The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,177 other subscribers

Archive for the ‘Windows 9’ Category

I had some Windows ATOM issues before, but this beats them easily

Posted by jpluimers on 2022/10/19

I’ve had some issues with Windows ATOM tables filling up, but nothing like this security bypass:

A new Windows code injection technique, atombombing, which bypasses current security solutions.

Source: AtomBombing: Brand New Code Injection for Windows – Breaking Malware [WayBack] with source code at BreakingMalwareResearch/atom-bombing: Brand New Code Injection for Windows

Note that since writing the first draft, the above AtomBombing article moved via Wayback: blog.ensilo.com to [Wayback/Archive.is] AtomBombing – A Brand New Code Injection Technique for Windows | FortiGuard Labs.

Read the rest of this entry »

Posted in Development, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Development, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »

Digging Through Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum

Posted by jpluimers on 2021/08/31

This helped me big time finding failed logon attempts: [WayBack] Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum

Alternatively, you can use the XPath query mechanism included in the Windows 7 event viewer. In the event viewer, select “Filter Current Log…”, choose the XML tab, tick “Edit query manually”, then copy the following to the textbox:

Code:
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[EventID=4624] and EventData[Data[@Name='TargetUserName'] = 'USERNAME']]</Select>
  </Query>
</QueryList>

This selects all events from the Security log with EventID 4624 where the EventData contains a Data node with a Name value of TargetUserName that is equal to USERNAME. Remember to replace USERNAME with the name of the user you’re looking for.

If you need to be even more specific, you can use additional XPath querying – have a look at the detail view of an event and select the XML view to see the data that you are querying into.

Thanks user Hamstro!

Notes:

Related:

–jeroen

Posted in Development, Microsoft Surface on Windows 7, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Vista, Windows XP, XML/XSD | Leave a Comment »

How to turn on automatic logon in Windows

Posted by jpluimers on 2021/08/09

[WayBack] How to turn on automatic logon in Windows

Describes how to turn on the automatic logon feature in Windows by editing the registry.

Most archivals of the above post fail with a 404-error after briefly flashing the content, but this particular one usually succeeds displaying.

It is slightly different from the one referenced in my blog post automatic logon in Windows 2003, and because of the archival issues, I have quoted most of it below.

A few observations, at least in Windows 10 and 8.1:

  • Major Windows 10 upgrades will disable the autologon: after each major upgrade, you have to re-apply the registry patches.
  • If the user has a blank password, you can remove the DefaultPassword value.
    • Empty passwords allow local logon (no network logon or remote desktop logon), no network access and no RunAs, which can actually help improve security. More on that in a later blog post
  • For a local machine logon, you do not need the DefaultDomainName value either (despite many posts insisting you need them), but you can technically set it to the computer name using reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d %ComputerName% /f
  • If another user logs on and off, the values keep preserved, so after a reboot, the correct user automatically logs on
  • you need a full reboot cycle for this to take effect
  • The AutoLogon tool does not allow blank passwords

I wrote a batch file enable-autologon-for-user-parameter.bat that makes it easier:

if [%1] == [] goto :help

:enable
  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
:setUserName
  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d %1 /f
:removePasswordIfItExists
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f
if [%2] == [] goto :eof
:setPassword
  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d %2 /f  
  goto :eof

:help
  echo Syntax:
  echo   %0 username password

The article quote:

Read the rest of this entry »

Posted in Batch-Files, Development, Microsoft Surface on Windows 7, Power User, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »

How to install Telnet with only one command

Posted by jpluimers on 2020/12/01

Source: [WayBackHow to install Telnet with only one command:

dism /online /Enable-Feature /FeatureName:TelnetClient

–jeroen

Posted in Microsoft Surface on Windows 7, Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista | Leave a Comment »

Windows 7 Blue Screen Of Death with error 0x7B – twm’s blog

Posted by jpluimers on 2020/09/28

[WayBack] Windows 7 Blue Screen Of Death with error 0x7B – twm’s blog:

To allow Windows 7 to boot in IDE as well as AHCI mode, I had to enable the following drivers (by setting “Start” to “0” in the registry, there might be other options to do this):

HKLM\System\CurrentControlSet\services\intelide
HKLM\System\CurrentControlSet\services\pciide
HKLM\System\CurrentControlSet\services\msahci
HKLM\System\CurrentControlSet\services\iastorV

The first two allow Windows 7 to boot from SATA in IDE mode. The second two allow Windows 7 to boot from SATA in AHCI mode.

–jeroen

Posted in Development, Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9 | Leave a Comment »

 
%d bloggers like this: