Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | crystal17613 |
View: | 217 times |
Download: | 0 times |
of 58
8/3/2019 CDA Training Session 08 v01
1/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
Cyber Defense Academy
Session 08November 17, 2011
Please Note:If you havent viewed all the Sessions
before this one, please do so now.The topics in this session depend onyou having viewed these priorSessions first.
8/3/2019 CDA Training Session 08 v01
2/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 2
Regular Major Themes
Topics in CyberPatriot / Computer Science Topics in Windows Topics in Linux (not today)
Overview of Todays Session
Additional training in Networking Focus on Windows XP (Part 1)
8/3/2019 CDA Training Session 08 v01
3/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
Quiz
3
8/3/2019 CDA Training Session 08 v01
4/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 4
Quiz
8/3/2019 CDA Training Session 08 v01
5/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 5
Quiz
8/3/2019 CDA Training Session 08 v01
6/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
CyberPatriot
6
8/3/2019 CDA Training Session 08 v01
7/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 7
CyberPatriotStrategy Update
Wait for it Use the time from noon Friday until mid-Saturday to
explore the image Many teams went to 100% in a few minutes Use your shadows
Use your techniques, OOB, CDA Benchmarks Analysis of Scores in Round 1
Large number of 100% scores ASD: 20 teams OD: 67 teams
Everyone needs a score of 80% - 100% in Round 2 Announcement for Round 2
Windows XP Windows 2003 Timing Counts
You can see the scores in real-timeduring the Competition at:
http://cybernexs.saic.com/cndx/spectator_displays/ranked_scores_by_os.php
8/3/2019 CDA Training Session 08 v01
8/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 8
CyberPatriotNetwork 103 Network Devices
Network Devices any device attached to a TCP/IP networkwith an IP address
Hosta workstation or server
Data terminal equipment a device that is the finaldestination for the packet (e.g. printer)
Hub connects multiple Ethernet segments into a singlesegment (everyone hears the traffic)
Switch directs outside traffic to only the specific destinationsegment (only destination hears the traffic)
Router reads address information and sends packets
toward their ultimate destination based on a routing table(audience depends on the segment)
Sniffer a device that can read every packet on the segmentwithout being detected
8/3/2019 CDA Training Session 08 v01
9/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 9
CyberPatriotNetwork 103 Network Diagrams
Hub
Computer
Computer
Computer Computer
Computer
Printer
Switch
Computer
Computer
Server Computer
Computer
Printer
Router Internet
Logical Representation Logical Representation
8/3/2019 CDA Training Session 08 v01
10/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 10
CyberPatriotNetwork 103 Network Topology
Star
Examples of network topology
Ring Bus
8/3/2019 CDA Training Session 08 v01
11/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 11
CyberPatriotNetwork 103 - Ping
Ping - network administration tool to test the reachability ofa node on a network and to measure round-trip time Named after active sonar technology Sends an Internet Control Message Protocol (ICMP)
echo request packet (8 byte header, 20 byte payload) to
the target Measures the time of reception and any packet loss Ping floodsare a simple form of denial-of-service attack
Hear the sound
http://www.youtube.com/watch?v=D9kv_V5lhiE
See example on the next slide
Ping
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
12/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 12
CyberPatriotNetwork 103 Ping Example
ping c 5 iSmoke(Send 5 pings to the host named iSmoke)
command count value targetOn a PC, go to Run > cmd
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
13/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 13
CyberPatriotNetwork 103 Ping Pros & Cons
Key tool for Network Administrators Verify known devices are still present Detect noise on the circuit Detect a chatty NIC Identify missing segments
Identify missing devices
Key tool for Network Attackers Discover all IP addresses Launch ping floods
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
14/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 14
CyberPatriotNetwork 103 - SNMP
Simple Network Management Protocol For managing devices on IP networks Last updated by RFC 3411 3418 SNMPv3 peer-to-peer protocol Architecture is:
Network Manager an administrative computer
Network Management System (NMS) softwarethat monitors and controls managed devices
Management Information Base (MIB) a datastructure on each Managed Device containingobjects and their values for that device
Agent software on each Managed Device thatgets/sets MIB data and sends in SNMP format
Network Manager
NMS
MIBAgent
Managed Devices
MIBAgent
MIBAgent
Printer
Router
Computer
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
15/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 15
CyberPatriotNetwork 103 NMS Example
AutoScan-Network
For managing an IP network(s) Runs on Macs, Windows XP/Vista, GNU/Linux Free at:
http://autoscan-network.com/
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
16/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 16
Prepare for competition Run the ping command Discover the network devices on your network via a free
NMS
Homework for CyberPatriot
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
17/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
WINDOWS
17
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
18/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 18
Todays Topics Tools
Task Manager
Process Explorer
Unlocker
Warp
Techniques Folder Options
Prefetch
Running backups (every hour) Booting in Safe Mode
Run-time Downloads & the Internet
Hard Disk Growth
Advanced Windows TopicsOverview
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
19/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 19
All Service Packs found at:http://support.microsoft.com/kb/322389
Windows Security/ Task Manager Process Explorer Unlocker Warp
Tools
CDA RankingsRequiredEssentialUsefulInterestingDistracting
Make sure your Service Pack downloads have the exact file name as shownabove and equivalent size.
Dont run ComboFix, it thinks CyberNEXS is evil
and removes it.
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
20/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 20
Shows currently active Processes Activate the tool by pressing CNTL-ALT-DEL, click the
Task Manager button, then click the Processes tab
Free included in OS
Advanced Windows TopicsTools - Windows Security/ Task Manager
CDA RankingsRequiredEssentialUsefulInterestingDistracting
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
21/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 21
A discoverytool showing: Currently active processes
Description of each process
Company who wrote the process
CPU and RAM utilization of each process
Services consumed by the process
DLLs used by the process
Files used/owned by the process
Free at:http://www.softpedia.com/get/System/System-Info/Process-Explorer.shtml
Advanced Windows TopicsTools - Process Explorer (1 of 6)
CDA RankingsRequiredEssentialUsefulInterestingDistracting
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
22/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 22
Advanced Windows TopicsTools - Process Explorer (2 of 6)
Main Window
Indenturedprocesses
CPU RAM Description Company
Name
Note themultipleinstances ofsvchost.exe
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
23/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 23
Advanced Windows TopicsTools - Process Explorer (3 of 6)
Two Panes(DLL in lowerpane)
AvastSvc.exe is selectedin the upperpane
The DLL filesneeded byAvastSvc.exe are shownin the lower
pane
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
24/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 24
Advanced Windows TopicsTools - Process Explorer (4 of 6)
Two Panes(Handles inlower pane)
AvastSvc.exe is selectedin the upperpane
The filesheld by
AvastSvc.exe are shownin the lower
pane
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
25/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 25
Advanced Windows TopicsTools - Process Explorer (5 of 6)
Properties
A rich set ofdata isavailable inthePropertieswindow
TheServices
tab showsthe servicesconsumed by
the process
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
26/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 26
In summary Its small
Its cheap
Its safe
It shows whos grabbing your system
Recommendation: get an additional monitor (e.g. 24
LCD/ LED monitor) and leave Process Explorer up all thetime
Advanced Windows TopicsTools - Process Explorer (6 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
27/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
5 minute break
27
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
28/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 28
A discoverytool showing: Who owns the handle on a file
Allows you to unlock the handle so that you candelete the file or folder
Free at:http://www.softpedia.com/get/System/System-Info/Process-Explorer.shtml
Advanced Windows TopicsTools - Unlocker (1 of 2)
CDA RankingsRequiredEssentialUsefulInterestingDistracting
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
29/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 29
Advanced Windows TopicsTools - Unlocker (2 of 2)
1) Try to delete MSNGaming Zone
2) Error deleting
3) Right-click theinvoke Unlocker (anExplorer extension)
4) Unlocker reveals
PID 964 has a handleon MSN
5) Process Explorerconfirms the ownerand handle
6) Unlock All
releases the handle
1
2
3
4
5
6
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
30/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 30
A discoveryand repairtool showing: Finds errors in the Registry
Finds many other types of Windows errors
Free at:http://www.nchsoftware.com/registry-cleaner/index.html
Advanced Windows TopicsTools - Warp (1 of 7)
CDA RankingsRequiredEssentialUsefulInterestingDistracting
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
31/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 31
Advanced Windows TopicsTools - Warp (2 of 7)
Scan Results
Shows theresults froma scan of thesystem
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
32/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 32
Advanced Windows TopicsTools - Warp (3 of 7)
Scan Details(screen 1 of 3)
Shows thedetails from ascan of thesystem
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
33/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 33
Advanced Windows TopicsTools - Warp (4 of 7)
Scan Details(screen 2 of 3)
Shows thedetails from ascan of thesystem
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
34/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 34
Advanced Windows TopicsTools - Warp (5 of 7)
Scan Details(screen 3 of 3)
Shows thedetails from ascan of thesystem
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
35/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 35
Advanced Windows TopicsTools - Warp (6 of 7)
Repair Results
Shows theresults fromthe repair ofthe system
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
36/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 36
Advanced Windows TopicsTools - Warp (7 of 7)
Repair Details
Shows theresults fromthe repair ofthe system
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
37/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 37
Many, many Registry cleaners are available, most for a fee Two others were evaluated
RegGenie: $35
RegZooka: $30
The commercial Registry cleaners seemed to fix problemsthat are not pertinent to CyberPatriot
ActiveX
Uninstall entries
Empty Registry Keys
Advanced Windows TopicsTools - About other Registry Cleaners
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
38/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 38
CDA recommendations for setting your Folder Options Implement at Control Panel > Folder Options
Select the View tab and implement the following
Advanced Windows TopicsTechniques Folder Options
Also, clickApply to
All Folders
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
39/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 39
A folder at C:\Windows\Prefetch (see next slide) A place where Windows remembers which files you
commonly open
Aids in preparing Windows to run applications and files thatyou often use
Is self-maintaining, i.e., if you delete the contents, Windowswill rebuild it over time
A place of discovery, where you can learn what applications
and files were popular before you became Administrator ofthis system
Advanced Windows TopicsTechniques Prefetch
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
40/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 40
Advanced Windows TopicsTechniques Prefetch Example
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
41/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 41
Making backups (every hour) Why is this needed?
Blue Screen of Death*
Image wont boot*
Pros
Can restart from a safe, known configuration
Can explore multiple paths simultaneously onshadow computers
Cons
Takes 10 minutes each time
*Recovery: Boot in Safe Mode (see next)
**VMwares Snapshots offers a similar capability
Advanced Windows TopicsTechniques Making backups
Re-emphasizes the need toexplore each image beforecompeting
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
42/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 42
Safe Mode a reduced, basic state of the operating system,excluding the network, startup items, prefetch items, alldrivers except essential ones (mouse, keyboard, etc.), fordiagnosing issues
Activated by pressing F8 during Restart (Function-F8 on
Macs)
Multiple options (see next 5 slides)
Advanced Windows TopicsTechniques Booting in Safe Mode (1 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
43/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 43
Opens withStart
WindowsNormally
selected
Use thearrow keys to
move up anddown toselect Safe
Mode
Advanced Windows TopicsTechniques Booting in Safe Mode (2 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
44/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 44
Select SafeMode
Other primeoptions arewith
Networking
and with
CommandPrompt
Advanced Windows TopicsTechniques Booting in Safe Mode (3 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
45/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 45
All installedoperatingsystems areshown (onlyWindows XPPro in thiscase)
Use thearrow keys tomove up anddown toselect yourOS
Advanced Windows TopicsTechniques Booting in Safe Mode (4 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
46/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 46
Advisorynotice
Advanced Windows TopicsTechniques Booting in Safe Mode (5 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
47/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 47
The desktop,with Safe
Mode labels
in all 4corners
Could youGet MyStatus in
Safe Mode?
Advanced Windows TopicsTechniques Booting in Safe Mode (6 of 6)
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
48/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 48
Download as much as possible before the competition
Service Packs
Tools
Advanced Windows TopicsTechniques Pre-Competition Downloads
Ad d Wi d T i
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
49/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 49
Many files have to be downloaded during the competition
Windows Updates Increase in size does not consider deleting the
$NTUninstall files (discussed later) Approximately one-third of the size of each update is from
downloading, the remainder is due to expansion
Advanced Windows TopicsTechniques Run-time Downloads
Anyone know how to download these before the Competition starts?
Ad d Wi d T i
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
50/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 50
With the Internet and time, you can pre-download
Service Packs (584 MB)
Tools (120 MB)
During the Competition, however, another 1,200 MB has tobe downloaded
Teams need a stable, reliable, fairly fast (1 3 Mbps)Internet connection
Get one or more of the following sites:
A team members house
A local school
Hotel with meeting room
Starbucks
AT&T AirCards
Advanced Windows TopicsTechniques Got Internet?
Test the connectionahead of time
Ad d Wi d T i
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
51/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 51
Your C:\ drive usage grows throughout the Competition
Procrastination is Punished The Evil Growth Engine A malware that deliberately fills your hard drive with
garbage
Found by watching the C:\ properties and ProcessExplorer
Advanced Windows TopicsTechniques Hard Disk Growth
The Round 1image was
particularly full
The Round 1image grew by
582 MB overnight,doing nothing
Ad d Wi d T i
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
52/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 52
Search for large files (i.e. greater than 30000 KB) using the
following search criteria
Advanced Windows TopicsTechniques Detecting HD Growth
Turn on Advancedsearch settings toinclude:
Search system
folders
Search hiddenfiles and folders
Searchsubfolders
Ad anced Windo s Topics
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
53/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 53
Take a snapshot at the beginning of the Competition
Take a snapshot(s) later. Compare
Advanced Windows TopicsTechniques Detecting HD Growth
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
54/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 54
Verify you have the right XP Service Packs
Practice the new Tools Windows Security/ Task Manager Process Explorer Unlocker Warp
Practice booting in Safe Mode
Belarc on the XP Pro image Goal: Get the highest Belarc score Goal: Get your time-to-safe down
Homework for Windows
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
55/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved
LINUX
55
Linux
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
56/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 56
No tux today
LinuxTodays Topics
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
57/58
C D A Session 08
Copyright 2011, Cyber Defense Academy All Rights Reserved 57
None
Homework for Linux
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE8/3/2019 CDA Training Session 08 v01
58/58
C D A Session 08
On schedule with Windows
Behind schedule with Linux (but so we can emphasizeWindows for Qualification Round 1)
Now have: Basic Strategy and Mechanics for running images Order of Battle Toolkits Expanding Repertoire of Techniques
Basic Networking with Protocols and Encryption Advanced Windows skills (Administering, Registry,
Hotfixes, Updated CIS Benchmarks for W2K)
Summary
http://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiEhttp://www.youtube.com/watch?v=D9kv_V5lhiE