I can't help with why your edge is being elevated, but I can suggest to make exploits harder.... https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard
Are you spawning Edge maybe from games that elevated?
This posting is provided "AS IS" with no...
As long as the boxes don't share Creds, that's a good path, it follows the https://docs.microsoft.com/en-us/security/compass/overview Secure Access Workstation model. But if they share any credentials, you have broken the model.
Running with Windows 7 on the internet is a dangerous move, due...
If I could get ECC I would, back 22 years ago, when I owned my own computer store, I put ECC memory in everything. (God I'm old) It was more expensive, but man so many fewer support calls. If I could get it, I would just for the peace of mind. The bad part of his argument however; is ECC doesn't...
Because it's following the boot spec. I haven't owned setup code for over 17 years, so take this with a grain of salt. (I work on the Windows Defender team again, now) The spec says to put all boot details on disk 0 according to the bios spec from way back. Now Bios and UEFI are a lot smarter...
That bugcheck says a USB device sent some data that doesn't make sense... I can't get more details since you are on Windows 7.... I am 100% sure you have some hardware issue in your machine. I can't help you more than that, sorry.
This posting is provided "AS IS" with no warranties, and confers...
That memory dump shows a paging in error of Wininit.exe. This is usually caused by failing Mass Storage devices in the chain. (mobo, hdd, etc) Your event log entry is another driver failing to page in, your video driver.
Have you ran a chkdsk recently and see if there are errors?
This posting...
Handles are not sockets? What are you trying to do in this python code? (Also, is there any event log entries about socket limit hit? There is a simultaneous socket limit due to worms...)
This posting is provided "AS IS" with no warranties, and confers no rights.
The problem with Windows 7 is that it doesn't have the protections of newer windows to make exploiting harder, as well if there is a patch for vuln for supported windows, it's trivial to reverse engineer and try it on Windows 7. Not being direct connect to the internet prevents people coming...
Lol, it would be weird for ex-operating system programmer to not be familiar with those features... So, there are things that cannot be patched during running, even the livepatch documentation calls some out. Hypervisor makes some patching easier below it, but then hotpatching a hypervisor is...
If it's 3 years, reboot that server! Respectfully, allow the old ilinks to recycle and not have vulnerable software running. (That also implies you haven't patched the kernel in forever which probably could use a patch or two in three years)
Anyways, just my opinion from doing Incident Response...
When somebody was closing 4 TB u.2 drives on Ebay, bought one. Perfect, has speeds equiv to a 9700 Samsung drive because it is one, but gobs of space. With mklink you can join 2 drives together transparently to you and apps on your machine. (That's how my onedrive is on my slow spinner drives)
Not your answer, but Windows 10 with storage spaces supports it. And bonus is supported...
https://support.microsoft.com/en-us/help/12438/windows-10-storage-spaces
This posting is provided "AS IS" with no warranties, and confers no rights.
Cool, I haven't had a computer store in almost 20 years, but try to keep my head in the game. If I could have found a 3900 no X, for cheap, I would have bought one for my 1800X rig. :p Thank you for explaining it to me Zedicus, that makes sense.
I just had a PC built for my wife, was going to do a Ryzen 5 for her, and they had a free upgrade to the ryzen 3900 non X for the same price. (Which kinda tells me they must be pretty cheap, and yet I can't find a reseller anywhere)
Again, some might call me biased. :P
From one who would know, Windows 7 was a great OS for the time, attack's change. Windows 7 didn't ship with built in Antimalware protection for example. It didn't ship with Control Flow Guard, CredGuard to protect creds from stealing, let alone the Trusted...
Note some might call me biased:
I guarantee every nation state and every ransomware group is reversing every fix that comes out for windows 10, and see if it applies to Windows 7.As I work in incident response, CFG and some of the other security features in Windows 10 have raised the game in...
I still ask if all it takes is a machine going to hyperspeed, why R2D2 just didn't pilot Luke's X-Wing and go hyperspeed at the deathstar... Easy Peasy, 2 minute script...
https://www.frys.com/product/9316130?site=sr:SEARCH:MAIN_RSLT_PG
Seems to be almost half off what newegg is selling it for as well as the Ryzen 1800x. I love my threadripper rig for work.
Wanted to setup 2FA for home if I rdp in via my tunnel. Duo comes highly recommended, but it apparently is broken on the latest windows 10 builds. :(
This seems like it should be really easy, 2FA with a local account, no domain, but it doesn't seem to be...
Guys,
That is a Microsoft file, check the signing with sigcheck. Your system is fine. Hit man pro has a false positive. I helped write mpksl I know what it does.
This posting is provided "AS IS" with no warranties, and confers no rights.
Being a consultant now for six years, I believe it. All the ransomware outbreaks have taught me nobody has backups, and nobody tests their backups. One company I was at, actually did proper disaster recovery, they shutdown their servers acted like a tornado struck their data center what would...
MpKSLRandom.sys usually is the Microsoft anti-rootkit driver.
http://www.networkworld.com/article/2343440/microsoft-subnet/microsoft-buys-komoku--maker-of-rootkit-detection-products.html
Why do you think it was a rootkit? Did you check the file properties or the signing info?
This posting is...
There has always been these types of attacks, the write one sector over and over again to kill spinners for example. It is cool research, but not really used practically.
This posting is provided "AS IS" with no warranties, and confers no rights.
WFD01000.sys is not the driver that bugchecked, a driver underneath it bugchecked which uses the driver framework. Is there somewhere you can upload the memory dumps? Reinstalling the O/S won't fix it, if it's hardware or the same driver get's reinstalled with the problem. This probably would...
Powershell is the replacement for netsh...
https://blogs.technet.microsoft.com/heyscriptingguy/2012/11/21/use-powershell-to-configure-the-nic-on-windows-server-2012/
This posting is provided "AS IS" with no warranties, and confers no rights.
So I know some might call me biased, but I actually worked on Secure boot. Nowhere was a discussion of messing with or vendor lock in, the whole goal with UEFI Secure Boot was to secure the Boot chain from being compromised...
So in other words, you had code execute code. If I can run misc exe, and have it execute code, I executed code. This is not a vulnerability. If I had a code execution bug in a browser, the browser was already Whitelisted, so launching regsvr32 makes absolutely no sense. This whole thing is a...
Man, been a long time since I've heard that name, and I spent a good several years on this forum debunking that dudes website. He broke so much stuff, it's not even funny. I spent hours debugging watson dumps because windows API's were just failing on people's boxes, and nobody knew why.
You...
That makes no sense to me... Unless Firefox got really optomized lately, since I refuse to run browsers without sandboxes, I haven't ran firefox in years.
As to 2GB of ram and X64, as most have said, X64 is definitely more secure, but it also doesn't have the massive perf hit people are talking...
Huh, somehow I've been doing cybersecurity over a decade, and yet, can't remember a single time I had to decode random puzzles. I have had to decode C2, but that was by reversing the implants encraption, not by brute forcing the codes...
Sounds like the MBR got corrupted somehow, boot to recovery console from your 2K3 CD and type fixboot and fixmbr.
Can I ask why you need to keep 2K3 around? Anything I can do to help you move off of it sooner?
This posting is provided "AS IS" with no warranties, and confers no rights.