Archive for the ‘Windows’ Category
Posted by jpluimers on 2025/03/07
I needed this for some Windows ARM VMs on VMware Fusion for running on my M1 MacBook Pro: [Wayback/Archive] oobe\bypassnro removed from Windows 11 24H2 dead/hidden ? – YouTube
In the end this combination works:
- before booting, remove the network adapter (physically, or virtually from VMware Fusion or from Parallels)
- after boot, as soon as the Shift-F10 combination works, run
oobe\bypassnro (or add the registry entry, see below)
After this, Windows detected no network, and offered an install with a local username/password indicating the choice “I don’t have internet”.
If that ever fails in the future, I can use this trick from the comments:
Read the rest of this entry »
Posted in Apple, Apple Silicon, ARM Mac, M1 Mac, Mac, MacBook, Power User, Windows, Windows 11 | Tagged: 2502 | Leave a Comment »
Posted by jpluimers on 2025/02/21
Interesting: [Wayback/Archive] ufrisk/MemProcFS: The Memory Process File System
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application library to include in your own projects!
Analyze memory dump files, live memory via DumpIt or WinPMEM, live memory in read-write mode from virtual machines or from [Wayback/Archive] PCILeech [Wayback/Archive] FPGA hardware devices!
It’s even possible to connect to a remote LeechAgent memory acquisition agent over a secured connection – allowing for remote live memory incident response – even over higher latency low band-width connections! Peek into Virtual Machines with [Wayback/Archive] LiveCloudKd or [Wayback/Archive] VMWare!
Use your favorite tools to analyze memory – use your favorite hex editors, your python and powershell scripts, WinDbg or your favorite disassemblers and debuggers – all will work trivally with MemProcFS by just reading and writing files!
On Windows, there is even the cool tool [Wayback/Archive] evild3ad/MemProcFS-Analyzer: MemProcFS-Analyzer – Automated Forensic Analysis of Windows Memory Dumps for DFIR:
Read the rest of this entry »
Posted in *nix, *nix-tools, Power User, Windows | Tagged: DFIR, memoryforensics, memprocfs | Leave a Comment »
Posted by jpluimers on 2025/02/18
I unconsciously wanted a tool like this for a long time, and was glad I finally searched for it:
A keyboard logging and presentation utility for presentations, screencasts, and to help you become a better keyboard user.
[Wayback/Archive] Code52/carnac: A utility to give some insight into how you use your keyboard
The first time I saw something similar was in the Delphi days where it was part of a plugin for CodeRush in Delphi (think Delphi 5-6 era), the famous developer productivity tool by Mark Miller that later got rewritten for Visual Studio and became part of DevExpress.
So I searched for [Wayback/Archive] windows show keystrokes – Google Search which found [Wayback/Archive] How to show keystrokes on Windows 10 which in turn mentioned a fork of Carnac.
As it turns out Read the rest of this entry »
Posted in .NET, Delphi, Development, Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Power User, Software Development, Windows, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/02/14
Running Kubernetes containers on Windows means taking into account a different can of worms than running them on Linux.
For example [Wayback/Archive] Fun with Windows Containers – Popping Calc explains about the various isolation levels and privileges (through runAsUserName) and this helpful advice:
Read the rest of this entry »
Posted in *nix, *nix-tools, Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Windows | Leave a Comment »
Posted by jpluimers on 2025/01/17
Having had to use Mimikatz a few times in the past, I was not aware of the history.
So I was glad to find this elaborate article [Wayback/Archive] Mimikatz and password dumps | Ivan’s IT learning blog and the video (embedded after the signature). [Wayback/Archive] How to fix mimikatz null password in Windows 10 | WORKING 2019!!! – YouTube
Besides the history, it also explains why sometimes you only get hashes and other times you do get plain text passwords.
Recommended reading.
--jeroen
Read the rest of this entry »
Posted in Power User, Red team, Security, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 | Leave a Comment »
Posted by jpluimers on 2025/01/13
[Wayback/Archive] Thread by @0gtweet on Thread Reader App – Thread Reader App
A very friendly reminder, especially for non-corporate PCs protected with BitLocker: if you are not sure if you have your Recovery Password handy, you can display it any moment with “manage-bde -protectors -get c:”
Store the password in your password manager and make its backup!
Note: manage-bde.exe -protectors -get c: needs admin rights!
--jeroen
Posted in Microsoft Surface on Windows 7, Power User, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022 | Leave a Comment »
Posted by jpluimers on 2025/01/08
Directly after a new Windows installation, I want to have my cloned git repository of batch files in the PATH persistently so that it gets searched after rebooting or opening a new console window.
At that moment, there is not much of a 1024 PATH character limitation, but be aware about that limit if you try this yourself.
This is my add-current-directory-to-path-at-end.persistent-and-limit-to-1024-characters.bat:
:: https://serverfault.com/questions/664180/can-i-permanently-add-to-path-in-windows-using-batch
:: https://superuser.com/questions/812754/how-to-recover-from-path-being-truncated-to-1024-characters-by-setx
:: global environment
setx PATH "%PATH%;%CD%"
:: local process
:: https://superuser.com/questions/975605/add-current-directory-to-path
set PATH=%PATH%;%CD%
I execute it from within the cloned git directory.
Oh: you need to double-quote the SETX parameters, otherwise you get an error message: “ERROR: Invalid syntax. Default option is not allowed more than '2' time(s).“.
More links than the above ones from the batch file, especially on the 1024 character limitation:
Read the rest of this entry »
Posted in Batch-Files, Development, Power User, Scripting, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2025/01/08
(All below statements were run elevated as Administrator)
I had arp -d fail with any parameter combination on one of my systems always throwing the error The ARP entry deletion failed: The parameter is incorrect..
Luckily I found out that this did clear the ARP cache correctly:
netsh interface ip delete arpcache
I found that via [Wayback/Archive] “The ARP entry deletion failed: The parameter is incorrect.” – Recherche Google:
Read the rest of this entry »
Posted in Batch-Files, Development, Power User, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/01/07
Since every now and then, like testing software developed with older tools, you need to run older software.
This always works: [Wayback /Archive] Deploy .NET Framework 3.5 by using Deployment Image Servicing and Management (DISM) | Microsoft Learn
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All
Use /All to enable all parent features of the specified feature.
(The /All is needed because software requiring .NET Framework 3.5 also require the parent features).
Notes:
- Tested on Windows 10 and Windows 11 in 2022.
- It can take a really long time (more than just a few minutes!) even on fast connections.
- Installing through Chocolatey with `choco install
dotnet3.5 fails on Windows 11 (have not tried on Windows 10) with the classical red on black PowerShell default error theme*:
ERROR: The term 'wmic' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
The install of DotNet3.5 was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\DotNet3.5\Tools\ChocolateyInstall.ps1'.
Read the rest of this entry »
Posted in .NET, .NET 3.0, .NET 3.5, C#, Chocolatey, Development, Power User, PowerShell, Software Development, Windows, Windows 10, Windows 11 | Leave a Comment »
The Wiert Corner - irregular stream of stuff 