DOCSLIB.ORG

Home-Grown Cyber Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Home-Grown Cyber Security Home-Grown Cyber Security John B. Folkerts, CISSP https://www.linkedin.com/in/john-b-folkerts About Me … 20 years doing Information Security, Architecture, and Risk Management in large enterprise environments Prior to that, a Communications Officer in the US Air Force Involved in many incident response efforts and technology deployments, including Identity Management, Data Loss Protection, Antivirus, Malware Sandbox technology, Log Management, and Intrusion Detection Classical music fan, developing jazz aficionado Disclaimers My comments reflect my own opinions, and not those of my employers, past, present, or future. The tools and services mentioned in this presentation are freely available on the internet. They may not be suitable for your specific environment. Think carefully about your support requirements before using free or open source software or services. Despite being free, most of the tools mentioned have software licensing that governs their use, distribution, etc.... Please read the licenses and check with an attorney as needed to determine whether they are suitable for your environment. Traditional Approach to Security (Controls-based: Patching, Antivirus, Firewalls, Complex Passwords … ) The Strengths Protective – stop what we know is bad The Weaknesses Zero Day Exploits Constantly changing malware signatures Encryption, Tunneling through and around firewall rules Passwords attacked at the weakest point – the user … or worse the password hash database Enter the Cyber Security Framework … Cyber Security Framework Many/most of the traditional Info Security capabilities are included Threat-centric model which “connects the dots” between security capabilities Greater focus on detection and actionable response Basis for Home-grown Cyber Security Internet Firewall Not Optimal for Finding the Source of the Problem Wireless Router Workstation Printer Laptop Laptop What’s Going On in My Network? “If you really want to protect your network, you have to know your network” Rob Joyce, Chief, Tailored Access Operations National Security Agency Check out: https://www.youtube.com/watch?v=bDJb8WOJYdA Monitoring and detection inside your network is just as important as your network boundary. Modifications for Monitoring Internet Parts List: Extra PC with (2) NIC cards and 16Gb RAM Re-use Wireless Router Wireless Router Firewall Inexpensive 8-port switch with span port capability WiFi Access Point Monitor Span Port Switch w/ Span Port Network Monitor WiFi Access Point Workstation Printer Laptop Laptop “To Know Thyself …” What’s on my Network? Systems: DHCP assignments, IP addresses, MAC addresses “Things” – Xbox, Ecobee, Raspberry Pi What’s running on my Network? User Agents: Common (Chrome, IE) and uncommon (powershell, …) Executables: capture and hash OBSERVED assets, executables, etc… are usually good enough! “… is the Beginning of Intelligence” (apologies to Socrates) Threat Intelligence Types IP, Domain BlackLists MD5, SHA256 Hashes Tactics, tools, shared analysis Sources intel.criticalstack.com otx.alienware.com threatconnect.com us-cert.gov abuse.ch Many more at https://github.com/hslatman/awe Ref: Threat Intel Pyramid of Pain courtesy of David Bianco http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html some-threat-intelligence Basic Protections On The Network: Firewall – enable IP blocking DNS “Firewall” – enable Domain blocking BIND9: http://www.zytrax.com/books/dns/ch7/rpz.html DNSMASQ: https://wiki.archlinux.org/index.php/dnsmasq On The Host: Current Patches Current Antivirus Backup and Recovery Need Visibility!! On The Network: Security Onion – https://securityonion.net/ Bro - https://www.bro.org/ Snort – https://www.snort.org/ Sguil – https://www.sguil.net/ Wireshark – https://www.wireshark.org/ NetworkMiner – http://www.netresec.com/?page=NetworkMiner ELSA – Enterprise Log Search & Archive - https://github.com/mcholste/elsa On The Host: OSSEC – https://ossec.github.io/ Sysmon - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Detection Principals Keep History Continuous Monitoring of IOCs Look for Anomalies Match up Host Monitoring and Network Monitoring Host Monitoring Sysmon 6.10 Brought to you by Microsoft Sysinternals – Windows system monitoring Install: sysmon.exe –accepteula -i sysmon-config.xml Update: sysmon.exe -c sysmon-config.xml Remove: sysmon.exe –u Features: Windows Log Process creation, File hashes, network connections, remote threads, registry mods, alternate data streams OSSEC HIDS Monitoring and Alerting of Unix and Windows systems Use OSSEC to forward Sysmon logs to a safe place (like SecurityOnion/ELSA) Resources Swiftonsecurity Config - https://github.com/SwiftOnSecurity/sysmon-config ION Storm Threat Intel Config - https://github.com/ion-storm/sysmon-config Game Show Time! “Does it Belong?” (on my network) Does it Belong? – Long DNS request Snort Alert: MALWARE-OTHER dns request with long host name segment – possible data exfiltration attempt DNS query Request: tnncuaacaakn433maecaaagsaqaaa2lpfo3ve5lzd7ldo33maeaaaac3aaaabug.scjsaaaata aiaaa3n4zozkkr23mbxemjxewjevkw5s5zrcfqsbc5njwaqwstwnx.7tyud5d4yh3zsqcdiz6icp mlqyzfpubuw5ervi3so4q4mdhhxf64ctgre4zxyaa.aaaaaaaaaaa4x3qkm2ettg7a.a.j.e5.sk Response TXT 176 ANX8KgACABQAAAAAAAAA0gQAAAAAAAAAAAAAAAAAAAIAAABXAAAAJaPE4QAAEAAAAA AAAAAAAAAAAACnSdJrgTMO0oGe+2yVIa5YnbWRYq4kTMA6646ejwBHvY4yVgmIg2DMJKMfn AS1GH5nFGbv3/MjUUxO5U0QDFEPbeZdlQoKAA== Data Enrichment with domaintools.com Does it Belong? – TOR Exit Node Snort Alert: ET TOR Known Tor Relay/ Router (Not Exit) Node UDP Traffic group 87 Research using Wireshark Does it Belong? – Malware IOC Data Enrichment with Threat Research Tools Game: “Does it Belong?” ssl001.insnw.net, *.ewatches.com, *.honestqa.com, *.inscname.net, *.insnw.net, *.instart.co, *.instartlabs.com, *.instartlogic.com, *.onekingslane.com, *.pionline.com, *.smartbargains.com, *.stelladotstg.co.uk, *.thewatchery.com, *.uniqlo.com, *.v1host.com,adage.com, *.adage.com,airgundepot.com, *.airgundepot.com,airgundepot.net, *.airgundepot.net,allcdn.net, *.allcdn.net,api.m.reebonz.com, *.api.m.reebonz.com,ashleymadison.com, *.ashleymadison.com,assets.pixlee.com, *.assets.pixlee.com,atlanticmedia.com, *.atlanticmedia.com,auto-insurance-experts.com, *.auto-insurance-experts.com, barenecessities.com, *.barenecessities.com,bareweb.com, *.bareweb.com,bdcstatic.com, *.bdcstatic.com,bedroomworld.co.uk, *.bedroomworld.co.uk,blair.com, *.blair.com,bookit.com, *.bookit.com,bookitimages.com, *.bookitimages.com,bookitspeedtest.com, *.bookitspeedtest.com,boutique24.com, *.boutique24.com,business.com, *.business.com,canpages.ca, *.canpages.ca,cdn-api.arcpublishing.com,cdn.cb.pj.ca,cdn.cb.yp.ca, *.cdn.cb.yp.ca,cdn.circusbysamedelman.com,cdn.mediative.ca,cdn.submissionplatform.com,chess.com, *.chess.com,chesscomfiles.com, *.chesscomfiles.com,ci.pj.ca, *.ci.pj.ca,ci.yp.ca, *.ci.yp.ca,ci1.pj.ca, *.ci1.pj.ca,ci1.yp.ca, *.ci1.yp.ca,ci2.pj.ca, *.ci2.pj.ca,ci2.yp.ca, *.ci2.yp.ca,ci3.pj.ca, *.ci3.pj.ca,ci3.yp.ca, *.ci3.yp.ca,ci4.pj.ca, *.ci4.pj.ca,ci4.yp.ca, *.ci4.yp.ca,ci5.pj.ca, *.ci5.pj.ca,ci5.yp.ca, *.ci5.yp.ca,ci6.pj.ca, *.ci6.pj.ca,ci6.yp.ca, *.ci6.yp.ca,ci7.pj.ca, *.ci7.pj.ca,ci7.yp.ca, *.ci7.yp.ca,ci8.pj.ca, *.ci8.pj.ca,ci8.yp.ca, *.ci8.yp.ca,ci9.pj.ca, *.ci9.pj.ca,ci9.yp.ca, *.ci9.yp.ca,citylab.com, *.citylab.com,classesusa.com, *.classesusa.com,cms.yp.ca, *.cms.yp.ca,columbiaspectator.com, *.columbiaspectator.com,commun.it, *.commun.it,defenseone.com, *.defenseone.com,digital.firstchoice.co.uk,digital.thomson.co.uk,distillery.pixlee.com, *.distillery.pixlee.com,duolingo.com, *.duolingo.com,ehealthinsurance.com, *.ehealthinsurance.com,ever-skincare.com, *.ever-skincare.com,everskin.com, *.everskin.com,evite.com, *.evite.com,evitecdn.com, *.evitecdn.com,fasttrack360.com.au, *.fasttrack360.com.au,findfinancialsavings.com, *.findfinancialsavings.com,fivefourclothing.com, *.fivefourclothing.com,flights.thomsonprjuat.co.uk,frankandoak.com, *.frankandoak.com,g00.ranker.com, *.g00.ranker.com,g00.slickdeals.net, *.g00.slickdeals.net,gbot.me, *.gbot.me,gogobot.com, *.gogobot.com,govexec.com, *.govexec.com,hayneedle.com, *.hayneedle.com,honest.com, *.honest.com,honeywell.jp, *.honeywell.jp,html5.kongalong.com, *.html5.kongalong.com,html5.kongboat.com, *.html5.kongboat.com,html5.kongbus.com, *.html5.kongbus.com,html5.kongcab.com, *.html5.kongcab.com,html5.kongdiddy.com, *.html5.kongdiddy.com,html5.konghaul.com, *.html5.konghaul.com,html5.kongice.com, *.html5.kongice.com,html5.kongluge.com, *.html5.kongluge.com,html5.kongregate.com, *.html5.kongregate.com,html5.kongregatestage.com, *.html5.kongregatestage.com,html5.kongregatetrunk.com, *.html5.kongregatetrunk.com, html5.kongshred.com, *.html5.kongshred.com,html5.kongwater.com, *.html5.kongwater.com,html5.kongyak.com, *.html5.kongyak.com,html5.kongzep.com, *.html5.kongzep.com,iassets.anki.com,ifttt.com, *.ifttt.com,iggcdn.com, *.iggcdn.com,indiegogo.com, *.indiegogo.com,ins.cm.ehealthinsurance.com, *.ins.cm.ehealthinsurance.com,insight.com, *.insight.com,instart.co,instartlabs.com,instartlogic.com,int10.newokl.com,integration.modaoperandi.com, *.integration.modaoperandi.com,internal.instartlogic.com, *.internal.instartlogic.com,jayjays.com.au, *.jayjays.com.au,jdvhotels.com, *.jdvhotels.com,julep.com, *.julep.com,keek.com, *.keek.com,keep-collective.com, *.keep-collective.com,keepcollective.com, *.keepcollective.com,kongalong.com, *.kongalong.com,kongboat.com, *.kongboat.com,kongbus.com, *.kongbus.com,kongcab.com, *.kongcab.com,kongcdn.com,
Load more

Recommended publications
  • Snap on Windows an Intel-Sponsored, Open-Source Telemetry Framework IT 447 April 4, 2017
    Snap on Windows An Intel-sponsored, open-source telemetry framework IT 447 April 4, 2017 Phillip Anderson McKade Clements Devin Durtschi Mathew Kuhn Jesse Millar Coach: Dr. Jay Ekstrom Sponsor: Taylor Thomas Table of Contents Table of Contents Executive Summary Introduction Concept Definition Background Stakeholders Intel Companies with Windows Systems Operators of Windows Systems Open-source Maintainers of the Snap Project Members of the Snap Community Stakeholder Requirements Validation Verification System Definition System Requirements Logical Architecture Project Component Details Build Windows Test Environment Perfmon Plugin Sysinternals Plugin Active Directory Plugin Create an Automated Build Script for Snap Critical Path Verification and Validation Project Management Objective Statement List of Deliverables Conclusion References Appendix Source Code Constraint Matrix Governance Framework Communication Acceptance Documentation Gantt Chart Executive Summary Snap for Windows is a Brigham Young University Information Technology 2016-2017 capstone project. Snap is an open-source telemetry system headed by Intel, meant to facilitate the remote monitoring of large networks and company infrastructures. Snap works through three types of “plugins,” which allow for modularized collecting, processing, and publishing of system metrics. These metrics can include data such as cpu usage, number of processes running on a system, and memory available. Previously, Snap’s functionalities were constrained to Linux systems only, and were not compatible with Windows. This prevented a large portion of company infrastructures from utilizing Snap, as companies typically run the Windows operating system on a large portion of their network. The objective for this project included automating Snap’s build process onto Windows through a build script and creating three separate collector plugins based on the Windows’ Perfmon, Active Directory, and Sysinternals applications.
    [Show full text]
  • Automate Windows Environments with Ansible
    Automate Windows Environments with Ansible Orcun Atakan [email protected] Sr. Solution Architect, Red Hat ANSIBLE AUTOMATION FOR WINDOWS What we’ll be discussing today What is Ansible? Windows Management with Ansible What is DSC? Why Use Ansible with DSC? Demo: Rolling update of a .NET application on Windows 2 37,000+ 2800+ 500,000+ Stars on GitHub Ansible modules Downloads a month 3 WHY ANSIBLE? (for Windows) SIMPLE POWERFUL AGENTLESS Human readable automation Enable many use cases Ideal for Windows remoting No special coding skills needed Works hand-in-hand with DSC resources No agents to exploit or update Tasks executed in order Easy platform enablement Standards-based WinRM Usable by every team Leverage Powershell Get productive quickly ANSIBLE AUTOMATION WORKS ACROSS TEAMS BUSINESS DEV/QA COMPUTE NETWORK/SECURITY I.T. OPERATIONS 5 WINDOWS AUTOMATION 100+ 1,300+ Windows Powershell DSC Modules resources ansible.com/windows WHAT CAN I DO USING ANSIBLE FOR WINDOWS Native Windows support uses PowerShell remoting to manage Windows in the same Ansible agentless way ● Install and uninstall MSIs ● Gather facts on Windows hosts ● Enable and disable Windows features ● Start, stop, and manage Windows Services ● Create and Manage local users and groups ● Manage Windows packages via Chocolatey package manager ● Manage and install Windows updates ● Fetch files from remote sites ● Push and execute any Powershell scripts 7 Playbook Example 1/2 - hosts: new_servers tasks: - name: ensure common OS updates are current win_updates: register: update_result
    [Show full text]
  • Windows Tool Reference
    AppendixChapter A1 Windows Tool Reference Windows Management Tools This appendix lists sets of Windows management, maintenance, configuration, and monitor- ing tools that you may not be familiar with. Some are not automatically installed by Windows Setup but instead are hidden away in obscure folders on your Windows Setup DVD or CD- ROM. Others must be downloaded or purchased from Microsoft. They can be a great help in using, updating, and managing Windows. We’ll discuss the following tool kits: ■ Standard Tools—Our pick of handy programs installed by Windows Setup that we think are unappreciated and not well-enough known. ■ Support Tools—A set of useful command-line and GUI programs that can be installed from your Windows Setup DVD or CD-ROM. ■ Value-Added Tools—Several more sets of utilities hidden away on the Windows Setup CD-ROM. ■ Windows Ultimate Extras and PowerToys for XP—Accessories that can be downloaded for free from microsoft.com. The PowerToys include TweakUI, a program that lets you make adjustments to more Windows settings than you knew existed. ■ Resource Kits—A set of books published by Microsoft for some versions of Windows that includes a CD-ROM containing hundreds of utility programs. What you may not have known is that in some cases you can download the Resource Kit program toolkits with- out purchasing the books. ■ Subsystem for UNIX-Based Applications (SUA)—A package of network services and command-line tools that provide a nearly complete UNIX environment. It can be installed only on Windows Vista Ultimate and Enterprise, and Windows Server 2003.
    [Show full text]
  • Top 10 Tools Ed Bott
    WINDOWS 10 IT PRO ESSENTIALS Top 10 Tools Ed Bott PUBLISHED BY Microsoft Press A division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2016 by Microsoft Corporation All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. ISBN: 978-1-5093-0278-9 First Printing Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Support at [email protected]. Please tell us what you think of this book at http://aka.ms/tellpress. This book is provided “as-is” and expresses the author’s views and opinions. The views, opinions and information expressed in this book, including URL and other Internet website references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. Microsoft and the trademarks listed at http://www.microsoft.com on the “Trademarks” webpage are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. Acquisitions Editor: Rosemary Caperton Developmental Editor Rosemary Caperton Editorial Production: Dianne Russell, Octal Publishing, Inc. Copyeditor: Bob Russell, Octal Publishing, Inc. Cover: Twist Creative • Seattle Visit us today at MicrosoftPressStore.com • Hundreds of titles available – Books, eBooks, and online resources from industry experts • Free U.S. shipping • eBooks in multiple formats – Read on your computer, tablet, mobile device, or e-reader • Print & eBook Best Value Packs • eBook Deal of the Week – Save up to 60% on featured titles • Newsletter and special offers – Be the first to hear about new releases, specials, and more • Register your book – Get additional benefits Contents Introduction .....................................................
    [Show full text]
  • Malware Hunting with the Sysinternals Tools
    SESSION ID: HTA-T07R Malware Hunting with the Sysinternals Tools Mark Russinovich CTO, Microsoft Azure Microsoft @markrussinovich #RSAC #RSAC “When combining the results from all four AV engines, less than 40% of the binaries were detected.” Source: CAMP: Content-Agnostic Malware Protection Proceedings of 20th Annual Network & Distributed System Security Symposium https://www.cs.jhu.edu/~moheeb/aburajab-ndss-13.pdf #RSAC #RSAC #RSAC About this Talk Learn about Sysinternals tools and techniques for analyzing and cleaning malware Professional antimalware analysis requires years of deep training But even for professionals, Sysinternals tools can prove useful Analyzing: Understanding the impact of malware Can be used to understand malware operation Generates road map for cleaning infestations Cleaning: Removing an infestation of a compromised system Attempting a clean can also reveal more information about malware’s operation #RSAC Malware Cleaning Steps Disconnect from network Identify malicious processes and drivers Terminate identified processes Identify and delete malware autostarts Delete malware files Reboot and repeat #RSAC #RSAC What Are You Looking For? Investigate processes that… …have no icon …have no description or company name …unsigned Microsoft images …live in Windows directory or user profile …are packed …include strange URLs in their strings …have open TCP/IP endpoints …host suspicious DLLs or services #RSAC What About Task Manager? Task Manager provides little information about images that are running
    [Show full text]
  • Announcement
    Announcement 55 articles, 2016-03-12 12:02 1 PCIe SSD roundup 2016: Some stall while others progress The PCIe SSD market is still important but PCIE flash drive makers are split between those that continue to develop their products and those for whom product evolution has stalled 2016-03-12 12:02 2KB www.computerweekly.com 2 Security flaw affecting thousands of Linux apps and IoT devices uncovered Flaw in glibc open source code library leaves Linux-based devices open to malware,Cloud and Infrastructure,Open Source,Software,Operating Systems ,Linux,security,Internet of Things,IoT 2016-03-12 12:02 3KB www.v3.co.uk 3 Big data in big numbers - it's time to forget the 'three Vs' and look at real-world figures The term 'big data' has lost its meaning, says Sean Jackson, who offers some numbers to explain its impact in the here and now,Business Software ,Big Data and Analytics,Exasol,in- memory database,Gartner,Moore's law,Google,Facebook,Analytics,Internet of Things 2016-03-12 12:02 1KB www.computing.co.uk 4 Microsoft offers free-to-use SQL Server Express on Azure cloud platform Monitoring for Azure Data Factory also thrown in,Cloud and Infrastructure,Software ,Cloud,Cloud and Infrastructure 2016-03-12 12:02 2KB www.theinquirer.net 5 Never learnt to program your Spectrum, Amstrad or BBC? Step this way... Publisher Usborne re-releases 15 computer coding books from the 1980s as free PDF downloads,Software ,software,BBC 2016-03-12 12:02 1KB www.theinquirer.net 6 Virtual reality on the rise as HTC Vive nets 15,000 pre-orders The Vive was sold at
    [Show full text]
  • Reflection in the .NET Framework
    Mastering C# and .NET Framework Deep dive into C# and .NET architecture to build efficient, powerful applications Marino Posadas BIRMINGHAM - MUMBAI Mastering C# and .NET Framework Copyright © 2016 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: December 2016 Production reference: 1091216 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78588-437-5 www.packtpub.com Credits Author Project Coordinator Marino Posadas Izzat Contractor Reviewers Proofreader Fabio Claudio Ferracchiati Safis Editing Commissioning Editor Indexer Edward Gordon Rekha Nair Acquisition Editor Graphics Denim Pinto Disha Haria Content Development Editor Production Coordinator Priyanka Mehta Aparna Bhagat Technical Editor Cover Work Dhiraj Chandanshive Aparna Bhagat Copy Editor Stuti Srivastava About the Author Marino Posadas is an independent senior trainer, writer, and consultant in Microsoft Technologies and Web Standards.
    [Show full text]
  • Simon's Win32 Cheat Sheet This Sheet Summarises All the Things I Do to Make My Windows Machine More Useful to Me
    Simon's Win32 Cheat Sheet This sheet summarises all the things I do to make my Windows machine more useful to me. I've summarised it here partly for my own benefit (I have to repeat the process on each new machine) and partly in the hope that it may be be of use to others. Warning: some of these suggestions date back at least a decade, so they may be out of date. Please tell me, [email protected], if you find mistakes (please tell me how to fix them), or if there are things you find useful that aren't mentioned here. Translations: • Into Bosnian by Vlada Catalic. • Into Macedonian by Vlada Catalic. Contents General setup and user interface ..................................................................................................... 4 Your environment variables ........................................................................................................ 4 Make Caps-lock behave like Ctrl ................................................................................................ 4 Make your Contacts take precendence over the global address list ......................................... 5 Install better fonts ......................................................................................................................... 5 Stop booting with NumLock on ................................................................................................... 6 Make the cmd shell have decent copy/paste ............................................................................... 6 Move a window whose title bar is
    [Show full text]
  • Automating Problem Analysis and Triage Sasha Goldshtein @Goldshtn Production Debugging
    Automating Problem Analysis and Triage Sasha Goldshtein @goldshtn Production Debugging Requirements Limitations • Obtain actionable • Can’t install Visual information about Studio crashes and errors • Can’t suspend • Obtain accurate production servers performance • Can’t run intrusive information tools In the DevOps Process… Automatic build (CI) Automatic Automatic deployment remediation (CD) Automatic Automatic error triage monitoring and analysis Dump Files Dump Files • A user dump is a snapshot of a running process • A kernel dump is a snapshot of the entire system • Dump files are useful for post-mortem diagnostics and for production debugging • Anytime you can’t attach and start live debugging, a dump might help Limitations of Dump Files • A dump file is a static snapshot • You can’t debug a dump, just analyze it • Sometimes a repro is required (or more than one repro) • Sometimes several dumps must be compared Taxonomy of Dumps • Crash dumps are dumps generated when an application crashes • Hang dumps are dumps generated on-demand at a specific moment • These are just names; the contents of the dump files are the same! Generating a Hang Dump • Task Manager, right- click and choose “Create Dump File” • Creates a dump in %LOCALAPPDATA%\Te mp Procdump • Sysinternals utility for creating dumps • Examples: Procdump -ma app.exe app.dmp Procdump -ma -h app.exe hang.dmp Procdump -ma -e app.exe crash.dmp Procdump -ma -c 90 app.exe cpu.dmp Procdump -m 1000 -n 5 -s 600 -ma app.exe Windows Error Reporting • WER can create dumps automatically
    [Show full text]
  • Towards Left Duff S Mdbg Holt Winters Gai Incl Tax Drupal Fapi Icici
    jimportneoneo_clienterrorentitynotfoundrelatedtonoeneo_j_sdn neo_j_traversalcyperneo_jclientpy_neo_neo_jneo_jphpgraphesrelsjshelltraverserwritebatchtransactioneventhandlerbatchinsertereverymangraphenedbgraphdatabaseserviceneo_j_communityjconfigurationjserverstartnodenotintransactionexceptionrest_graphdbneographytransactionfailureexceptionrelationshipentityneo_j_ogmsdnwrappingneoserverbootstrappergraphrepositoryneo_j_graphdbnodeentityembeddedgraphdatabaseneo_jtemplate neo_j_spatialcypher_neo_jneo_j_cyphercypher_querynoe_jcypherneo_jrestclientpy_neoallshortestpathscypher_querieslinkuriousneoclipseexecutionresultbatch_importerwebadmingraphdatabasetimetreegraphawarerelatedtoviacypherqueryrecorelationshiptypespringrestgraphdatabaseflockdbneomodelneo_j_rbshortpathpersistable withindistancegraphdbneo_jneo_j_webadminmiddle_ground_betweenanormcypher materialised handaling hinted finds_nothingbulbsbulbflowrexprorexster cayleygremlintitandborient_dbaurelius tinkerpoptitan_cassandratitan_graph_dbtitan_graphorientdbtitan rexter enough_ram arangotinkerpop_gremlinpyorientlinkset arangodb_graphfoxxodocumentarangodborientjssails_orientdborientgraphexectedbaasbox spark_javarddrddsunpersist asigned aql fetchplanoriento bsonobjectpyspark_rddrddmatrixfactorizationmodelresultiterablemlibpushdownlineage transforamtionspark_rddpairrddreducebykeymappartitionstakeorderedrowmatrixpair_rddblockmanagerlinearregressionwithsgddstreamsencouter fieldtypes spark_dataframejavarddgroupbykeyorg_apache_spark_rddlabeledpointdatabricksaggregatebykeyjavasparkcontextsaveastextfilejavapairdstreamcombinebykeysparkcontext_textfilejavadstreammappartitionswithindexupdatestatebykeyreducebykeyandwindowrepartitioning
    [Show full text]
  • Windows Sysinternals Administrator's Reference
    Windows® Sysinternals Administrator’s Reference Mark Russinovich Aaron Margosis PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2011 by Aaron Margosis and Mark Russinovich All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2011931614 ISBN: 978-0-7356-5672-7 4 5 6 7 8 9 10 11 12 LSI 7 6 5 4 3 2 Printed and bound in the United States of America. Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected]. Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.
    [Show full text]
  • Virtualizing System and Ordinary Services in Windows-Based OS-Level Virtual Machines
    Virtualizing System and Ordinary Services in Windows-based OS-Level Virtual Machines Zhiyong Shan§* Tzi-cker Chiueh* Xin Wang* [email protected] [email protected] [email protected] §Key Laboratory of Data Engineering and Knowledge Engineering, MOE, Renmin University of China *Stony Brook University ABSTRACT A standard implementation for OS-level virtualization is to OS-level virtualization incurs smaller start-up and run-time intercept the system call interface, and rename the system overhead than HAL-based virtualization and thus forms an resources being manipulated so that the system resources of important building block for developing fault-tolerant and each virtual machine reside in a separate name space. A well- intrusion-tolerant applications. A complete implementation of known problem with OS-level virtualization is that all OS-level OS-level virtualization on the Windows platform requires virtual machines running on top of a kernel share the kernel’s virtualization of Windows services, such as system services like state, because OS-level virtualization does not virtualize the the Remote Procedure Call Server Service (RPCSS), because kernel state. On the Windows platform, a set of user-level they are essentially extensions of the kernel. As Windows system services, which behave like daemons in a Unix-style OS, system services work very differently from their counterparts on are used to augment the kernel and provide various critical UNIX-style OS, i.e., daemons, and many of their functionalities to other services and applications. For example, implementation details are proprietary, virtualizing Windows Windows’s inter-process communication mechanisms such as system services turned out to be the most challenging technical COM, DCOM and RPC, are supported by the RPCSS service.
    [Show full text]