Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team

  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Noche said:
I would not use the Windows firewall I would use Sygate Personal Firewall is the best program I have tried in many years.
Click to expand...
If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

Firewall combjned by other proactive features such as IDS and IPS and central. Management
 
  • Like
Reactions: Venustus and ForgottenSeer 72227
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
WhiteMouse said:
What is the point of using old OS with tons of security programs to patch all vulnerabilities when Windows 10 protect computer from vulnerabilities by default?
Click to expand...

I also use Windows 10.
At this moment I am at home and I am answering your question from the PC with Windows 10.

You will be surprised to know that there are still users who use Windows 2000,XP, Vista, but also Windows 7 and later OS.
Example my colleague "Win32" on the MSFN forum:

msfn.org

Extreme Explorer 360 Chromium 78-86 General Discussion

Hello. I was looking for internet browsers that still support XP and something caught my eye, a chinese browser called Extreme Explorer 360 (Chrome 360). It was advertised as Chromium 78 based so I decided to give it a try and to my surprise it actually worked. At first I thought that there was a...
msfn.org
 
Last edited:
  • Like
Reactions: ichito, Prorootect, Venustus and 1 other person
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,623
  • HaHa
  • Like
Reactions: Prorootect, Venustus, Andy Ful and 3 others
F

ForgottenSeer 72227

DDE_Server said:
If you want good firewall there are two solutions which are knows (sophos and fortigate ).however they are expensive however if I could afford I will by UTM instead :ROFLMAO: :ROFLMAO:

Firewall combjned by other proactive features such as IDS and IPS and central. Management
Click to expand...


You could build your own for much cheaper. If you have an old desktop laying around that you aren't using, you could put something like Sophos XG home, pfsense, etc.. on it and you have yourself a sweet hardware firewall with all those features.;)
 
  • Like
  • +Reputation
Reactions: Protomartyr, Venustus, DDE_Server and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
oldschool said:
A look over there is like going back in time. These people are serious about their dinosaurs! ;):LOL:
Click to expand...

:D

Instead it is a great satisfaction.
For example, I was very happy to have set my I.E.8 as the image below:

110.JPG
110a.JPG


Even if I never use it.
By the way, we want to discuss the "Session Ticket Support" parameter.
If you pass the test with your browsers it is not always a good thing
 
Last edited:
  • Like
Reactions: Venustus and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Noche said:
I would not use the Windows firewall I would use Sygate Personal Firewall is the best program I have tried in many years.
Click to expand...
There are some other good solutions. I used to use 3rd party firewalls a few years ago. But in the home environment, the Windows firewall is enough for me.
 
  • Like
Reactions: Protomartyr, ForgottenSeer 72227, Venustus and 3 others
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)
 
  • Like
Reactions: Protomartyr, Iapepe, Venustus and 5 others
ichito

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
Prorootect said:
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Click to expand...
Still on board on my XP as the support of Kerio FW Free 2.1.5...yess...I'm using firewall from 2004 so...could I feel like dinosaur? :) As already mentioned - there still to get a few firewalls from the past e.g. Kerio, Sygate, Sunbelt, NetVeda SN, Filseclab, Outpost, PCTools, Prvatefirewall or even the last free Online Armor from Tall Emu but nowadyas we have nice firewall that is Free also - SpyShelter Free v.12. It' s for sure worth of attention.
 
  • Like
Reactions: Fuzzfas, Behold Eck, Protomartyr and 7 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Prorootect said:
Surely you've disabled NetBIOS over TCP/IP (all interfaces)? - and disabled ports 135, 137-139, 445 ... type netstat -an in a command prompt window to look eventually for your opened ports...
- so use "Seconfig XP" v1.1 - small but powerful software by Davis Mosenkovs; download link on Softpedia: Download Seconfig XP 1.1
Good read: How to disable Ports 135, 137-139, 445 (Windows XP): How to disable Ports 135, 137-139, 445 (Windows XP)
Click to expand...

Look in my configuration.
System Utilities - WWDC
Windows Worms Doors Cleaner
If you search on the net do in part what you wrote ;)
 
  • Like
Reactions: Protomartyr, Prorootect, Venustus and 2 others
F

ForgottenSeer 823865

To be honest I don't see, in my case, what a 3rd party firewall afford more than Windows Firewall, pop-up alert when outbound connection is created? No need, I block all outbound connections at fitst then create manually my own rules.
 
  • Like
Reactions: Behold Eck, Protomartyr, Andy Ful and 3 others
F

ForgottenSeer 823865

DDE_Server said:
How to find it then :ROFLMAO: :ROFLMAO:
Click to expand...
You can't by normal means. Maybe via a corporate firewall that has IPS/IDS or by dll monitoring.
I remember a "colleague" , showing me in real time how to evade AVs using obfuscated Mimikatz. The initial detection was originally like 15+ engines detecting it, and just by changing mimikatz attributes, it gradually went to zero detection... If I remember ESET was the last one.
Now couple it with true fileless/in-memory delivery techniques or a kernel exploit and your traditional security softs whatever awesome default-deny or AV will fail.
Why do you think corporations invest in very expensive business solutions (which are often hardware based)? And even with them, they still get breached. So I laugh when some home users products claimed to stop all malwares when basic true exploits are just enough to beat them...Yes they may stop your ordinary malware, not the complex ones like I saw.

Of course you won't see such stuff around every corner, some will say, they will never cross them (which is probably true), but we aren't in a security forum for Average Joe threats, we are here to learn how about sophisticated ones and how to protect ourselves against them.
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Protomartyr, Prorootect, valvaris and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
In-memory Mimikatz can be delivered filelessly via PowerShell (Invoke-Mimikatz.ps1). It can be obfuscated to avoid AV detection. It can be dangerous for enterprises. In the home environment, any true fileless malware must be started by the exploit which makes it far less possible than in enterprises, except when someone uses vulnerable (not patched) system/software.
 
  • Like
Reactions: Venustus, Protomartyr, oldschool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sampei Nihira said:
I don't have the Powershell "problem".
And Mimikatz creates more problems for your OS after XP.
The attacker is hardly inclined to consider the 32-bit compromised PC.
Click to expand...
I know. You even do not have PowerShell installed. :)
Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)
 
Last edited:
  • Like
Reactions: Venustus, Protomartyr, oldschool and 1 other person
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
I know. You even do not have PowerShell installed. :)
Mimikatz works on Windows XP. The exploit kit does not consider anything - it will attack any vulnerable system if only the right module is available.
Anyway, my post was related to the @Umbra post. Both were not related to your config, but they had a rather general meaning.(y)
Click to expand...

Yes, but I would like to broaden the discussion since Umbra mentioned it.
I know Mimikatz works on Windows XP.
Even on a compromised Windows XP it could even silently install Powershell 2.

If there is someone who is interested in the discussion, he can refer to the 3D below:

www.wilderssecurity.com

Current state of malicious Powershell script blocking

The above posting leads into something I have been "pondering." How about Microsoft via Windows Defender Exploit Guard create mitigation policies in...
www.wilderssecurity.com www.wilderssecurity.com

I speak from page 8 but the previous pages are also interesting.
Final conclusion.
In my PC, even in case of compromise of the OS (absurd hypothesis) Mimikatz could not act.
 
Last edited:
  • Like
Reactions: Venustus, Gandalf_The_Grey and Protomartyr
Status
Not open for further replies.

Similar threads

Stenographers
    • Like
    • Applause
    • +Reputation
Advanced Plus Security Stenographer's Security Config 2022
Replies
4
Views
1,204
PC Setup Configuration Help & Showcase
Stenographers
Stenographers
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
3,006
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
SpiderWeb
    • Like
    • Wow
Advanced Plus Security SpiderWeb's Security Config 2020
Replies
23
Views
6,742
CSC Archive
Ink
I

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top