Disabling sharing of administrative task

By default all Microsoft Windows NT based operating systems possess hidden administrative shares options, allowing the administrator of a machine to access the machine via the network.

Here is a list of the default administrative shares, accessible only to administrator:

* C $: To access to a partition or root directory. Other partitions are also accessible via their letter, followed by the character "$";
* ADMIN $: To access to% systemroot%, to manage a machine on the network.
* IPC $: Allowing the communication network between processes.
* PRINT $: Remote access to printers.

To view and manage the administrative shares of the computer, simply go to Control Panel / Administrative Tools / Computer Management / Shared Folders / Shares. Another alternative is to right-click on the My Computer icon on desktop and select Manage.

For some security constraints, it may be necessary to remove access to administrative shares C $ and ADMIN $.
To do this, open regedit in "run" box.
Go to:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Create a new DWORD value named AutoShareWks and set it to 0.

Activation and deactivation of the administrative shares are done by modifying this value.
Modifications made will still be persistent even after restarting your PC.
Administrative shares can be temporarily disabled without touching the registry by typing in an MS-DOS window:

net share c $ / delete   
net share admin $ / delete   
net share IPC $ / delete 

In this case, the shares will be reactivated at the next reboot.

Power off USB hard disk by safely remove option.

By default in Windows 7 and Vista all usb devices remain in state of power on even after Safely Removed USB Device at the right bottom on task bar due to this When power is active state, the hdd plates are keep moving even after safely remove. so, if person unplugged his hdd from usb port then bad sector can occur due to power isstill on. This is not happen in windows XP.
To power down/off the usb device by Safely Removed option. see the registry entry in the following link or watch the above video.

http://support.microsoft.com/kb/2401954

Very Good tutorial for HTTPS

Nirsoft Launcher all in one

This is very nice tool. You will find lots of pretty tools in one launcher. This tool have following utilities

• Asterisk Logger Reveals the passwords stored behind the asterisks ('***') boxes 
• BlueScreenView Show information about blue screen crashes occurred in your system. 
• ChromeCacheView Chrome Browser Cache Viewer, here you will find youtube videos.
• CurrPorts   Displays the list of all currently opened TCP/UDP ports on your computer. 
• DriverView Displays the list of all device drivers currently loaded on your system. 
• MozillaCacheView List all files currently stored in the cache of Firefox/Mozilla browser.
• MyLastSearch View your latest searches with Google, Yahoo, and MSN 
• NetworkTrafficView Displays network traffic statistics on your network adapter
• SkypeLogView View log files created by Skype 
• VideoCacheView Extract Web site video files from the cache. Example:- youtube, metcafe etc.
• Much more see here

  Download

Hide secret messages into audio files.

If you have created a password text file and wants to safe it from other viewers. Then you can hide your text file in your favourite song.

Download

Reset Windows 7 password without third party tool.

Its nice trick to reset windows password. If you do not have any third party tool. On follwing OS you can apply this method
Windows 7
Windows Server 8
Windows Vista

You need Windows Installation Disc for this. Insert your Windows Installation disk into DVD Drive/CD rom. Change the Boot settings from BIOS.  1st boot device should be DVD or CD drive.

1. Choose "repair your computer" option.

2. Command prompt option from bottom.

 3. By deafult , you will see X:\Sources>   this is your DVD drive.
Try to search Windows folder that will be  original C drive. See the image
go to C:\Windows\System32 and type following commands
ren utilman.exe utilman.exe.bak
ren cmd.exe utilman.exe
restart pc.
See the commands here in image

After this restart you pc. then go to login prompt. Then click on "Ease of Access" Button below at left side. or press windows key + U key together. command prompt will open then type the following command to set the password
net user administrator *  or net user administrator newpassword
to see the all users on computer then type only net user.

Finished.

Reset Linux root Password

All we need is a LiveCD Linux system

In some linux systems the username/password database is located at "/etc/passwd"
If you have any other linux system just search on google where the username/password file is located.

I am here telling Backtrack 5
Password is located at "/etc/shadow" but its encrypted. To make the change we need to mount first the partition where our linux system is located. go to that location /etc/shadow
edit it via nano editor

nano /etc/shadow then you will see something like this root:xxxxxxxxx:15098:0:99999:7:::

here above instead of xxxxxxxxxxx you will see other symbols when you will open that file in your pc. Just remove all the xxxxxxxxxxxx(symbols) next to root
example :-
Before : -  root:xxxxxxxxx:15098:0:99999:7:::
After :-    root::15098:0:99999:7:::
Save the file and reboot the system and you will find blank password of root.

Windows Security Log Events

Windows Security Log Events in event viewer

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

Windows 7 Boot Process and Configuration

Thwart virtual machine detection

How to thwart virtual machine detection:

For starters, do not install tools provided by the virtual machine in your guest OS. For example, VMware provides a set of tools called VMware Tools that enhances the overall user experience with the guest OS. The drawback is that installing VMware Tools in a Windows guest OS will leave many clues easily detectable by a piece malware that it is being run in a virtual machine.

The next step is to edit your VMware .vmx file. When you create a new virtual image with VMware, settings about it are stored in a configuration file with the .vmx extension. The file contains information about networking, disk size, devices attached to the virtual machine, etc...and is usually located in the directory where you created your virtual image. With your guest OS stopped, edit the .vmx file and append the following:

isolation.tools.getVersion.disable = "TRUE"
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"

Now start your virtual machine. This will allow you to run (with very little effort) more vmware-aware malware than before.

I'll point out that:

1. monitor_control.disable_directexec = "TRUE" will usually thwart descriptor table registers checks. This setting will make VMware interpret each assembly instruction instead of executing them directly on the processor. Therefore a the result of a sidt instruction will not be an address in the 0xffXXXXXX range as one would get without this setting.
2. isolation.tools.getVersion.disable = "TRUE" will thwart the backdoor I/O check.