Long Term packet captures using Wireshark.

Over the years I used wireshark to capture packet traces on windows devices. It did the job and for the most part was an invaluable tool. Until that is, I had the need to capture packets over a period of time. Usually when troubleshooting an intermittent network problem. Just when I needed the tool to… Continue Reading

Improving MSSQL performance

After hearing of complaints of poor application performance for one of my clients Healthcare Referral systems, i started looking into the underlying infrastructure only to find that there was no smoking gun. I ran some queries to see how the memory was being consumed by MSSQL since task manager pretty much just shows allocation, not… Continue Reading

Volatility – An advanced memory forensics framework

Are you involved in an Incident response engagement and need some free tools to complete your job? I have had good luck with Volatility Framework used in conjunction with Hibernation of the suspect endpoint. The Volatility Framework is a collection of tools, implemented in Python under the GNU General Public License (GPL v2), for the… Continue Reading

Building scalable web applications to a Windows IIS farm? Here is the solution to replicating the IIS metabase, SSL certs, Bindings, and code.

Web Deploy 3.5, the answer to scalability with web farms. http://www.iis.net/downloads/microsoft/web-deploy Similar to the use of Chef or Puppet, you can use Web Deploy 3.5 to push web server configuration and content to all you web servers in your farm.¬†Previously i¬†used IISCnfg to handle this back in the IIS6 days, but haven’t needed to do… Continue Reading

Change your default RDP client settings

Do you often connect to servers using RDP client and wish to have your local drives mapped, or have preferences for the display? The following steps walk you through making changes to the default settings. Step 1 open your my documents folder and locate the hidden file Default.rdp. Right click the file and select “edit”… Continue Reading

Removing ghost network adapters

I run across this quite a bit and decided to save this info.   http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1179  

Microsoft EMET 5.2 released – Stop Malware in it’s tracks

If you have endpoint security concerns you should do yourself a favor and look into Microsoft EMET 5.2. I am having early success in testing this and recommend you do the same. According to Microsoft, “There is no one tool capable of preventing all attacks. EMET is designed to make it more difficult, expensive and… Continue Reading

HOWTO: ping list of hosts from a file and output to txt

I used to do this with a batch file and for some reason it didnt work on Windows 7 SP1 today. So i asked a colleague for a powershell way to do this quickly. Props to Robert Ramsay over at NAMMCAL with the script. copy the following and save in the c:\scripts folder as ping.ps1… Continue Reading

HP Array Configuration Utility (ACU) CLI commands

Had to look this up again today when troubleshooting an HP embedded array controller (P410i)   This issue i ran into was the event logs were displaying the following errors Event ID 11 The driver detected a controller error on \Device\Harddisk1. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. and Event ID 24606… Continue Reading

Strange low disk space issue found today

An FTP server we manage had low disk space and it looked like 60GB were missing from this server. Upon investigation we found the following folder (which was hidden) had files taking up the disk space: C:\ProgramData\Microsoft\Windows\WER\ReportQueue   This folder is used by windows error reporting, the replacement for Dr. Watson. It was keeping reports… Continue Reading