
New-ItemProperty -Path $x86 -Name $AliasName -PropertyType String -Value $TCPAlias
New-ItemProperty -Path $x64 -Name $AliasName -PropertyType String -Value $TCPAlias
 
# Open cliconfig to verify the aliases
Start-Process C:\Windows\System32\cliconfg.exe
Start-Process C:\Windows\SysWOW64\cliconfg.exe

Windows Phone

Universal Windows Apps

Windows development centre

API Reference

Building universal Windows apps

Threading http://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh465290.aspx

        public event PropertyChangedEventHandler PropertyChanged;
        private void NotifyPropertyChanged(String info)
        {
            if (PropertyChanged != null)
            {
                if (Windows.ApplicationModel.Core.CoreApplication.MainView.CoreWindow.Dispatcher.HasThreadAccess)
                {
                    PropertyChanged(this, new PropertyChangedEventArgs(info));
                }
                else
                {
                    Windows.ApplicationModel.Core.CoreApplication.MainView.CoreWindow.Dispatcher.RunAsync(Windows.UI.Core.CoreDispatcherPriority.Normal,()=>{NotifyPropertyChanged(info);});
                }
            }
        }

Universal analogue clock sample

Bluetooth

MSDN Bluetooth reference

Bluetooth api

Windows Store and Windows Phone App-to-App communication over Bluetooth

Windows 8.1: Play with Bluetooth Rfcomm

Tap and send

Samples

Networking

Datagram sockets

Other links

Windows Phone MVVM http://msdn.microsoft.com/en-us/library/windowsphone/develop/gg521153(v=vs.105).aspx

Getting started with MVVM in 10 minutes http://www.geekchamp.com/articles/windows-phone-mango-getting-started-with-mvvm-in-10-minutes

Reusable ICommand http://www.geekchamp.com/articles/building-a-reusable-icommand-implementation-for-windows-phone-mango-mvvm-apps

Windows Phone MVVM with local database http://msdn.microsoft.com/en-us/library/windowsphone/develop/hh286405(v=vs.105).aspx

A reorder list box http://blogs.msdn.com/b/jasongin/archive/2010/12/27/a-reorderlistbox-for-windows-phone-7.aspx

Twenty four weeks of Windows Phone Metro

Windows Phone dev resources

The system administrator has set policies to prevent this installation

Rebuilding systems frequently means I am constantly coming across the message: The system administrator has set policies to prevent this installation. For unmanaged MSI’s the registry key DisableMSI is required:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer 
DisableMSI REG_DWORD value 0 

If this is unsuccessful consider the Software Restriction Policies within Local Security Policies.

Daktronics RTD

Taken from http://timingguys.com/eve/forums/a/tpc/f/2976090511/m/4007070563:

Position Text message:

<syn> + HEADER + <soh> + CONTROL + <stx> + TEXT + <eot> + SUM + <etb>

Where:

<syn> ::= 0x16
<soh> ::= 0x01
<stx> ::= 0x02
<eot> ::= 0x04
<etb> ::= 0x17
HEADER ::= '20000000'
CONTROL ::= '004010NNNN' 
(NNNN is the decimal offset to place text)
TEXT ::= message to be sent to screen
SUM ::= sum of character values from header to (and including) <eot> mod 256 as hex string

Example to place the string 'hello' at offset 35:

'\x1620000000\x010040100035\x02hello\x048A\x17'

Venus will respond with an acknowledge - so if you are using a 422/485 link, just connect the 422 rcv instead of the 485, or else the ack may collide with your next message.

http://dakfiles.daktronics.com/

Manuals, Software and controller manuals

Description of serial RTD

Serialtools.tv FAQ

Security Onion configuration

snort configuration file /etc/nsm/SO2012-eth3/snort.conf

Managing over active signatures

Rules to ignore various packets

/etc/nsm/rules/local.rules

pass udp 8.8.8.8 53 -> 192.168.1.1 any (msg:"Ignore google dns"; sid:22222228;)
#pass tcp $HOME_NET any <> $WINDOWS_UPDATE 80 (msg:"Ignore Windows Update"; sid:
22222229;)
pass tcp $HOME_NET any <> any 80 (msg:"Ignore Windows Update"; content:"Host|3a|
 download.windowsupdate.com"; http_header; classtype: web-application-activity;
sid:22222230;)
pass tcp $HOME_NET any <> any 80 (msg:"Ignore DynDNS Updates"; content:"Host|3a|
 checkip.dyndns.com"; http_header; classtype: web-application-activity; sid:2222
2231;)

/etc/nsm/pulledpork/disablesid.conf

1:2013914 # User Agent to Backtrack Repository
1:2014726 # Outdated Windows Flash Version ID
1:15169 # XBOX Live Kerberos authentication request
1:16739 # FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap over

119:19 # http_inspect: LONG HEADER
123:8 # frag3: Fragmentation overlap
128:4 # ssh: Protocol mismatch
129:4 # stream5: TCP Timestamp is outside of PAWS window
129:5 # stream5: Bad segment, overlap adjusted size less than/equal 0
129:7 # stream5: Limit on number of overlapping TCP packets reached
129:12 # stream5: TCP Small Segment Threshold Exceeded
129:15 # stream5: Reset outside window
138:5 # sensitive_data: sensitive data - eMail addresses

Update Rules: /usr/bin/rule-update

Fine tuning snort rules: http://www.doctorchaos.com/fine-tuning-snort-rules-in-security-onion/

ELSA Parsers

http://blog.infosecmatters.net/2013/01/creating-vyatta-parser-for-elsa.html

Merging parsers

Integrating business data with ELSA

Apache failing

Elsa