BlockWatch http://blockwatch.security-objectives.com Cloud Security Monitoring System Wed, 06 Jul 2011 11:40:39 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Spare time. http://blockwatch.security-objectives.com/spare-time/ http://blockwatch.security-objectives.com/spare-time/#comments Fri, 15 Apr 2011 00:53:05 +0000 ktwo http://blockwatch.security-objectives.com/?p=251 As if anybody has spare time any more? :)

I do occasionally goto stackoverflow.com, it can be interesting, even if it’s frequently annoying, full of script kiddies, college kids looking for homework help and every other guy is a a know-it-all, it has it’s moments.

profile for RandomNickName42 at Stack Overflow, Q&A for professional and enthusiast programmers

 

]]> http://blockwatch.security-objectives.com/spare-time/feed/ 0 High Performance Verification http://blockwatch.security-objectives.com/high-performance-verification/ http://blockwatch.security-objectives.com/high-performance-verification/#comments Mon, 11 Apr 2011 09:33:34 +0000 ktwo http://blockwatch.security-objectives.com/high-performance-verification/ This verification script is multi-threaded and also uses a specialized binary input interface (bypassing typical XML marshaling), to perform at very high speeds.

import sys

import clr

clr.AddReference(“SO.Shared”)

clr.AddReference(“SO.RTL”)

 

from System.Diagnostics import Stopwatch

from System.Collections.Generic import List

from SO.Shared import *

from SO.RTL import *

from System import String

 

nam = “t:\\BlockWatch\\”

 

metaDB = xMetaDB.LoadFrom(“t:\\BlockWatch\\$MDBFile.xml”)

 

print “setup xml manager”

bwm = BlockWatchManager(nam, metaDB)

 

print “tweak I/O (performance)”

bwm.hDB.ConfigureContext(1024*32, 128)

 

print “save reference to item ”

item = PhysicalMemoryLoader(“t:\\2008R2_latest2.dmp”)

item.IsVerify = True

 

time = Stopwatch.StartNew()

 

print “reducing shared modules by”,

print item.ReduceShareLoad()

 

rv = bwm.hDB.RunSet(item)

 

print time.Elapsed

 

for i in rv:

    if i.HashFinal is not None:

        print i.HashFinal.PercentValidated,

        print “% \t “,

        print i.HashFinal.BytesValidated,

        print ” \tof \t”,

        print i.HashFinal.InSize,

        print ” \t “,

        print i.HashFinal.Validated,

        print ” \tof \t”,

        print i.HashFinal.Processed,

        print ” \t”,

        print i.NameAux

 

metaDB.Sync()

bwm.Close()

 

print “done”
]]> http://blockwatch.security-objectives.com/high-performance-verification/feed/ 0 Extracting code from physical memory http://blockwatch.security-objectives.com/extracting-code-from-physical-memory/ http://blockwatch.security-objectives.com/extracting-code-from-physical-memory/#comments Mon, 11 Apr 2011 09:30:08 +0000 ktwo http://blockwatch.security-objectives.com/extracting-code-from-physical-memory/ The following script will dump all executable code from a physical memory dump to the TEMP directory (Local application profile temp).

The relocations are applied automatically, i.e. if the images were relocated in physical memory, they will be de-located and should match their original disk file state. With the exception of the import address table, which is set to NULL, validation of the IAT entries can be done at run time to ensure all entries point to valid entry points. To disable the automatic de-location of modules, do not set a value for the RelocationsFolder.

 

import sys

import clr

clr.AddReference(“SO.Shared”)

clr.AddReference(“SO.RTL”)

from System.Diagnostics import Stopwatch

from SO.Shared import *

from SO.RTL import *

 

PhysicalMemoryLoader.RelocationsFolder= “t:\\BlockWatch\\Relocs”

PhysicalMemoryLoader.RelocationsFolder64 = “t:\\BlockWatch\\Relocs64″

 

print “Loading physical memory”

time = Stopwatch.StartNew()

 

item = PhysicalMemoryLoader(sys.argv[1])

 

for i in item.EnumerateFiles():

    i.CopyToTmpFile()

 

print “done “,

print time.Elapsed
]]> http://blockwatch.security-objectives.com/extracting-code-from-physical-memory/feed/ 0 Verifying a Hyper-V Server http://blockwatch.security-objectives.com/verifying-a-hyper-v-server/ http://blockwatch.security-objectives.com/verifying-a-hyper-v-server/#comments Mon, 11 Apr 2011 09:22:36 +0000 ktwo http://blockwatch.security-objectives.com/verifying-a-hyper-v-server/ This content is for members only. Visit the site and log in/register to read. ]]> http://blockwatch.security-objectives.com/verifying-a-hyper-v-server/feed/ 0 Populating a database http://blockwatch.security-objectives.com/populating-a-database/ http://blockwatch.security-objectives.com/populating-a-database/#comments Mon, 11 Apr 2011 09:15:39 +0000 ktwo http://blockwatch.security-objectives.com/populating-a-database/ After creating your database, you need to load it with the files you want to search for. Typically, this means your operating system and program files directories.

Loading the database has two steps;

  1. Navigate to a file or directory and click “Prep Input”

    Remember to have the recursive option selection if you’re importing a directory.

     

    You can repeat the “Prep” step many times until you are ready to commit to the database. The “Prep” phase, creates XML data-set’s in the BlockWatch folder\XMLGenDir\#.

     

  2. Click the “Save Inputs” button.

    This will commit the XMLGenDir files to the BlockWatch database moving the XML files into the XMLSaveDir. This is also when the MetaData table is populated. Upon completion of the “Save” step, you are ready to validate any of the merged data, the XML files in XMLSaveDir can be deleted or backed up for long term validation.

     

     


     

]]> http://blockwatch.security-objectives.com/populating-a-database/feed/ 0 Settings & Configuration http://blockwatch.security-objectives.com/settings-configuration/ http://blockwatch.security-objectives.com/settings-configuration/#comments Mon, 11 Apr 2011 08:25:56 +0000 ktwo http://blockwatch.security-objectives.com/settings-configuration/ This content is for members only. Visit the site and log in/register to read. ]]> http://blockwatch.security-objectives.com/settings-configuration/feed/ 0 The BlockWatch UI http://blockwatch.security-objectives.com/the-blockwatch-ui/ http://blockwatch.security-objectives.com/the-blockwatch-ui/#comments Mon, 11 Apr 2011 08:08:03 +0000 ktwo http://blockwatch.security-objectives.com/the-blockwatch-ui/ This content is for members only. Visit the site and log in/register to read. ]]> http://blockwatch.security-objectives.com/the-blockwatch-ui/feed/ 0 Building a database http://blockwatch.security-objectives.com/building-a-database/ http://blockwatch.security-objectives.com/building-a-database/#comments Mon, 11 Apr 2011 08:03:42 +0000 ktwo http://blockwatch.security-objectives.com/?p=221 This content is for members only. Visit the site and log in/register to read. ]]> http://blockwatch.security-objectives.com/building-a-database/feed/ 0 Sales 2 http://blockwatch.security-objectives.com/sales-2/ http://blockwatch.security-objectives.com/sales-2/#comments Mon, 11 Apr 2011 07:27:37 +0000 ktwo http://blockwatch.security-objectives.com/?p=214
Guaranteed results with
BlockWatch
without the guess work.

 


]]> http://blockwatch.security-objectives.com/sales-2/feed/ 0 Sales 1 http://blockwatch.security-objectives.com/blockwatch-delivers-guaranteed-results-without-the-guess-work/ http://blockwatch.security-objectives.com/blockwatch-delivers-guaranteed-results-without-the-guess-work/#comments Sun, 03 Apr 2011 21:25:26 +0000 adminsuper http://support.security-objectives.com/?p=126
Peace of mind and
confidence
in your infrastructure is worth it.

 


]]> http://blockwatch.security-objectives.com/blockwatch-delivers-guaranteed-results-without-the-guess-work/feed/ 0