Security Tools Community Edition

Security Tools Community Edition

We encourage you to enhance this guide by identifying missing areas (scenarios, features, lifecycle...), provide links to and write descriptions of existing content, and providing new content where there are gaps.  Join the community!  



Introduction

There are many security tools available in the market, there are some that were not initially created to deal with security concerns, but they can be very useful in security related scenarios. A classic example of that can be found in some of the Sysinternals Tools. Many of those tools were created with a different purpose, not focusing in security, but since they are very powerful they can be used to troubleshoot security related cases. Here are some examples of articles that use the Sysinternals Tools to solve security related issues: 

The goal of this article is to create a place where the community can enhance the Microsoft TechNet Article that covers Security Tools by adding more references for tools that can be used to solve security related issues on Microsoft platform.

User Account, Groups and Credentials

This section describes some tools that can be used while dealing with security related issues for user, authentication, credentials and account management in general:

  • LimitLogin - tool used to limit concurrent user logins.
  • ALTools - contains tools that assist you in managing accounts and in troubleshooting account lockouts.
  • Klist - display current Kerberos TGT and tickets. By using purge option you can delete them.

Certificates and PKI Tools

This section describes some tools that can be used while dealing with certificates and PKI issues that are related to security incidents:

  • PowerShell PKI Module - simplify certain PKI management tasks by using automation with Windows PowerShell.
  • CertUtil - dump certificate information.

Network Resources

This section describes some tools that can be used while dealing with security related issues from the network perspective:

  • Netmon SSL Decryption Expert - netmon expert used to decrypt SSL traffic.
  • TCPView - show you detailed listings of all TCP and UDP endpoints on your system.
  • PortQryUI - Interface for the PortQry Command Line Port Scanner.
  • Netsh AdvFirewall - configure and manage Windows Firewall via command line.
  • Netstat -naob - show all TCP and UDP endpoints and processes associated to them (similar functionality as TCPView).
     

System Security

This section describes some tools that can be used while analyzing system's security, from Windows platform to other Microsoft related products, such as IIS, SQL and others:

  • Microsoft Baseline Security Analyzer - assist to identify missing security updates and common security misconfigurations.
  • Microsoft Security Compliance Manager - provides centralized security baseline management.
  • Enhanced Mitigation Experience Toolkit v3.0 - designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software.
  • Attack Surface Analyzer - takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.
  • BinScope Binary Analyzer - analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.
  • Windows Defender Offline - standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC.

There are many other categories of tools that can be included in this community article. We encourage you to participate by adding more content and reference to security related tools.

Security Tools for Windows Server 2012

The official page for Security Tools to administer Windows Server 2012 are available here. Use this section to add other tools that are applicable to Windows Server 2012.


This article was originally written by:

Yuri Diogenes, Senior Technical Writer
Windows Server iX | IT Pro Security
Microsoft Corporation

--------
Yuri’s Blog: http://blogs.technet.com/yuridiogenes
Team’s Blog: http://blogs.technet.com/b/securitycontent
Twitter: http://twitter.com/yuridiogenes
--------
Why build Community Based Content? See the answer here.

 



Other Languages

This article is also available in the following languages:

Italian (it-IT)

Leave a Comment
  • Please add 6 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 12. Comment: Fixed misspelling

  • Richard Mueller edited Revision 11. Comment: Replaced RGB values with color names in HTML to restore colors

  • Richard Mueller edited Revision 10. Comment: Removed (en-US) from title, added tags, fixed zero in <a name> in heading in HTML so TOC works properly

  • Yuri Diogenes [MSFT] edited Revision 9. Comment: Adding BinScope and Windows Defender Offline

  • Yuri Diogenes [MSFT] edited Revision 8. Comment: Added new tools and added the Windows Server 2012 section

  • Daniel Mauser - MSFT edited Revision 7. Comment: I added new security tools to the list

  • Daniel Donda edited Revision 6. Comment: Add new tool

  • Luigi Bruno edited Revision 5. Comment: Added the "Other Languages" section.

  • Luigi Bruno edited Revision 4. Comment: Edited the article's title and tags list.

  • Yuri Diogenes [MSFT] edited Original. Comment: removing blank spaces

Page 1 of 1 (10 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Yuri Diogenes [MSFT] edited Original. Comment: removing blank spaces

  • Thanks for updating the article Luigi Bruno!! Keep it coming !!

  • Luigi Bruno edited Revision 4. Comment: Edited the article's title and tags list.

  • Luigi Bruno edited Revision 5. Comment: Added the "Other Languages" section.

  • Daniel Donda edited Revision 6. Comment: Add new tool

  • Daniel Mauser - MSFT edited Revision 7. Comment: I added new security tools to the list

  • Yuri Diogenes [MSFT] edited Revision 8. Comment: Added new tools and added the Windows Server 2012 section

  • Yuri Diogenes [MSFT] edited Revision 9. Comment: Adding BinScope and Windows Defender Offline

  • Richard Mueller edited Revision 10. Comment: Removed (en-US) from title, added tags, fixed zero in <a name> in heading in HTML so TOC works properly

  • Richard Mueller edited Revision 11. Comment: Replaced RGB values with color names in HTML to restore colors

  • Carsten Siemens edited Revision 12. Comment: Fixed misspelling

Page 1 of 1 (11 items)