Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
I would not use the Windows firewall I would use Sygate Personal Firewall is the best program I have tried in many years.
If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

Firewall combjned by other proactive features such as IDS and IPS and central. Management
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
What is the point of using old OS with tons of security programs to patch all vulnerabilities when Windows 10 protect computer from vulnerabilities by default?

I also use Windows 10.
At this moment I am at home and I am answering your question from the PC with Windows 10.

You will be surprised to know that there are still users who use Windows 2000,XP, Vista, but also Windows 7 and later OS.
Example my colleague "Win32" on the MSFN forum:

 
Last edited:

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,192
F

ForgottenSeer 72227

If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

Firewall combjned by other proactive features such as IDS and IPS and central. Management


You could build your own for much cheaper. If you have an old desktop laying around that you aren't using, you could put something like Sophos XG home, pfsense, etc.. on it and you have yourself a sweet hardware firewall with all those features.;)
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
A look over there is like going back in time. These people are serious about their dinosaurs! ;):LOL:

:D

Instead it is a great satisfaction.
For example, I was very happy to have set my I.E.8 as the image below:

110.JPG
110a.JPG


Even if I never use it.
By the way, we want to discuss the "Session Ticket Support" parameter.
If you pass the test with your browsers it is not always a good thing
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
I would not use the Windows firewall I would use Sygate Personal Firewall is the best program I have tried in many years.
There are some other good solutions. I used to use 3rd party firewalls a few years ago. But in the home environment, the Windows firewall is enough for me.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Still on board on my XP as the support of Kerio FW Free 2.1.5...yess...I'm using firewall from 2004 so...could I feel like dinosaur? :) As already mentioned - there still to get a few firewalls from the past e.g. Kerio, Sygate, Sunbelt, NetVeda SN, Filseclab, Outpost, PCTools, Prvatefirewall or even the last free Online Armor from Tall Emu but nowadyas we have nice firewall that is Free also - SpyShelter Free v.12. It' s for sure worth of attention.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)

Look in my configuration.
System Utilities - WWDC
Windows Worms Doors Cleaner
If you search on the net do in part what you wrote ;)
 
F

ForgottenSeer 823865

To be honest I don't see, in my case, what a 3rd party firewall afford more than Windows Firewall, pop-up alert when outbound connection is created? No need, I block all outbound connections at fitst then create manually my own rules.
 
F

ForgottenSeer 823865

How to find it then :ROFLMAO: :ROFLMAO:
You can't by normal means. Maybe via a corporate firewall that has IPS/IDS or by dll monitoring.
I remember a "colleague" , showing me in real time how to evade AVs using obfuscated Mimikatz. The initial detection was originally like 15+ engines detecting it, and just by changing mimikatz attributes, it gradually went to zero detection... If I remember ESET was the last one.
Now couple it with true fileless/in-memory delivery techniques or a kernel exploit and your traditional security softs whatever awesome default-deny or AV will fail.
Why do you think corporations invest in very expensive business solutions (which are often hardware based)? And even with them, they still get breached. So I laugh when some home users products claimed to stop all malwares when basic true exploits are just enough to beat them...Yes they may stop your ordinary malware, not the complex ones like I saw.

Of course you won't see such stuff around every corner, some will say, they will never cross them (which is probably true), but we aren't in a security forum for Average Joe threats, we are here to learn how about sophisticated ones and how to protect ourselves against them.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
In-memory Mimikatz can be delivered filelessly via PowerShell (Invoke-Mimikatz.ps1). It can be obfuscated to avoid AV detection. It can be dangerous for enterprises. In the home environment, any true fileless malware must be started by the exploit which makes it far less possible than in enterprises, except when someone uses vulnerable (not patched) system/software.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
I don't have the Powershell "problem".
And Mimikatz creates more problems for your OS after XP.
The attacker is hardly inclined to consider the 32-bit compromised PC.
I know. You even do not have PowerShell installed. :)
Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)
 
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
I know. You even do not have PowerShell installed. :)
Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)

Yes, but I would like to broaden the discussion since Umbra mentioned it.
I know Mimikatz works on Windows XP.
Even on a compromised Windows XP it could even silently install Powershell 2.

If there is someone who is interested in the discussion, he can refer to the 3D below:


I speak from page 8 but the previous pages are also interesting.
Final conclusion.
In my PC, even in case of compromise of the OS (absurd hypothesis) Mimikatz could not act.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top