| Subcribe via RSS

How-to: FOR loop inside a FOR loop in batch

October 14th, 2010 | No Comments | Posted in Scripting, Windows

How to do a FOR loop inside a FOR loop in batch?
How to do nested FOR loops in batch?

Example:
@echo off
setlocal EnableDelayedExpansion EnableExtensions
for /F %%a in (file.txt) do (
set file_content=%%a
for /f "tokens=*" %%k in (' %file_content%') do (
set command_result=%%k
echo !file_content! !command_result!
)
)
ENDLOCAL

Tags: , , , , ,

Trend Micro OfficeScan 10.5 Features and thoughts

October 11th, 2010 | No Comments | Posted in Security, Software, Trend Micro, Windows

It’s almost 2 months since the release of OfficeScan 10.5. Anyone out there upgraded yet? If so, what’s your experience?
I’ve done a couple of installations and upgrades, and I’ll share my experiences:

First, what’s changed in OfficeScan from version 10.0 SP1?

- Active Directory Integration
- Smart Protection Solutions
- Security Compliance
- Virtual Desktop Support
- Role-based administration
- General Product enhancements

So, what is my experience with the new features?
More »

Tags: , , ,

New version of Process Explorer (and some other tools)

March 30th, 2010 | No Comments | Posted in Windows

Microsoft Sysinternals just released a new version of Process Explorer (v12).
In the new version you can see what svchost is hosting, the mapping of service names to threads and the TCP/IP tabs on Vista/Win 7. There are also some features related to IE8.

Process Explorer:
http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

They also updated som other tools:

VMMap
http://technet.microsoft.com/en-gb/sysinternals/dd535533.aspx

DiskView
http://technet.microsoft.com/en-gb/sysinternals/bb896650.aspx

Read the entire blog post here:
http://blogs.technet.com/sysinternals/archive/2010/03/25/updates-process-explorer-v12-vmmap-v2-62-diskview-v2-4-sdelete-v1-7.aspx

Tags: , ,

0-day SMB remote exploit in Windows 7 and Windows Server 2008 R2

November 13th, 2009 | No Comments | Posted in Security, Windows

There is a new 0-day remote exploit available for Windows 7 and Windows Server 2008 R2.
This only works on R2 of Windows Server, but it work even with all the latest patches applied.

Exploitation of the exploit crashes the system. This is done by sending a NetBios header that specifies that the SMB-packet is 1, 2 or 4 bytes larger or smaller than what it actually is.

When the system crashes, there is no BSOD, the system simply freezes. And there is no traces in the event logs (after reboot).

When the system receives the packet, it goes into an infinite loop.

The crash itself happens in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() (which is caused by an infinite loop).

The vulnerability could possibly be exploited through IE.

And the proof of concept works by:

1. Running the python code on a *nix box, and ensuring port 445 is open.
2. Connecting through SMB to the *nix box.

Read more:
http://isc.sans.org/diary.html?storyid=7573
http://blog.trendmicro.com/new-smb-zero-day-exploit/
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

Tags: , , , , ,

Installing Windows XP on a Dell XPS M1330

September 7th, 2009 | No Comments | Posted in Windows

If you want to install Windows XP Professional on a Dell XPS M1330 laptop, its enough to set the S-ATA controller to “ATA”-mode in the BIOS (yes, disable ACHI, and remember to disable the flash cache thingy too).

Tags: , ,