Digital Signatures of running process is needed when your want to validate that the softwares actually comes from trusted source and is unmodified by viruses or trojans. You can also check the the executable files (.exe, .dll etc,.) on your system that they are digitally signed. In Microsoft Article, it is stated that:
"Software that is downloaded from the Internet to users' computers can contain programs such as viruses and Trojan horses that are designed to cause malicious damage or provide clandestine network access to intruders. As networks become more interconnected, malicious software and viruses also become a threat to intranets. To help counter this growing threat, you can digitally sign the software that you distribute on your intranets or the Internet to ensure its integrity and to assure others that the software can be trusted. Signed software ensures that users can verify the origin of the software, as well as verify that no one has tampered with it.
Microsoft developed the Microsoft® Authenticode® technology, which enables developers to digitally sign software. The last thing developers do before they release software is digitally sign the software. Any modification to the software after it is signed invalidates the digital signature. By using Authenticode technology, code signers who own valid X.509 version 3 code-signing certificates can sign software with their private key. Several other third-party code signing technologies also use digital certificates to enable code signing."
Let's see how we can check the digital signatures of files on our system if the critical windows files has been changed. We will also check the digital signature of running processes on our computer. For single file, the easiest way is right-click the file and find the Digital Signature Tab on properties. But, it is not a easy task for multiple files. So, we can say there are generally 3 methods and each has pros and cons and different features.
Sunday, February 26, 2017
Friday, February 24, 2017
Take it Easy: How to Automate SSH-ing with Powershell
Being away from blogging a while, since I have been on vacation after my VCP exam, now it's time back to my blogging. Today let's see how we can automate SSH-ing with powershell. Instead of connecting to each ssh hosts (eg, your routers/switches or linux servers), you can make the powershell snippets and insert the linux commands with plink.exe. Most of the time, you can use 2 methods to do ssh connection via powershell. You can use either of these methods.
1) Using plink.exe which is a command line version of putty.
2) Using one of the SSH Powershell Modules which are available on Powershell Gallery
There are other ssh modules and I use this SSH-Sessions Module written by Joakim Svendsen which uses SSH.NET library & Microsoft .Net framework.
Here, I use 2 linux hosts which are running ssh services. I use Windows 10 and Windows 7 with Powershell base version to connect to these hosts. The IP addresses in my lab are:
Host Names IP Addresses
======= ========
example1.local 10.170.0.50
example2.local 10.170.0.51
Windows10.local 10.170.0.10
Windows7.local 10.170.0.11
1) Using plink.exe which is a command line version of putty.
2) Using one of the SSH Powershell Modules which are available on Powershell Gallery
There are other ssh modules and I use this SSH-Sessions Module written by Joakim Svendsen which uses SSH.NET library & Microsoft .Net framework.
Here, I use 2 linux hosts which are running ssh services. I use Windows 10 and Windows 7 with Powershell base version to connect to these hosts. The IP addresses in my lab are:
Host Names IP Addresses
======= ========
example1.local 10.170.0.50
example2.local 10.170.0.51
Windows10.local 10.170.0.10
Windows7.local 10.170.0.11
Subscribe to:
Posts (Atom)