Thursday, August 31, 2017

Edit in Notepad As Administrator Shortcut to the File Context Menu in Windows 10

Would you like to resolve the following errors;
  • "Would you like to save in the My Documents instead"
  • "You don't have permission to save in this location"
  • "Access Denied" when saving a file ? 
  • or simply need a "Send to > Notepad (Administrator)" shortcut




"Open in Notepad as Admin" File Context-Menu shortcut Updated for Window 10 and Creators Update




This script installs "Open in Notepad as Admin" context menu item when you right-click on an editable file. This then opens Notepad in an elevated Administrator privileged to edit. (see image to right)


This utility has the following features; 




Does not install any software, just sets some registry settings to enable the menu shortcut.  Additionally,  it provides a proper uninstall option.

Bonus:
  • Works in Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10+ (and  equivalent Server versions).
  • comes with proper uninstaller located in "Add or Remove Programs" or Programs and Features





Install

Prerequisite:  Your user account must be part Administrators group or you know Administrator password to install. 

1. Tip! Back-up your registry as a precaution.

2. Download and unzip file OpeninNotepadAsAdmin2017.zip
3. Simply, right-click onOpeninNotepadAsAdmin2017.inf and click Installthat's it.
Done.


























How to Use

To test this now right-click on a any file and you see the new context menu "Open in Notepad as Admin" option!


You'll get an escalation in privileges User Account Control (UAC) promp to allow editing of this file as Administrator. Yes, to edit.




Why are you getting this UAC if your account is in Administrator group? 

As an administrator, you have the credentials to perform administrator functions. On Windows 7+, an administrator account does not necessarily run a program with administrator privileges, programs are still run in a secured mode. It's meant to prevent unintentional changes on the system.

Uninstall


The great thing about this script file, is it creates a uninstall option.

Search for "Add or Remove Programs" or goto Programs and Features, and right-click on the "Open in Notepad as Admin (Uninstall only)" and choose Unistall to completely remove.





Similar Utilities of Interest


Shutdown, Restart, Log-off, Hibernate, Lock Workstation, Switch User Start Tiles for Windows 8/8.1/10 featuring new Metro Icons



Administrative Tools Metro Tile, Control Panel "God Mode" Metro Tile, Windows Update Metro Tile , Windows Explorer Search Metro Tile for Windows 8.1,10 










Wednesday, August 30, 2017

Powershell via On/Off Undocumented Switch __PSLockdownPolicy


Much of the 'attack' style PowerShell uses elements that would be blocked via the use of setting PowerShell to Constrained language mode. There are basically a few ways of setting PowerShell to use Constrained Language mode with the recommended method being to utilize either DeviceGuard or AppLocker in enforced mode (with WMF 5+/PowerShell 5+), however the quicker method is to make use of a System Environment variable called __PSLockDownPolicy to configure this.
So the first thing to make note of with regards to __PSLockDownPolicy is that this setting is completely undocumented from a Microsoft perspective. Yes, I'm a Microsoft employee and No this is not official documentation as to how this works from a Product Group but just my observations on how it seems to work from testing. Considering that this is undocumented this typically means unsupported as well so my guess is if you called up / opened a ticket online with CSS odds are you would probably hit a brick wall at some point with regards to doing something not officially supported by us.
When I was first looking at this setting the initial thing I was told was that it was pointless as User Environment variables override System Environment Variables i.e. all the attacking process would need to do was run a set __PSLockDownPolicy= to configure this variable to something else more conducive to that user and start a PowerShell session post setting the User Environment variable to a wanted value and they would be able to do whatever they wanted to anyway with Full Language mode again. Well… once I started testing I quickly found this not to be the case. I've tested trying to use this as a User Environment variable and it doesn't even seem to read it, I've tried the User Environment variable as a possible method of overriding the System Environment variable and that does not work either. I decided to ProcMon it and the procmon logs show that when PoSH starts it always reads in the system environment variable from the reg key HKLM\System\CurrentControlSet\Control\SESSION MANAGER\Environment\__PSLockdownPolicy that defines it and never queries for a User Environment variable with this name. So the end story here is that this absolutely works and that it cannot be overridden easily by an attacking piece of code in user mode space.

From https://blogs.technet.microsoft.com/kfalde/2017/01/20/pslockdownpolicy-and-powershell-constrained-language-mode/

But there are ways around this according to
http://www.3nc0d3r.com/2016/12/pslockdownpolicy-and-ways-around-it.html


Running PS as Admin you can simple remove this property
Remove-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\" -name __PSLockdownPolicy

Thursday, August 24, 2017

New malware spreading via Facebook Messenger

Facebook is now a honey pot when your friends click on malicious things without their knowledge.

A few days ago the author got a message on Facebook from a person he very rarely speak to, and he knew that something fishy was going on. 
The message uses traditional social engineering to trick the user into clicking the link. The message reads “David Video” and then a bit.ly link.

The link points to a Google doc. The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie.
When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.
From https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/

Wednesday, August 23, 2017

Windows 10 Keyboard Shortcuts


Windows 10

Keyboard shortcuts are keys or combinations of keys that provide an alternative way to do something that you’d typically do with a mouse.
Choose your keyboard shortcuts for any Windows version here.
Copy, paste, and other general keyboard shortcuts
Press this keyTo do this
Ctrl + XCut the selected item
Ctrl + C (or Ctrl + Insert)Copy the selected item
Ctrl + V (or Shift + Insert)Paste the selected item
Ctrl + ZUndo an action
Alt + TabSwitch between open apps
Alt + F4Close the active item, or exit the active app
Windows logo key  + LLock your PC
Windows logo key  + DDisplay and hide the desktop
F2Rename the selected item
F3Search for a file or folder in File Explorer
F4Display the address bar list in File Explorer
F5Refresh the active window
F6Cycle through screen elements in a window or on the desktop
F10Activate the Menu bar in the active app
Alt + F8Show your password on the sign-in screen
Alt + EscCycle through items in the order in which they were opened
Alt + underlined letterPerform the command for that letter
Alt + EnterDisplay properties for the selected item
Alt + SpacebarOpen the shortcut menu for the active window
Alt + Left arrowGo back
Alt + Right arrowGo forward
Alt + Page UpMove up one screen
Alt + Page DownMove down one screen
Ctrl + F4Close the active document (in apps that are full-screen and let you have multiple documents open at the same time)
Ctrl + ASelect all items in a document or window
Ctrl + D (or Delete)Delete the selected item and move it to the Recycle Bin
Ctrl + R (or F5)Refresh the active window
Ctrl + YRedo an action
Ctrl + Right arrowMove the cursor to the beginning of the next word
Ctrl + Left arrowMove the cursor to the beginning of the previous word
Ctrl + Down arrowMove the cursor to the beginning of the next paragraph
Ctrl + Up arrowMove the cursor to the beginning of the previous paragraph
Ctrl + Alt + TabUse the arrow keys to switch between all open apps
Ctrl + Alt + Shift + arrow keysWhen a group or tile is in focus on the Start menu, move it in the direction specified
Ctrl + arrow key (to move to an item) + SpacebarSelect multiple individual items in a window or on the desktop
Ctrl + Shift with an arrow keySelect a block of text
Ctrl + EscOpen Start
Ctrl + Shift + EscOpen Task Manager
Ctrl + ShiftSwitch the keyboard layout when multiple keyboard layouts are available
Ctrl + SpacebarTurn the Chinese input method editor (IME) on or off
Shift + F10Display the shortcut menu for the selected item
Shift with any arrow keySelect more than one item in a window or on the desktop, or select text in a document
Shift + DeleteDelete the selected item without moving it to the Recycle Bin first
Right arrowOpen the next menu to the right, or open a submenu
Left arrowOpen the next menu to the left, or close a submenu
EscStop or leave the current task

Windows logo key keyboard shortcuts

Press this keyTo do this
Windows logo key Open or close Start
Windows logo key  + AOpen Action center
Windows logo key  + BSet focus in the notification area
Windows logo key  + C
Open Cortana in listening mode

Notes
  • This shortcut is turned off by default. To turn it on, open Cortana from the search box on the taskbar, then select Settings  . Turn on the toggle under Let Cortana listen for my commands when I press the Windows logo key  + C.
  • Cortana is available only in certain countries/regions, and some Cortana features might not be available everywhere. If Cortana isn't available or is turned off, you can still use search.
Windows logo key  + Shift + COpen the charms menu
Windows logo key  + DDisplay and hide the desktop
Windows logo key  + Alt + DDisplay and hide the date and time on the desktop
Windows logo key  + EOpen File Explorer
Windows logo key  + FOpen Feedback Hub
Windows logo key  + GOpen Game bar when a game is open
Windows logo key  + IOpen Settings
Windows logo key  + J Set focus to a Windows tip when one is available.

When a Windows tip appears, bring focus to the Tip.  Pressing the keyboard shortcuts again to bring focus to the element on the screen to which the Windows tip is anchored.
Windows logo key  + KOpen the Connect quick action
Windows logo key  + LLock your PC or switch accounts
Windows logo key  + MMinimize all windows
Windows logo key  + OLock device orientation
Windows logo key  + PChoose a presentation display mode
Windows logo key  + ROpen the Run dialog box
Windows logo key  + SOpen search
Windows logo key  + TCycle through apps on the taskbar
Windows logo key  + UOpen Ease of Access Center
Windows logo key  + VCycle through notifications
Windows logo key  + Shift + VCycle through notifications in reverse order
Windows logo key  + XOpen the Quick Link menu
Windows logo key  + ZShow the commands available in an app in full-screen mode
Windows logo key  + comma (,)Temporarily peek at the desktop
Windows logo key  + PauseDisplay the System Properties dialog box
Windows logo key  + Ctrl + FSearch for PCs (if you're on a network)
Windows logo key  + Shift + MRestore minimized windows on the desktop
Windows logo key  + numberOpen the desktop and start the app pinned to the taskbar in the position indicated by the number. If the app is already running, switch to that app.
Windows logo key  + Shift + numberOpen the desktop and start a new instance of the app pinned to the taskbar in the position indicated by the number
Windows logo key  + Ctrl + numberOpen the desktop and switch to the last active window of the app pinned to the taskbar in the position indicated by the number
Windows logo key  + Alt + numberOpen the desktop and open the Jump List for the app pinned to the taskbar in the position indicated by the number
Windows logo key  + Ctrl + Shift + numberOpen the desktop and open a new instance of the app located at the given position on the taskbar as an administrator
Windows logo key  + TabOpen Task view
Windows logo key  + Up arrowMaximize the window
Windows logo key  + Down arrowRemove current app from screen or minimize the desktop window
Windows logo key  + Left arrowMaximize the app or desktop window to the left side of the screen
Windows logo key  + Right arrowMaximize the app or desktop window to the right side of the screen
Windows logo key  + HomeMinimize all except the active desktop window (restores all windows on second stroke)
Windows logo key  + Shift + Up arrowStretch the desktop window to the top and bottom of the screen
Windows logo key  + Shift + Down arrowRestore/minimize active desktop windows vertically, maintaining width
Windows logo key  + Shift + Left arrow or Right arrowMove an app or window in the desktop from one monitor to another
Windows logo key  + SpacebarSwitch input language and keyboard layout
Windows logo key  + Ctrl + SpacebarChange to a previously selected input
Windows logo key  + Ctrl + EnterOpen Narrator
Windows logo key  + forward slash (/)Begin IME reconversion
Windows logo key  + plus (+) or minus (-)Zoom in or out using Magnifier
Windows logo key  + EscExit Magnifier

Command Prompt keyboard shortcuts


Press this keyTo do this
Ctrl + C (or Ctrl + Insert)Copy the selected text
Ctrl + V (or Shift + Insert)Paste the selected text
Ctrl + MEnter Mark mode
Alt + selection keyBegin selection in block mode
Arrow keysMove the cursor in the direction specified
Page upMove the cursor by one page up
Page downMove the cursor by one page down
Ctrl + Home (Mark mode)Move the cursor to the beginning of the buffer
Ctrl + End (Mark mode)Move the cursor to the end of the buffer
Ctrl + Up arrowMove up one line in the output history
Ctrl + Down arrowMove down one line in the output history
Ctrl + Home (History navigation)If the command line is empty, move the viewport to the top of the buffer. Otherwise, delete all the characters to the left of the cursor in the command line.
Ctrl + End (History navigation)If the command line is empty, move the viewport to the command line. Otherwise, delete all the characters to the right of the cursor in the command line.


Dialog box keyboard shortcuts


Press this keyTo do this
F4Display the items in the active list
Ctrl + TabMove forward through tabs
Ctrl + Shift + TabMove back through tabs
Ctrl + number (number 1–9)Move to nth tab
TabMove forward through options
Shift + TabMove back through options
Alt + underlined letterPerform the command (or select the option) that is used with that letter
SpacebarSelect or clear the check box if the active option is a check box
BackspaceOpen a folder one level up if a folder is selected in the Save As or Open dialog box
Arrow keysSelect a button if the active option is a group of option buttons


File Explorer keyboard shortcuts


Press this keyTo do this
Alt + DSelect the address bar
Ctrl + ESelect the search box
Ctrl + FSelect the search box
Ctrl + NOpen a new window
Ctrl + WClose the active window
Ctrl + mouse scroll wheelChange the size and appearance of file and folder icons
Ctrl + Shift + EDisplay all folders above the selected folder
Ctrl + Shift + NCreate a new folder
Num Lock + asterisk (*)Display all subfolders under the selected folder
Num Lock + plus (+)Display the contents of the selected folder
Num Lock + minus (-)Collapse the selected folder
Alt + PDisplay the preview panel
Alt + EnterOpen the Properties dialog box for the selected item
Alt + Right arrowView the next folder
Alt + Up arrowView the folder that the folder was in
Alt + Left arrowView the previous folder
BackspaceView the previous folder
Right arrowDisplay the current selection (if it's collapsed), or select the first subfolder
Left arrowCollapse the current selection (if it's expanded), or select the folder that the folder was in
EndDisplay the bottom of the active window
HomeDisplay the top of the active window
F11Maximize or minimize the active window

Virtual desktops keyboard shortcuts


Press this keyTo do this
Windows logo key  + TabOpen Task view
Windows logo key  + Ctrl + DAdd a virtual desktop
Windows logo key  + Ctrl + Right arrowSwitch between virtual desktops you’ve created on the right
Windows logo key  + Ctrl + Left arrowSwitch between virtual desktops you’ve created on the left
Windows logo key  + Ctrl + F4Close the virtual desktop you're using

Taskbar keyboard shortcuts 

Press this keyTo do this
Shift + click a taskbar buttonOpen an app or quickly open another instance of an app
Ctrl + Shift + click a taskbar buttonOpen an app as an administrator
Shift + right-click a taskbar buttonShow the window menu for the app
Shift + right-click a grouped taskbar buttonShow the window menu for the group
Ctrl + click a grouped taskbar buttonCycle through the windows of the group

Settings keyboard shortcuts

Press this keyTo do this
Windows logo key  + IOpen settings
BackspaceGo back to the settings home page
Type on any page with search boxSearch settings