Hard Disks and File Systems System Information for Windows Lab

FacebookTwitterGoogle+LinkedInEmail
Description
This is a really hands-on, visual lab for running comprehensive analysis on a given Windows Systems environment. The System for Information Windows lab demonstrates how it reveals details about every host on your network including software installations, drivers, hardware, security settings, even licensure, and what’s going on with each of those components.  This software also displays, organizes its data in a thorough, quick reference, dashboard type way making the report extremely comprehensive. [toggle_content title="Transcript"] Hey, Leo Dregier here. I’m sure you’ve all connected by now on Facebook, LinkedIn, YouTube, and Twitter. I want to cover a tool called System Information for Windows. Um, I like this tool because it’s a very, very, detailed-oriented tool that you can run against operating systems to collect all sorts of reconnaissance and enumeration, kind of just, you know, ask me any question about it after running this tool, I should be able to answer it, okay? So I’m going to run down the list of things that this queries. Um, sometimes the queries can take a little bit, but, you know, nothing more than – I wouldn’t go get coffee; I would just wait for the query to run. So it’s relatively short in the grand scheme of things, right? So you can click on Operating Systems, you can look at some of the updates, you can immediately connect in here and say hey, what are the installed updates on the computer; what are the missing updates on the computer? And any time you’re using some sort of inventorying system, whether it be Tivoli or whatever, right, just some sort of – I will need to know every host on the network and what does it look like, you know, and give me a status. These questions, up until recently, were very, very, very hard to answer in the grand scheme of things. You just couldn’t ask a question like are we secure, you know, or are our computers up to date, right? Just because there’s so much missing information in conventional reports that you’ll never, you know, you, you, whatever answer you come up with is only a percentage of accuracy of realistically how close you think you are, right? So, nonetheless, we can go into the software, you can get the updates, you can see the missing updates, um, that’s fine if this connects to Microsoft.com; I’m not going to run the rate-specific report on this just because there’s way too many other things to cover. You can click, grab System Directory, so any program that’s basically in here, as soon as you type it at the command prompt or Power Show, it’s more or less going to run, uh, because these are all environmental variable set plus they can map over here to Registry Keys, uh, which is just, you know, Explorer’s shell folders. That’s pretty uncommon, so it’s a shell folder and it’s a shell variable that sets it. Um, any sort of system files with directories these are located in and some examples and details of each one of these, like what’s in this file, what’s in this file, what’s in the host file, you know, so that way you don’t have to go navigate all the way to the file to the file directory and grab the host. So the fact that this just tells you, saves you clicks and clicks makes you faster and much more efficient as anybody who has to answer questions for a living. You have LMOs, not that that’s really used too much anymore; you’ve got MS DOS, you got the System INI file, all the items in there, the win.ini file, MSDOS.sys. You can grab installed programs, so you can get a quick shot of what’s installed instead of going to Windows Update and seeing what Windows programs are installed, just go right here. Publisher, the version, the date, the key for it, if it said different applications, feel like doing some application reconnaissance, I mean, just pick something, anything in here, you know, DirectX; look at all the properties and the values; Google Chrome, properties and values; .net Framer properties and values; Smack, properties and values, right? So lots of stuff. You want to grab security [03:23]; you want to go get a quick vulnerability scan, you know. Antiviruses, is it set? Is auto update set? Is it, uh, you know, anti-spyware? What’s the condition, the values? Are the firewalls even set on? Or does it have anti-virus software, or was it using Windows Defender for spyware; um, and even here, I love this button here, Licensing; uh, I’m not going to show it to you for, hopefully, obvious reasons here, um, but the, the actual licensing piece, it tells you all of the license, and you can write them down. So it does a quick little license inventory, which is worth, you know, a thousand seconds in itself. Accessibility options and what specific ones are set, so this reminds me of looking at Group Policy detail-specific settings. Environmental variables, um, and what they are and what there set for. Regional settings, if you go into this a lot and you work a lot with time zones or locations or geolocations or changes in keyboard layouts or currency; File Associations – this is nothing more than going to Windows and right clicking, and going to the File Extensions; you should all know how to do that by now, and so that way you can change a file extension when you need to. One thing I love about a tab like this, is, most often, us network people know the inside of a SI model inside and out, but nobody ever really has a great example of layer six of the presentation layer. This is it folks! This is where you make the associations, okay? To determine what layer seven implication actually opens it, but this is directly interfacing with layer six of the OSI model, file associations. So those of you that, uh, you know, have studied the OSI model in the past, please note, boom, big list all extensions. Any one of these are fair game. What running processes are on the system? What loaded DLLs? What drivers? What NT Services? What auto run features? What scheduled tasks are? What databases? I mean, it just goes on and on and on and on, so let’s just call that section, okay, cool, nice software overview. Now let’s go to emulated hardware, okay? So in this case, I’m able to pull virtual machine settings, motherboard information, uh, anybody who has an A+ background, right? Watch some of the A+ videos. Anthony did a phenomenal job with those. Go ahead and look at all this stuff. You got bio settings, CPU settings, memory settings. This is where geeks get the geek out. PCI settings, you know, storage devices, what ports? If you’re kinda starting to get – not networking ports. This would be hardware ports because it’s under hardware; but networking ports, all of your, your predefined settings, okay? Uh, Power Policies, can you, you know, from an attacking point of view, can I, you know, attack this system and maybe change a setting like this and force it to shut down, therefore, causing a denial of service of that? What are the battery settings? Printers? Resources? Okay? Alright, so that’ll give you the overview of hardware. I’m going to leave some things clearly off the table here, but I want you to go play with them and you evaluate them, and you have a takeaway, right, because, you know, active learning is doing. It’s one thing to watch me, it’s another thing to go do it yourself, and that’s the difference between talk the talk and, and walk the walk, okay? Neighborhood scan, you know, open ports on the system, the different shares – so this should look familiar; it should look like you just did a net share at the command prompt, and that’s what you would get, or, you know, hey, you could easily net share, okay? Look familiar? Well, I think so. Um, remote access connections, if there are any; other networking sections; browsing network neighborhood directly built in, and, yes, I have a computer named OB1 and OB. And search network neighborhood, right? FTP scans, and so it’s got a built-in scanner to it. So this is [07:17] and you want to learn sort of how to ethical hacking, bam, here you go, okay? It’s just way too much detail. This is stuff that you guys have to look, to look at, evaluate. It’s got a built-in network and traffic monitor to it. You want to sit there and watch traffic? You know, go download something just for the sake of, you know, seeing some traffic here? You know, download the combination, boom. Let that go. See it spike. This is how you learn. This is how you test things out, right? Use the tools. All I can do is give you an overview of the tool. You have to evaluate the tool yourself and go, okay, and make the relationships, and that’s how you’re going to master this learning. So stick with me. I’ve got, oh, I don’t know, a couple hundred more videos left to do. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel