Cores, threads and sockets: what does it mean the calculation $T = tcs$ and the number on windows task manager performance?

Well, suppose then we have an CPU system such as:

Thread(s) per core $ \equiv t$ : 4

Core(s) per socket $ \equiv c$ : 4

Socket(s) $ \equiv s$ : 1

Then, we must to perform a simple calculation such as: $ 4 \cdot 4 \cdot 1 = 16 $

Therefore, in general we have:

$ $ T = t\cdot c \cdot s \tag{1}$ $

I guess that the equation $ (1)$ gives you then the total number of threads which your system can handle simultaneously.

On the other hand, consider the figure, of windows task manager, in the following:

enter image description here

In the red box we clearly see the number of "Threads". So I would like to know:

What is the difference between the number given by formula $ (1)$ and the number given by windows task manager?

Suspicious termination in some Windows Services names [closed]

Introduction

I’ve been poking around the Services tab on my Windows machine and saw some services with a "normal" name but this termination _1f699ad as in the next examples:

  • ConsentUX_1f699ad
  • CredentialEnrollmentManagerUserSvc_1f699ad
  • DevicePicker_1f699ad
  • and many more with the same termination

Here some pictures taken from the services tab.

enter image description here enter image description here enter image description here

My question is simple: Is this OK or should I be worried?

Because some of them have access to ScreenCapture and others which can potentially be harmful (i.e data theft) and I see no reason to add a meaningless termination other than supersede and stay hidden.

Are port and miniport drivers protected by patchguard in windows?

I’m planning to write a Driver that unhooks the rootkit hooks in the miniport layer (hooks of device objects or major function array)

but i want my driver to be generic and work in most windows versions and both 32 and 64 bit windows

the problem is patchguard, so will patch guard block attempts to modify the memory image of the miniport drivers?

you might be asking how the rootkit patched it in the first place then, its a bootkit so it bypassed the patchguard protections but didn’t disable it.

and if it is protected by patch guard, then how can i unhook the hooks in the driver module?!

I am a member of the Administrators group on a Windows 7 box, how can I spawn a reverse shell with elevated privileges?

I am learning Windows Privilege escalation. I’ve managed to add a user to the Administrators group but I don’t know how to execute nc.exe, present in the Temp dir, with eleavated privileges. My end goal, here, is to get a reverse-shell as nt authority\system, with this newly created privileges for the user user.

Following are some of the details on the Windows box:

c:\Temp>net localgroup administrators net localgroup administrators Alias name     administrators Comment        Administrators have complete and unrestricted access to the computer/domain  Members  ------------------------------------------------------------------------------- Administrator TCM user The command completed successfully.   c:\Temp>whoami whoami tcm-pc\user  systeminfo  Host Name:                 TCM-PC OS Name:                   Microsoft Windows 7 Professional  OS Version:                6.1.7601 Service Pack 1 Build 7601 OS Manufacturer:           Microsoft Corporation OS Configuration:          Standalone Workstation OS Build Type:             Multiprocessor Free Registered Owner:          TCM Registered Organization:    Product ID:                00371-221-2693053-06399 Original Install Date:     4/15/2020, 9:38:13 AM System Boot Time:          6/17/2020, 9:13:27 PM System Manufacturer:       Xen System Model:              HVM domU System Type:               x64-based PC Processor(s):              1 Processor(s) Installed.                            [01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2300 Mhz BIOS Version:              Xen 4.2.amazon, 8/24/2006 Windows Directory:         C:\Windows System Directory:          C:\Windows\system32 Boot Device:               \Device\HarddiskVolume1 System Locale:             en-us;English (United States) Input Locale:              en-us;English (United States) Time Zone:                 (UTC-05:00) Eastern Time (US & Canada) Total Physical Memory:     2,048 MB Available Physical Memory: 1,413 MB Virtual Memory: Max Size:  4,095 MB Virtual Memory: Available: 3,409 MB Virtual Memory: In Use:    686 MB Page File Location(s):     C:\pagefile.sys Domain:                    WORKGROUP Logon Server:              \TCM-PC                                                                             Hotfix(s):                 3 Hotfix(s) Installed.                                                                                          [01]: KB2534111                                                                                                 [02]: KB2999226                                                                                                 [03]: KB976902 Network Card(s):           1 NIC(s) Installed.                                                                                             [01]: AWS PV Network Device                                                                                           Connection Name: Local Area Connection 2                                                                        DHCP Enabled:    Yes                                                                                            DHCP Server:     10.10.0.1                                                                                      IP address(es)                                                                                                  [01]: 10.10.50.233                                                                                              [02]: fe80::f1df:5563:c002:f2c1                                                                                                                                                                c:\Temp>netsh firewall show config netsh firewall show config   Domain profile configuration:                                                                                   -------------------------------------------------------------------                                             Operational mode                  = Enable                                                                      Exception mode                    = Enable                                                                      Multicast/broadcast response mode = Enable Notification mode                 = Enable  Service configuration for Domain profile: Mode     Customized  Name ------------------------------------------------------------------- Enable   No          Remote Desktop  Allowed programs configuration for Domain profile: Mode     Traffic direction    Name / Program -------------------------------------------------------------------  Port configuration for Domain profile: Port   Protocol  Mode    Traffic direction     Name -------------------------------------------------------------------  ICMP configuration for Domain profile: Mode     Type  Description ------------------------------------------------------------------- Enable   2     Allow outbound packet too big  Standard profile configuration (current): ------------------------------------------------------------------- Operational mode                  = Disable Exception mode                    = Enable Multicast/broadcast response mode = Enable Notification mode                 = Enable  Service configuration for Standard profile: Mode     Customized  Name ------------------------------------------------------------------- Enable   No          File and Printer Sharing Enable   No          Network Discovery Enable   No          Remote Desktop  Allowed programs configuration for Standard profile: Mode     Traffic direction    Name / Program -------------------------------------------------------------------  Port configuration for Standard profile: Port   Protocol  Mode    Traffic direction     Name -------------------------------------------------------------------  ICMP configuration for Standard profile: Mode     Type  Description ------------------------------------------------------------------- Enable   2     Allow outbound packet too big 

Unlimited Bandwidth & Web Space- Windows Hosting -$1.5/m -Hostpoco.com

Hostpoco offers Windows Plesk Shared Hosting @ only $1.5 per month. Windows is a solution designed by Microsoft and usually comes with a licensing cost. We also know the fact that most web applications being used today are Windows-based and hence this is the most recommended one.

Here is our Windows Plesk Shared Hosting Plan:

*Win Startup:$1.5 /Monthly
– Single Domain Hosting
– Unlimited Web Space*
– Unlimited Bandwidth*
– Unlimited Email Accounts
– Unlimited Sub Domains
– 1 MySQL Database
– 200MB MySQL/Ms Database Size

*Win Pro:$4.99 /Monthly
– 5 Domain Hosting
– Unlimited Web Space*
– Unlimited Bandwidth*
– Unlimited Email Accounts
– Unlimited Sub Domains
– 5 MySQL Database
– 500MB MySQL/Ms Database Size

*Win Premium:$7.99 /Monthly
– 10 Domain Hosting
– Unlimited Web Space*
– Unlimited Bandwidth*
– Unlimited Email Accounts
– 30 Sub Domains
– 10 MySQL Database
– 900MB MySQL/Ms Database Size

*Win Elite:$9.99 /Monthly
– Free Domain
– Unlimited Domain Hosting
– Unlimited Web Space*
– Unlimited Bandwidth*
– Unlimited Email Accounts
– Unlimited Sub Domains
– Unlimited MySQL Database
– Unlimited MySQL/Ms Database Size

For more offers please visit us at:https://hostpoco.com/one-dollar-windows-shared-hosting.php

Thank you.

Using OpenVPN on Windows instead of VPN apps: missing certificate

Sorry this might be a noob question, but I subscribed to a VPN provider which ships its own app on Windows. Now I thought I’d prefer to use the OpenVPN client app instead.

I create a profile by providing it with a .ovpn file, which contains a block and a block as well.

Upon connecting, OpenVPN fails with “Connection Error. Missing external certificate“.

All those different certificates are quite abstract to me, but I think it needs a “client certificate”. Is it something created for my profile by the VPN provider when I registered? Or can I generate it myself? When trying to add a certificate in the Windows OpenVPN app, I am asked for .p12 files. Also, when hitting “continue” (without external certificate), the connection never establishes.

For comparison, when putting .ovpn file in Linux in Network-Manager, it works out of the box.

What is the missing step or package? It’s never made clear on the VPN provider help pages.

Setup guide for Privileged Access Workstation on Windows 10

I am setting up a Privileged Access Workstation (PAW) to access a whitelist of websites. Currently I have been following this guide on Github by unassassinable and applying the latest Windows 10 security baselines.

  1. Is there any documentation or guides that are focused just on securing / hardening a Windows 10 install for whitelisted website access and without Active Directory.

  2. Can Windows 10 Pro be locked down sufficiently or is Enterprise required to truly harden a system

  3. Which browser is best for this job? I was expecting to use Chrome with Group Policies set to lock it down.