Gartner Magic Quadrant for Web Application Firewalls (2018,2017,2016)
A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A…
Install T-Pot into Google Cloud Platform VM Instance
T-Pot is a honeypot platform built on Ubuntu with Dock technology. Latest version is 17.10 and OS is Ubuntu 16.04. The minimum system requirement is at least 2GB RAM and 40GB disk space. There are some other posts online to show how to install T-Pot into cloud virtual machine instance. Unfortunately, I failed so many times and got a error…
Cisco® Web Security Appliance (WSA) offers malware protection, application visibility and control, acceptable use policy controls, insightful reporting and secure mobility to enterprise network. The Cisco WSA is a forward proxy that can be deployed in either Explicit mode (proxy automatic configuration [PAC] files, Web Proxy Auto-Discovery [WPAD], browser settings) or Transparent mode (Web Cache Communication Protocol [WCCP], Policy-Based Routing [PBR], load…
Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting. Basic Sysmon Usage commands: Installation: sysmon -i -accepteula [options] Extracts binaries into %systemroot% Registers event log manifest Enables default configuration Note: Once this command runs, the Sysmon service is installed,…
How to Find Out Windows Process Sending Traffic, Especially ICMP Packets
There are a number of different ways to find out which process is sending tcp / udp traffic in computer systems, but not much for icmp traffic. Here is a summary for the ways to do it. 1. Install a local firewall You could always try installing a firewall that blocks outgoing traffic or use the Windows Firewall. When the…
Here are some scripts and methods to do remote troubleshooting or running some commands in remote machines. I found they are very useful especially in a enterprise environment if you have your domain admin account. Prerequisites to run remote commands Install .NET Framework 4.5.2 from \\shareserver\it\$Install\Scripting prerequisites\NDP452-KB2901907-x86-x64-AllOS-ENU.exe or from https://www.microsoft.com/en-ca/download/details.aspx?id=42642 Install Windows Management Framework 5.1: copy the folder \\shareserver\it\$Install\Scripting prerequisite\Windows Management…
ArcSight Logger is one of products from Micro Focus SIEM platform. It streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously…
I have been using a Usb-to-Serial cable for many years without problem at windows xp and windows 7 system. Just recently upgraded to windows 10 , the cable does not work properly any more.
The Prolific USB-to-Serial Comm Port shows not working properly in the system Device Manager. There is a yellow exclamation mark next to my Prolific USB in device manager as shown below screenshots:
Device Status of the Device’s Property shows:
This device cannot start. (Code 10) A device which does not exist was specified.
This error is basically saying that Windows, for one reason or another, cannot communicate properly with one of your programs. This communication problem is usually caused by out-of-date, missing or corrupt device drivers.
To resolve Error Code 10, I have followed following recommended steps found from Internet:
Reboot your computer – this is always a first step to resolving any problems, if it works – great, if not – proceed to the next step!
Select Start > All Programs > Windows Update
Right-click on My Computer
Click Properties > Hardware menu tab > Device Manager
Double-click the device that is causing the error (there will be a yellow triangle with exclamation mark to the left of it)
Right-click the specific device and select Properties
Click on the Driver menu tab and select Update Driver
Windows may ask for the path of the driver in which case you will need to either insert your Drivers disk (if you have it) or download the Drivers from the manufacturers website
Restart your computer
Unfortunately those steps do not work in my case. By Googling Internet, I found some explanation:
“What has happened is that there have been counterfeit “Prolific” chips coming from China. The counterfeit chips use the same Vendor ID (VID_067B) and Product ID (PID_2303) as the authentic Prolific chips. So, Prolific made changes to their newest drivers to render the adapters using counterfeit chips unusable. Unfortunately, it renders all earlier adapters inoperative and so you have to go out and buy new ones. Planned obsolescence? Getting a working driver installed for the average user is almost impossible.”
So by default windows 10 will automatically install Windows WDF WHQL Driver v220.127.116.110 (06/05/2015) drivers for your device. Unfortunately the old chips sometimes do not work well with this new driver because of reason mentioned above.
I am thinking maybe some old drivers may still works for my device. I started to google and try to download and install some other version drivers such as 18.104.22.168, 22.214.171.124 and 126.96.36.199, finally found 188.8.131.52 is working fine for my old usb-to-serial device.