Translate page Now !!

Tuesday, 28 January 2014

Deploying Windows Server 2012 without Installer

My Setup

My dedicated server has two identical 3TB hard drives and a single public IPv4 address. The hoster offers a free remote console but charges for attaching an optical or USB device. The server was running Windows Server 2008 R2 with the Hyper-V role installed.
Based on this setup I wanted to migrate to Windows Server 2012 without having to pay for attaching an installation medium. Therefore, I decided to upgrade “in-place” – meaning that I installed the new OS from the old one still running on it. The hardest part was getting the boot loader to work correctly … but first things first …
Note: If you have not made the switch ti UEFI yet, some of the commands are slightly different. I added some notes to point you in the right correction but I have not tested the contents of this article on a BIOS-based system.

The following commands create four partitions: 300MB for separating WinRE, 100MB for a FAT32-formatted EFI boot partition, 128MB for a Microsoft Reserved (MSR) partition and a OS partition taking up the remaining space. In my case, I later shrinked the OS partition to accomodate for additional partitions.
convert gpt
rem == 1. Microsoft Reserved (MSR) partition =======
rem == this partition is created during conversion to GPT
rem == 2. System partition =========================
create partition efi size=100
format quick fs=fat32 label="System"
assign letter="S"
rem == 3. Windows RE tools partition =============== 
create partition primary size=300
format quick fs=ntfs label="Windows RE tools"
assign letter="T"
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac"
gpt attributes=0x8000000000000001
rem == 4. Windows partition ========================
create partition primary
format quick fs=ntfs label="Windows"
assign letter="W"
diskpart can also provide a quick overview which partitions are assigned a drive letter by running list volume.
Note: For BIOS/MBR based systems, you will have to leave out the conversion to GPT (second command) and the second partition in the list (system partition).

Sunday, 22 December 2013

Banking Trojan 2013 statistics

More than 1400 Financial institutions targeted by Banking Trojan in 2013

The State of Financial Trojans: 2013
Which Revealed that over 1400 financial institutions have been targeted and compromised millions of computers around the world and the mostly targeted banks were based in the USA with 71.5% of all analyzed Trojans.
 According to the report, the number of infections of the most common financial Trojans grew to 300 over percent in the first 9 months of 2013. Nearly 1,500 institutions in 88 countries were potential targets during 2013.

More than 1400 Financial institutions targeted by Banking Trojan in 2013for the last 10 years to protect customers and online transactions from threat. Over the time those remote attackers adapted to these countermeasures and sophisticated banking Trojans began to emerge.

Two Dominant attack strategies are:

* Focus attack: This approach suits attackers with limited resources but also scales well to larger operations. if the distribution is accurate and the target institution has a sizeable client base, a focused attack can provide and adequate supply of targets. Shylock, Bebloh and Tilon all use this approach exclusively.

* Broad Strokes: In this attack strategy, Trojans are set to target large numbers of institutions. Tilon, Cridex, and Gameover adopt these tactics and Zeus also uses this approach in its default configuration.

Sunday, 8 December 2013

Android Gaming app that steals WhatsApp conversations

Beware of Rogue Android gaming apps that steals WhatsApp conversations
Almost every other day friends have been asking me if it is possible to steal whatsapp chat messages, my reply to them is, Yes it can be achieved with the help of malware. Many of us thought would thought that many of the internet stuff are actually safe and sound but guess what you are wrong.
anything which was encrypt can be decrypt as well :) so yeah nothing is safe on internet.

Below image shows that with Android game " balloon pop 2 " It can steals whatsapp messages.  
Beware of Rogue Android gaming apps that steals WhatsApp conversations

Monday, 28 October 2013

Understanding Cryptolocker

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted

CryptoLocker payment screen

CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds a files that matches one of these types,it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker\Files Registry key.
When it has finished encrypting your data files it will then show the CryptoLocker screen as shown above and demand a ransom of either $100 or $300 dollars in order to decrypt your files. This ransom must be paid using Bitcoin or MoneyPak vouchers. It also states that you must pay this ransom within 96 hours or the private encryption key will be destroyed on the developer's servers.

Command & Control Server Message

How to increase the time you have to pay the ransom

When the CryptoLocker is first shown, you will see a timer that states you need to pay the ransom within 96 hours. Some people have reported that you can increase the time by rolling back the clock in your BIOS. So to increase the timer by 10 hours, you would change your clock in your BIOS to 10 hours earlier. The virus author has stated that using this method will not help. They have said that the private key required for decryption will be deleted from the Command & Control server after the allotted time regardless of how much time it says is left on the infected computer.

Sunday, 13 October 2013

Knowledge about WMI / Query

Dear All,

We understood that many times end users often have questions like ?
What kind of software products was installed on my workstation ?
What are the type of windows patches that was install on my workstation ?
What kind of CPU chip am I using ?
What is my motherboard serial number ?
How Many users account were created on my workstation ?

Click Here to download the document.

The purpose of this document is to help user to familiarize WMI-Command line usage. Most of the information have been simplified. Should you have more questions please revert back to

Friday, 11 October 2013

Microsoft Licensing Umbrella

Dear All,

Click Here to download

The purpose of this document is to explain to customers who are new to Microsoft Licensing terms and various types of licensing agreement and processes.
Hopefully with this document it somehow provided you a basic understanding of what is all about.
inside the document. It also provide information about Open licenses, Select + and enterprise agreements.
Revert if you have any questions. SoftwareONE | One Focus | Your Licensing experts.

Wednesday, 9 October 2013

Microsoft Cloud Licensing Changes

Dear All,

As we understood that Microsoft have recently added new licensing terms into the Microsoft licensing spectrum.

So I hope with the below document it will give you some vision on what microsoft have change :)

Click Here to download