Forensic Pseudoscience

This PowerShell script can be leveraged for the cleanup of Microsoft Teams from target machines or users. It should be executed for every user on a targeted machine.

For those of you who may have recently installed security updates on Windows 10 workstations in the past few days, you may notice that you receive a peculiar error when trying to establish a remote desktop connection to a server that worked prior to installing the updates. The initial March 13, 2018, release updates the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms. The CVE-2018-0886 consists of installing the update on all eligible client and server operating systems and then using Group Policy or registry settings to configure the options on both clients and servers. Let’s take a look at Windows 10 RDP CredSSP encryption oracle remediation error fix.

Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix

Just a couple of days ago, the cumulative updates were released below for Windows 10 and Server 2016, etc.  These cumulative updates include the fix for the CredSSP encryption vulnerability.

May 8, 2018 – KB4103721 (OS Build 1803)
May 8, 2018 – KB4103727 (OS Build 1709)
May 8, 2018 – KB4103731 (OS Build 1703)
May 8, 2018 – KB4103723 (OS Build 1609 & Server 2016)

Once you have installed the patch on a “vulnerable” workstation and attempt to connect to an unpatched server, you will see the following error message that happens after you type in your password to authenticate to the RDP session.

CredSSP authentication error after installing May 8 2018 patch Windows 10

There is a local policy setting that is added with the installed security updates.  You can find this at Computer Configuration >> Administrative Templates >> System >> Credentials Delegation >> Encryption Oracle Remediation.  By default this is set to Not configured.

Windows 10 RDP CredSSP encryption oracle remediation error Fix

To Fix the issue as a workaround, set the policy to Enabled and set the Protection Level to Vulnerable.  ***Note*** – This is not recommended by Microsoft, as making sure both the client and server is patched is best practice.  However, setting the policy to Vulnerable allows your workstation to now connect to the remote desktop session that was previously blocked by the mitigation.

Settings contained in the Encryption Oracle Remediation Fix

CredSSP Encryption Oracle Remediation Policy Settings

There are three settings contained in the policy setting that can be enabled.

Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version.

Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.

Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.

CredSSP Encryption Oracle Remediation Registry Setting

Alternatively, you can set this policy setting via the registry and a reboot.

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002

CredSSP Encryption Oracle Remediation Group Policy

These settings can be applied via a Group Policy Setting.  For a great walk through of how to do this, check out this post here: https://www.mcbsys.com/blog/2018/03/updating-the-credssp-group-policy/

Takeaways

Patching is becoming ever more important with security vulnerabilities that are present today.  Security is on the minds of everyone and it should be.  Compromised systems can lead to data loss and data leak.  Keeping up with Microsoft patches and having a routine schedule of patch application is essential for enterprise datacenters running Microsoft server operating systems.  By mitigating known vulnerabilities the attack surface is drastically reduced and attacks become more difficult for the would be attacker.

1.  Remove Office 365 license for Subscription based installs (not Shared Computer Licensing scenarios):

To remove the Office 365 license, you must run two cscript command lines. The command lines are:

        A. Run C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /dstatus

The above command line will generate a report of the currently installed/activated license. (See Below)

NOTE: You might see multiple licenses in the /dstatus report.

        B. Make note of value for “Last 5 characters of installed product key”

        C.  Run C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /unpkey:“Last 5 of installed product key” For example: C:\program files (x86)\Microsoft office\office16>cscript ospp.vbs /unpkey:WB222 (See Below) Repeat the step above if necessary until all keys are removed.

After running the /unpkey: command line you will see a “Product Key uninstall successful” message. You can now close the Command Prompt and move onto Step 2.

2. Remove cached identities in HKCU registry:

        A. In the Registry Editor navigate to HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity\Identities and remove all of the identities under \Identities.

NOTE: If using Shared Computer Licensing remove the above Identities from HKEYUsers\SID.

3. Remove the stored Credentials in the Credential Manager:

A. Open Control Panel > Credential Manager.  Remove all Windows credentials listed for Office15 or Office16.

       B. To remove the Credential Click on the Drop down arrow and choose Remove from Vault.(See Below)

Shared Computer Licensing scenarios you must remove the Token and identities listed below.
File Location  Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing

4. Persisted locations that must be cleared

Credential Manager:

Appdata\Roaming\Microsoft\Credentials
Appdata\Local\Microsoft\Credentials
Appdata\Roaming\Microsoft\Protect
HKCU\Software\Microsoft\Protected Storage System Provider

Office 365 activation Tokens and Identity

Appdata\local\Microsoft\Office\15.0 or 16.0\Licensing
HKCU\Software\Microsoft\Office\15.0 or 16.0\Common\Identity
HKEYU\(The Users SID)\Software\Microsoft\Office\15.0 or 16.0\Common\Identity

The above steps will reset the activation state for Office 365(2013/2016). The activation flow after the locations are cleared will represent an initial activation.

Posted by mjwiech http://www.annoyances.org/exec/forum/winxp/1256278725

To whoever might be interested:

Without any apparent reason my Internet Explorer 8 running under WinXP SP3 started
to improperly show various pages. I quickly discovered that Javascript did not work.

Reinstalling IE8 did not help though, in my opinion, it should!

Long and extensive searching on the web did not help either. All tips how to (re)activate
Java Script [by changing security level in Internet Options and activating scripts]
did not work.

I went for total removal of IE8 and reinstalling it from scratch.
I failed:
– IE8 was not visible on Add/Remove Programs screen
– Directory Windows\IE8 where ‘spuninst.exe’ uninstaller is located was not present.
– Microsoft ‘fix it’ tool MicrosoftFixit50238.msi refused to remove IE8 because
it was blocked by some updates.

What I had to do?
1. Create a restore point
2. Try to carefully remove IE8 manually. I would probably mess up the system.

Creating restore point did not work either! I got a blank screen.

Back to Google search… and BINGO! There was an answer:

I had to reregister two DLL-libraries:

Using a pretty nifty trick you can reset a forgotten Mac password without a Mac OS X installer CD/DVD. The steps may seem a little intimidating at first but I assure you it’s easy if you follow them exactly, here is exactly how to do this in three stages:

Stage 1) Boot into Single User Mode and remove a setup file

• Restart the Mac holding down the Command+S keys, this will take you into Single User Mode and it’s Terminal interface
• You’ll need to check the filesystem first:
  fsck -fy
• Next, you must mount the root drive as writeable so that changes will save:
  mount -uw /
• Now, type the following command exactly, followed by the enter key:
  rm /var/db/.applesetupdone
• After removing the applesetupdone file, you need to reboot, type ‘reboot’ and hit enter

Stage 2) Create a New User Account upon System Boot

You aren’t finished, but the hard part is now over – no more command lines, you’ll now be in the familiar Mac OS X GUI to finish the password reset process. In this step we just create a new user account as if you just got a new Mac:

• Upon reboot, you will be presented with the traditional “Welcome Wizard” startup screen just like when you first get a Mac
• Follow the welcome wizard and create a new user account – making the account name different from the account whose password you want to recover
• Continue on and boot into Mac OS X with this newly created user account, this new user account is an Administrator and has administrative access

Stage 3) Reset the Forgot Password via System Preferences

You are almost done, now you just need to reset the forgotten user account password using the Accounts control panel:

• Once you are booted into Mac OS X, click on the Apple logo and then navigate down to “System Preferences”
• Click on the “Accounts” icon in System Preferences
• Click on the Lock icon in the lower left corner of the “Accounts” preference window and enter the newly created user credentials, this enables you to change other user accounts and reset other users passwords
• On the left side user panel, select the user account containing the forgotten password
• With the user of the forgotten password account selected, click on the “Reset Password” button
• Enter a new password for that user, be sure to include a meaningful hint so you don’t forget it again!
• Close System Preferences and reboot the Mac
• You can now login to the previously inaccessible user account using the newly reset password! All user files and settings are maintained as before the password was forgotten

Optional: If you’d like, you can delete the temporary account you created to reset the users password. This is wise for security purposes.

Here’s how this works: by deleting the .applesetupdone file, you are telling Mac OS X to re-run the setup wizard, which by default creates a new user account with Administrative abilities, which can then reset the forgotten password of any other user on the Mac. This is a great trick and excellent troubleshooting technique if you don’t have a Mac OS X installer CD/DVD laying around, which is pretty much the norm as many people tend to lose or misplace the installer disks that come with their computers. I have used this exact method multiple times to restore various Macs with forgotten/lost passwords.

Play seed hd 27

在現時眾多民用的雲端儲存供應商之中，發展得最積極的一位非Dropbox莫屬。雖然為每名註冊用戶提供的免費儲存空間只有2GB，對高用量的使用者來講不足。幸好官方有很多方法來助大家提升免費空間的容量，除了不同類型的帳號號、和其他廠商合作外，其中推薦計劃更是最有效升空間的方法。

官方剛於網站Blog上公佈，由即日起，免費用戶每推薦一位朋友使用Dropbox，雙方都可獲得的免費空間由原本的250MB提升一倍至500MB，上限也由原來的8GB提升至16GB。而付費的Pro用戶更可獲1GB至上限的32GB。

要邀請朋友的方法可以是經Email、Facebook、Twitter或上討論區等。只要登入後按此連結就可以獲得你自己的推薦連結，再把連結發給朋友即可。例如筆者的推薦連結為：http://db.tt/FNXknuZ3，如果你還沒有Dropbox帳號的話，只要透過這條連結申請帳號的話，你和筆者的Dropbox免費空間都會免費提升500MB，直至16GB的上限為止。

Requirements:

*USB Flash Drive (Minimum 4GB)

*Windows 7 or Vista installation files.

Follow the below steps to create bootable Windows 7/Vista USB drive using which you can install Windows 7/Vista easily.

1. Plug-in your USB flash drive to USB port and move all the contents from USB drive to a safe location on your system.

2. Open Command Prompt with admin rights. Use any of the below methods to open Command Prompt with admin rights.

*Type cmd in Start menu search box and hit Ctrl+ Shift+ Enter.

Or

*Go to Start menu > All programs > Accessories, right click on Command Prompt and select Run as administrator.

3. You need to know about the USB drive a little bit. Type in the following commands in the command prompt:

First type DISKPART and hit enter to see the below message.

Next type LIST DISK command and note down the Disk number (ex: Disk 1) of your USB flash drive. In the below screenshot my Flash Drive Disk no is Disk 1.

4. Next type all the below commands one by one. Here I assume that your disk drive no is “Disk 1”.If you have Disk 2 as your USB flash drive then use Disk 2.Refer the above step to confirm it.

So below are the commands you need to type and execute one by one:

SELECT DISK 1

CLEAN

CREATE PARTITION PRIMARY

SELECT PARTITION 1

ACTIVE

FORMAT FS=NTFS

(Format process may take few seconds)

ASSIGN

EXIT

Don’t close the command prompt as we need to execute one more command at the next step. Just minimize it.

5. Next insert your Windows7/Vista DVD into the optical drive and check the drive letter of the DVD drive. In this guide I will assume that your DVD drive letter is “D” and USB drive letter is “H” (open my computer to know about it).

6. Maximize the minimized Command Prompt in the 4th step.Type  the following command now:

D: CD BOOT and hit enter.Where “D” is your DVD drive letter.

CD BOOT and hit enter to see the below message.

7. Type another command given below to update the USB drive with BOOTMGR compatible code.

BOOTSECT.EXE /NT60 H:

Where “H” is your USB drive letter. Once you enter the above command you will see the below message.

8. Copy your Windows 7/Vista DVD contents to the USB flash drive.

9. Your USB drive is ready to boot and install Windows 7/Vista. Only thing you need to change the boot priority at the BIOS to USB from the HDD or CD ROM drive. I won’t explain it as it’s just the matter the changing the boot priority or enabling the USB boot option in the BIOS.

Note: If you are not able to boot after following this guide means you haven’t set the BIOS priority to USB. If you got any problem in following this guide feel free to ask questions by leaving comment.

Adobe CS5 Creative Suite 5.5 Master Collection for MAC 影像、音效、網頁製作 繁體中文DVD版(內含InDesign+Photoshop+Illustrator+Flash+Dreamweaver+Fireworks+Premiere)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
軟體名稱: Adobe CS5 Creative Suite 5.5 Master Collection
語系版本: 韓文/繁體中文DVD版
光碟片數: 單片裝(單面雙層 DVD)
保護種類: 註冊碼
破解說明: 見最底下
系統支援: 蘋果電腦 Mac OS X 10.6 以上版本(目前已知)
硬體需求: PC
軟體類型: 影像、音效、網頁製作
更新日期: 2011.04.30
軟體發行: Adobe(C.ORE)
官方網站: http://www.adobe.com/products/creativesuite/mastercollection
中文網站: http://www.adobe.com/tw/products/creativesuite/mastercollection
軟體簡介: (以官方網站為準)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Adobe CS5 Creative Suite 5.5 Master Collection 包含的軟體有↓
Photoshop CS5 Extended
Illustrator CS5
InDesign CS5.5
Acrobat X Pro
Flash Catalyst CS5.5
Flash Professional CS5.5
Flash Builder 4.5
Dreamweaver CS5.5
Fireworks CS5
Contribute CS5
Premiere Pro CS5.5
After Effects CS5.5
Audition CS5.5
OnLocation CS5.5
Encore CS5.5
Bridge CS5
Device Central CS5.5

從開始到完成只需運用單一完整的方案，即可呈現您的內容 。Creative SuiteR 5
Master Collection 軟體可讓您設計和開發令人驚豔的內容、更有效率地協作，並
將內容發佈至任何地方。查看新功能

什麼是 Master Collection？
從開始到完成只需運用單一完整的方案，即可呈現您的內容。 Creative SuiteR 5
Master Collection 軟體可讓您設計和開發令人驚豔的內容、更有效率地協作，並
將內容發佈至任何地方。

擴展您的創意觸及面
運用 Illustrator 製作企業識別，以吸引線上客群。使用全新的 Flash Catalyst
CS5 來建立具表現力的互動式介面，毋需編寫程式碼。

設計並提供如臨現場的體驗
使用 Flash Professional CS5 讓您的微型網站和休閒遊戲設計在桌面、瀏覽器和
行動裝置上都能呈現一致效果，以吸引您的觀眾。

在各種螢幕上都能呈現您的作品
運用 Photoshop CS5 Extended 的高解析度影像來增強 HD 視訊製作。使用 After
Effects CS5 來加入細微的效果，然後在 Adobe Premiere Pro CS5 中大幅提高編
輯的速度。
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.安裝時選試用安裝，安裝好後，（如果你不使用一、4.的hosts小腳本，可以手動進行以下操作）修改hosts：

打開終端，鍵入 sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts（注意 sudo前邊有空格）要注意的是轉換許可權過程中需要輸入密碼，空密碼是不允許的(如果你的帳號是空密碼，請先去改改吧)
沒意外的話會出現文字編輯器，在打開的hosts檔最下面加上以下127.0.0.1 XXX代碼：
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72

2.安裝adobe大師版或者單個adobe軟體，打開軟體再輸入以下隨便一組SN就可以完成註冊了
1325-0742-6238-7407-1242-6814
1325-0224-6081-7924-2537-9878
1325-0529-4958-2338-7643-2197
1325-0971-9639-6533-2029-7805
1325-0445-2906-3119-6186-8002
1325-0049-7842-6249-6141-8983
1325-0678-8050-4981-1337-8429
1325-0671-2509-1381-3854-2559
1325-0203-4623-7344-3045-3817

3.Start After effects, load a movie apply color finesse effect
a request window will pop up
use any name you want and
use as serial
CFLEM30-103803-863554-708076-512430-0200 to activate it

http://mydbt.net/mac/z0342.htm

window:

1. Go To MainDrive:\Windows\System32\drivers\etc
2. Copy Hosts File To Here
3. Confirm Overwrite

1. Disconnect Internet (JUST TO BE 100% SURE ADOBE CAN NOT CONNECT DURING INSTALLATION)
2. Install Adobe CS5.5 As a Trial
3. Open Any Application from Adobe CS5.5
4. Accept T&c, Click Next Enter Serial: 1325-1009-4363-8914-0673-0209
5. Reconnect To Internet

Once done the Application you selected to open will open and CS5.5  IS FULLY ACTIVATED
All files are from original source and 100% virus free
if you experience any problems please feel free to ask in comments
IF YOU DOWNLOADED THIS PLEASE SHOW YOUR THANKS BY SEEDING!!!

Thankyou For Downloading
This Download Was Brought To You By Ric

127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 www.adobeereg.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.aobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 www.wip.adobe.com
127.0.0.1 www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com
127.0.0.1 www.wip3.adobe.com
127.0.0.1 www.wip4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

Here’s how to enable auto-login:

1. Open the Start Menu, type “netplwiz,” and press Enter.
   Note: If using the Windows Classic Start menu, you need to click on Run, enter “netplwiz”, and click OK.
2. Uncheck the Users Must Enter a User Name and Password to Use This Computer option, as shown in Figure:
   
   A. Choose the user account you want to allow to log on automatically.
   B. Select Users Must Enter a User Name and Password to Use This Computer.
3. Click Apply.
4. In the Automatically Log On window, enter the username and password (twice) for the account you want to auto-login, and click OK.
5. Click OK to exit. Remember to come back to WebTechGeek.com for more How To Tips.