Malicious Software Removal Tool / Safety Scanner - Microsoft

Malicious Software Removal Tool (MSRT) :

                                                                 helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.

Use this tool:

• If you have automatic updates for Windows turned off. Windows Update automatically downloads and runs MSRT in the background.
• If you suspect an infection from prevalent malware families
• To complement your antimalware product.

MSRT targets prevalent malware families only.

Download Link :

https://www.microsoft.com/en-us/download/details.aspx?id=16

Microsoft Safety Scanner:

is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.

Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.

Download 

• Download Microsoft Safety Scanner (32-bit)
  
• Download Microsoft Safety Scanner (64-bit)
  

Local Administrator Password Solution(LAPS) - Microsoft Free Password Management Tool

Local Administrator Password Solution (LAPS):

                                                                            is a Microsoft product that manages the local administrator password and stores it in Active Directory (AD). This solution automatically updates the password on a routine basis. The Microsoft Infrastructure (MI) team has implemented the LAPS schema extensions and created a default set of permissions to retrieve a password stored in AD.

 Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.

LAPS Architectural Diagram:

Img Source: Microsoft


Deployment Steps :

Security

• Random password that automatically regularly changes on managed machines
• Effective mitigation of Pass-the-hash attack
• Password is protected during the transport via Kerberos encryption
• Password is protected in AD by AD ACL, so granular security model can be easily implemented

Manageability

• Configurable password parameters: age, complexity and length
• Ability to force password reset on per-machine basis
• Security model integrated with AD ACLs
• End use UI can be any AD management tools of choice, plus custom tools (PowerShell and Fat client) are provided
• Protection against computer account deletion
• Easy implementation and minimal footprint

Requirements

• Active Directory:
  • Windows 2003 SP1 and above
• Managed/Client machines:
  • Windows Server 2016
  • x86 or x64
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows Server 2008 R2 Service Pack 1
  • Windows 7 Service Pack 1
  • Windows Server 2008 Service Pack 2
  • Windows Vista Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 2
  • Itanium NOT supported
• Management tools:
  • .NET Framework 4.0
  • PowerShell 2.0 or above

Download Link :

https://www.microsoft.com/en-us/download/details.aspx?id=46899

Packet Capture ( PCAP ) File Analysis Tools

PacketTotal:

                  allows you to upload a PCAP, or packet capture, file and have it automatically analyzed and parsed against BRO IDS and Suricata signatures in order to provide information on what may have been detected in the capture file.

                         


URL : https://packettotal.com/

Microsoft Message Analyzer:

 is the successor to Microsoft Network Monitor. It is helpful in capturing, displaying, and analyzing protocol messaging traffic and other system messages. It is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.
                  




              

Message Analyzer can certainly be used to analyze .pcap files.  The tool is generic and not specific to Microsoft, but certainly more focus is put on the Windows scenarios so Microsoft related parsers are kept up to date.  However, you can analyze virtually any kind of data, going beyond network captures like EVT, ETW, CSV and many more.

Tools -> Options -> Parsing

Download Link : https://www.microsoft.com/en-in/download/details.aspx?id=44226

CapAnalysis:

               is a web visual tool for information security specialists, system administrators and everyone who needs to analyze large amounts of captured network traffic.



                      

CapAnalysis performs indexing of data set of PCAP files and presents their contents in many forms, starting from a list of TCP, UDP or ESP streams/flows, passing to the geo-graphical representation of the connections.

CapAnalysis is Open Source.

Download Link : https://www.capanalysis.net/ca/#download 

 Tcpdump

                a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

                 

Its a premier network analysis tool.

Download Link : http://www.tcpdump.org/#latest-releases


PCAP Analyzer:

  is a fully graphical tool that has been developed by Daniel Botterill as part of his MSc Computer Security degree, it has been designed to take in a PCAP capture file and report back any malicious behaviour identified.
It includes the following major features:

• Displaying of packets with support for major protocols
• Reassembly of TCP/UDP streams and HTTP response/reply streams
• Detection of ICMP IPV4/IPV6 address sweeps
• Importable blacklists with settable formats
• Detection of denial of service attacks
• Detection of domain name fluxing & similar domains detection
• Detection of downloaded files with support for file identifier and virus scanner input
• Detection of port scans & port knocks
• Detection of single fast fluxing domains & multiple IP usage domains
• Automated parsing of Snort log for PCAP files
• Detection of various traffic patterns: constant HTTP requests, multiple Host User-Agent Referer requests and TCP/UDP similar messages
• Draggable and filterable network map displaying computers, connections and malicious behaviour
• Malware release automation (Windows Only)
• Malicious behaviour summary & uncategorised traffic