Welcome back folks, So I told you about monitoring processes but sometimes using a script isn’t so easy.  So I bring ProcessMonitor a tool for monitoring the new processes as they launch on your computer.  It monitors the processes and adds them to a list in a text box.  Most recent at the top.

Download Here

It is amaizing how often new processes are launched on your computer, all of them doing their own thing and a lot of times you have no idea they are doing it.  This can be a dangerious thing if your friends have been learning about office warfare and are startring to install things on your computer.  However it does us little good to just watch the task manager since there are a lot of processes that start when your computer starts up and it can be hard to sort it all out. 

However monitoring new processes can be quite useful since that will show you what new things are cropping up all the time.  Fortunately for all of us there is a great scripting language that comes pre built into windows machines called Windows Management Instrumentation (WMI) that when coupled with the Visual Basic Scripting language (vbs) will allow us to monitor new processes. 

Lets look at the code after the break. Read more

You may not be as paranoid as I am … but you probably should be.  One thing that bothers me is that on a domain system is that my files are accessible to anyone with admin privileges on the domain.  They can read my emails, my documents, see my pictures, pretty much access anything they want. 

Fortunately for the paranoid there is a solution.  You can encrypt your files.  The easiest way to go about this is to surf on over to truecrypt.org and download their software package.  True Crypt is free of course, all you do is download it and follow their tutorial and you will have yourself an encrypted drive volume in no time flat.  Then anything you stick into that drive is encrypted and only decrypted on the fly when you ask for it.  The best part about True Crypt is that you are the only person who knows the password and it uses such great encryption algorithms that, with a sufficiently long password, it would take years to break.

So yesterday we talked about the event log, you could were you so inclined, just keep the event log open and periodically refresh it thereby keeping an ‘eye’ on the event log.  However, in the end this is impractical.  So what you do is access the event log in code and monitor the events you are interested in, then when one of them fires off you notify yourself via some mechanism that suits you.  So how, you ask, might I monitor the event log in code?  Well I am glad you asked, lets look at the code after the break. Read more

So we haven’t had a discussion on the event log yet. I figure it is about time. The event log is the quintessential defensive tool. Any access you’re your system gets logged to the event log. The main thing you are going to be concerned about is the security event log. Every attempted access to your system, whether it fails or succeeds, gets logged in the security event log. This can be very handy when you are concerned about your co-workers running a shutdown or using psexec on you. Checking your event log can also let you know if someone has accessed the file system remotely to copy over some piece of code they wrote.
Tomorrow I will go into detail on how you might monitor the event log in real time for particular things but for today I remind you that OfficeDefender does just that. Any attempted logins will be displayed in the window and any attempted shutdowns will be aborted.

Welcome back folks, I have another tool for you today. This one is a defensive tool designed to help you hide what you are doing from others prying eyes. Lets layout a common problem, so your sitting at your desk, done with your work, and you want to play solitaire. But Bob over in purchasing likes to walk by and say hi all the time. Unfortunately his hi is generally accompanied by a big ol’glance at your desktop. Sure you minimize quickly but he still sees solitaire in the task bar, and before you know it Mr Boss Man shows up and is keeping a close eye on your progress. How do you solve this? Well with Window Hider of course. You add “sol”, the name of solitaire’s executable, to the list in Window Hider and press the magic hot key (default F7) when Bob walks by and bingo, no solitaire here. Download it and give it a shot.

 Download Here

Welcome back today we are going to talk about a hole left in yeasterdays protection of executables.  That hole lies in the fact that if you rename an executable then kill it, there is no way for a watcher processes to restart it.  So what we do to solve that problem is watch the executables to make sure their names dont change, and if they do, you just change them back.  Lets look at the code. Read more

So a common problem you may imagine when engaging in office warfare is that it is quite easy to just end task on an executable.  The problem with this is that once your program is killed it can no longer defend you or attack your friends.  So how do we handle this problem? Well there is a fairly simple way to go about it, and fortunately for you I am about to share that with you.

Here is the general idea, you create another program to go along with your application you are sending, this programs sole purpose is to watch the list of processes and if your main program gets killed it just restarts it.  Then you add a little code to your main program that does the same thing for the watcher program.  Then if either program is killed they rerun the other one before the evil killer of little cute programs has s chance to kill the other. Read more

So I wrote this app a little while back with the intention of giving it to you good folks here at officewarfare.  The program basically stems from the need to defend yourself against the attacks of your co-workers.  This program mainly (at the moment) defends against the shutdown command. 

What this app does is monitor the event log for an event indicating that a shutdown has been initiated and when it detects one it aborts said shutdown.  Then to make it not just a wussy defensive app it attempts to shutdown the computer  made the feeble attack against you.  Anyways the app requires .net 2.0 and minimizes to to task bar.  Have fun.

Download Here