tekio

Binrev Financier
  • Content count

    1,525
  • Joined

  • Last visited

  • Days Won

    80

Everything posted by tekio

  1. So... pre-fetch and Even Logs. Windows populates the prefetch and writes to Event Logs. You don't. Just thought I'd point that out.... Example: application generates a protection fault. Even is written to system logs with path to execatable by the Widows kernel. Example 2: Windows notices application is loading slow, so puts it in prefetch: I'd also check temp files as well. Some applications will write logs, etc... to temp folders.
  2. I think Windows actually might - Prefetch or Precache - or whatever it's called. I think it caches the location of commonly used applications. You'd need to google it. There is an application called PortReporter that will log socket connections and the executable location. Several apps similar to that. Are you sure Group Policies cannot do this? Also, if the program generates and event log, it will probably log the application path as well. What use would it be to if we didn't know what the error was coming from or where? If there is Group Policy against USB execution, I'm sure it would log the path of the executable into Even Logs. But - even logs and prefetch would be the two, off the top of my head... If it logs anything to Event Logs like errors, etc...
  3. Depends on the operating system. Windows (and I've not used these features since Server 2000), policies can be set up in AD group policies. They are pretty granular. I've seen system that only allow users to write to certain directories. I'd not be surprised of they accomplish this on an AD domain, now. I'd bet they probably do...... I know they have policies that stop USB execution and log failures as well as successes Consumer Windows, you need to make a custom application to do that (or find one that has already been made). You would probably want to fine-tune that. Instead of logging EVERYTHING that executes and tries to make a running process, you could check for a new socket, if the executable path does not match %HomeDrive%/, then log the executable and/or kill the process. That would involve some deep level coding, like a Windows host-based firewall, but is totally 100% do-able. The same could be done, probably harder to code and easier to deploy on Linux. You could not really do a script. I'd think it's need to be pretty low-level to catch every attempted starting process.
  4. I miss bouncing auto-responses back-and-fourth around the interwebz. Buhahahaha! Ok, it was immature and irresponsible... unless one happened to work at AOL with too much time on their hands....
  5. I honestly think Windows 7 runs smoother as VM guest on a Linux host than directly installed. LoL

  6. Proves someone is running unpatched Sendmail from the early 90's? :-P I remember trying this crap reading meinel's bunk back in like '99, and even then it was too late lol. If I remember correctly, Sendmail closed relaying be default and they all went away overnight.
  7. My trackpad, is super flaky in Linux. It will pause long enough to be annoying then work again... By pause I mean, stops taking input for a few seconds then accepts input once again... This is the dmesg log. This is what happens every time it pauses.... Feb 1 13:15:48 sting kernel: [ 1746.787178] psmouse serio1: resync failed, issuing reconnect requestFeb 1 13:15:52 sting kernel: [ 1750.722621] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1Feb 1 13:15:52 sting kernel: [ 1750.723734] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1Feb 1 13:15:52 sting kernel: [ 1750.724642] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1Feb 1 13:15:52 sting kernel: [ 1750.725717] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1Feb 1 13:15:52 sting kernel: [ 1750.737756] psmouse serio1: TouchPad at isa0060/serio1/input0 - driver resynced.Feb 1 13:15:55 sting kernel: [ 1753.855093] psmouse serio1: TouchPad at isa0060/serio1/input0 lost synchronization, throwing 2 bytes away.Feb 1 13:15:55 sting kernel: [ 1754.361293] psmouse serio1: resync failed, issuing reconnect requestIt's on an iC2 bus... That's the only thing I can think of causing the problem.. Well besides it might not have the correct Synaptics drivers. I've followed many tutorials, and installed many Synaptics utilities.. Pretty much noting has fixed this... Could it be the ic2 bus causing issues? Is there some special driver I need for ic2 to function properly under Linux? P.S. I've installed all the latest trackpad firmware and BIOS updates from the manufacturer...
  8. I'm just mainly replying to this for anyone who comes across, looking for a fix. I was trying to get Mint Linux working one my Dell XPS 13 9343. The problem was that is uses a Microsoft Precision TrackPad. the fix is pretty simple. This is for Linux Mint 17.2 Rebecca, but should work on anything with Ubuntu repositories: via apt-get install the following packages: linux-headers-3.19.0-21-generic - Linux kernel headers for version 3.19.0 on 64 bit x86 SMP** linux-image-3.19.0-21-generic - Linux kernel image for version 3.19.0 on 64 bit x86 SMPlinux-image-extra-3.19.0-21-generic - Linux kernel extra modules for version 3.19.0 on 64 bit x86 SMP** linux-signed-image-3.19.0-21-generic - Signed kernel image genericlinux-tools-3.19.0-21-generic ** either the standard image or signed image. For secure boot enabled use the signed image. For old BIOS or UEFI w/o secure boot use the standard generic image. On the Dell 9343 the 3.19.0-21 is the first in the Ubuntu repository that includes the "automagic" kernel with updates for the Synaptics MS precision touchpad on the Ic2 bus. Later kernels will work - however the Broadcam package in Mint's repository is REALLY flaky with the other, newer kernels... So.. I just used 3.19.0-21 instead of playing with compilers and kernel modules all day. Mint will automagically update Grub and boot the new kernel. So... after installing reboot. You trackpad will be even better than in Windows with Microsoft precision track-pad drivers on Win8 or Win 10 (go figure). Hope this helps someone out! :-)
  9. The user agent from "project spartan" is being reported as Apple WebKit. This is a good thing: no more designing webpages for everything else, and Microsoft. LoL

  10. Just replying as a new reply, so OP might get an alert via email (vs editing). I was on a Win7 machine today. To view ascii formatted (sometimes plain text) registry keys go to: view > view binary data. It will bring up a window similar to the one I posted in Win10
  11. It's a hexadecimal representation of binary data. What is it supposed to be? I think "14,00" is some kind of meta information. Searching around google - all reg_binary data starts with "14,00". "00" is a null character. Here is an HEX to ASCII (and extended ASCII) chart(s): http://www.commfront.com/ascii-chart-table.htm Here is how Windows stores reg_binary data: Knock yourself out... There are plenty of functions in VB, C#, etc.. to read the data ant return the value of each byte. :-) Perhaps someone will come along who can give you a cut-and-dry answer... I was just trying to help the best I could. Hope that point you in the right direction... I just don't really have time to research it too much. EDIT: far as Iron Geek's tutorial, we know that might have been a feature provided in the registry keys at the time he wrote the paper. Perhaps that has been taken out. I don't have Win7 so I cannot see either way, and it's been a while since I've used Win7. I do know Iron Geek did participate in these forums a while back. Though they were pretty busy back then. Maybe try looking over Iron Geek's site for a contact email? He was always helpful to people posting in these forums, so sending him a quick email might get a response...
  12. Employer: We need to run a background and credit check. Me: Sure. You can run a background check, but I don't plan refinancing - unless you can offer a killer deal on a mortgage. Not interested in any more credit-cards, either.... WTF? Do people really let employers do this stuff?????

  13. I tried exporting and reading with a hex editor, but it didn't work. I could be missing a major step though..... Windows 10 actually has a "ascii or plain text view" like a hex editor. So you could read them in regedit from windows 10. If I'm not mistaken Windows 7 - Windows 98 had two registry editors: RegEdit and RegEdit32. Each had some different functions so you may want to try each and make sure you run them as administrator. Here are a few tools I found on google: https://www.raymond.cc/blog/convert-windows-registry-hex-to-text/ Cannot vouch for any of them... But looks like they should work. Perhaps the hex editor I was using was just not using the same encoding as the Windows Registry? Maybe try exporting and reading in a hex editor that supports more encoding schemes. I just use HxD (a freeware one). Here are some details about the Registry datatypes and how they are stored: https://msdn.microsoft.com/en-us/library/windows/desktop/bb773476(v=vs.85).aspx
  14. Is it just loading that entry in the ARP cache? arp -ashould show the arp table. I've been having some weird problems with ARP as well. My SSH session keep pausing when the arp entries get flushed form Windows. And apparently my Linux server doesn't like responding to any packets unless it first answers an ARP request. I can see where this is "secure" but this should be secured at other layers to keep ARP broadcasts down. Guess I'll play with the Windows registry to keep dynamic ARP entries longer. Not really ideal on a host that constantly connects SSH sessions on a large network.
  15. "12:00, I seen an SUV. I got 4 armed men; they're in hodgey gear." The Hurt Locker has to be one of my all time favorites....

  16. Proves someone is running unpatched Sendmail from the early 90's? :-P
  17. Check your ARP cache to make sure it matches the MAC/IP address combo you are pinging? You had the same laptop plugged in with just a different interface? It's totally possible for the kernel to do that, knowing "I have two IP addresses" I will reply since that's my other interface". (maybe not RFC compliant - unsure). It's either the operating system replying to its other IP address. Another host responding on behalf of your laptop (again, check ARP cache; does it have a multicast address?; What is your subnet's broadcast address?). OR the AP responding for a client. Just a little tinkering will help you deduce which it is.
  18. I'd think this qualifies as somewhat insecure :-( :
  19. F3 Framework is pretty cool. IS it secure? Not sure, but it's cool. :-)

  20. Me: You want share-level authentication for over 1000 expected users?!? Client: Yep! Nobody will forget the password..... Me: Ok. But...........

  21. FatFree Framework is pretty darned cool, so far....

  22. My neighbor's name is Ms. No Parking. She has signs posted nationwide reserving her parking spaces.....

  23. XFCE on Backbox in a VM. And SSH on a headless box running Ubuntu Server. EDIT: I do really like Cinnamon. It actually feels this millennium. Never liked KDE at all. Gnome was cool... If I had to choose: 1 - Cinnamon 2 - Mate 3 - Gnome 2 4 - XFCE Question, scratchycarrier: why stable? Do run mixed repositories? Stable, for me is always too outdated. I like testing - or even SID. But right now, I'm running Quartz. :-)
  24. I want to recompile sudo. Instead of -s, I want it: sudo --be-my-bitch

  25. At Starbucks listening to a guy telling his g.f. about Linux: "It's an opensource program ran on every Super Computer in the world."