Friday, 25 November 2011

Reversing Code

The first webinar/lecture for the Reversing code series is up.

https://www2.gotomeeting.com/archive/597275986

Posted by Craig Wright at Friday, November 25, 2011 0 comments

Tuesday, 22 November 2011

Cyber (Crime / Espionage / Terror)


The webinar link for last night's lecture on "Cyber (Crime / Espionage / Terror)" is up and available.

https://www2.gotomeeting.com/register/532843426

Posted by Craig Wright at Tuesday, November 22, 2011 0 comments

Sunday, 20 November 2011

Windows Management Instrumentation Command-line (WMIC)

The WMIC is a Windows command line tool that will allow you to do many of the things we are used to doing at the shell in Unix. For instance, Windows does not have a “kill –9”command, but with WMIC you can do then same function using the following command:

  • wmic process where name='winrar.exe' delete
  • wmic process process [pid] delete

image

So, unlike Unix, we can kill a process using just the name of the executable as well as selecting the individual PID (Process ID). This is extremely useful in malware analysis.

For auditing, you can also gather a lot of information. For instance, lists of users on the system.

image

More importantly, you can list the service patches and hotfixes that are installed on the system.

  • wmic qfe

image

As you can see, this allows you to script a check of all the patches on a system and to even automate this over your domain.

WMIC is one of the commands you really need to know if you are administrating a Windows system. I will post more on this command soon as well as more in the series on IPSec and NAP this week.

Posted by Craig Wright at Sunday, November 20, 2011 0 comments

Subscribe to: Posts (Atom)