Microsoft published a nice tool named EMET (Enhanced Mitigation Experience Toolkit) whose purpose is to check and enforce the memory security policies such as ALSR and DEP. It shows and allows to configure the global settings, but also, and this is the most interesting part, indicated for each process running if it supports those security [...]
ARPFreeze is a nice GUI for Windows that allows to configure static ARP entries very easily, and makes these changes persistent after reboot. Thus does it protect the client machine against ARP flooding. It works for both Windows Vista and prior versions (support of arp -s and netsh).
Video of a dummy vulnerability on Windows 7 . More info there. It is incredible that Microsoft invests so much money in its security and that there are still such a bad security design for programs that in no way should be granted any administrator access (calc.exe or notepad.exe). Also, I can’t imagine that no [...]
I have just upgraded WMWare from version 6.04 to 6.5, and I have to say that it has very nice new features. The first surprising thing was the file I downloaded. It is now not anymore a tar.gz archive but a .bundle file. After downloading, as root, just make it executable or start it with [...]
DecaffeinatID is a tool for Windows that can be very useful against ARP attacks.
It seems, at least according to some researchers showed it at the Black Hat conference. Mark Dowd (IBM) and Alexander Sotirov (VMWare) found a way to bypass the memory protection implemented in Vista to inject malicious instructions within Internet Explorer. They were able to copy any content wherever they wished on the disk. Especially, this [...]
At my work, I had to overwrite a MSSQL database while in production. The goal was to replace the existing database by one with a new structure.
I tried first the easy way, right clicking on it and trying to take it off line using the menu of Microsoft.
Unfortunately, that didn’t do anything, complaining that several users were accessing it. Of course, trying to restore it directly gave the same message.
I couldn’t find a way to successfully force it through the interface.
I couldn’t have much free time this year, but I quickly stopped by the Solution Linux show of Paris, La Defense. It was the first time for me.
