Sometime you might be annoyed at the history of your web browsing being stored in chrome. I dont think there is a option in chrome not to store any history. You can either delete all hitory in chrome.

I almost gave up searching for this option when I was coding on something. I tried using spy++ and wininspector to do this. These were pretty helpful but not that I could get the end result.

Consider this scenario, you have a icon on the taskbar. You need to right click and select an element on the menu which pops up. Ok..you might think of using a spy++ to do this, but you will not able to get the correct command to click there. Dont try to hard on this. All the sequence of commands wont work.

A simple thing would be to search for this command —> WM_COMMAND in the logs that appear in spy++ or win inspector and note its control ID.

The control id is unique to each item on the pop up menu when you right click the icon.

Now search for the window, and get its handle. After you get its handle use the sendmessage to send a message to the icon.

SendMessage( h, WM_COMMAND, 0×8011(this is the control id in hexadecimal), (LPARAM)  0 );

This should solve your issue.

The best way is to use runas command:
runas /user:test “C:\Users\test_restricted\Desktop\Procmon.exe”

nice stuff on browser but very simple http://www.whatbrowser.org/en/

check it out when you have time.

AppVerifier is a cool tool to test your applications in places where you could have missed them. Basically, you can read more about it http://technet.microsoft.com/en-us/library/bb457063.aspx

For example: I was able to catch an error in my application where I was trying to release a variable which was already released. Even though this was compiling fine, and running correctly, it was throwing an error when I checked it with AppVerifier because of Heap error.

The poem ‘INVICTUS’ by William Ernest Henley, from which Nelson Mandela drew strength while in prison.

“Out of the night that covers me,
Black as the Pit from pole to pole,
I thank whatever gods may be
For my unconquerable soul.

In the fell clutch of circumstance
I have not winced nor cried aloud.
Under the bludgeonings of chance
My head is bloody, but unbowed.

Beyond this place of wrath and tears
Looms but the Horror of the shade,
And yet the menace of the years
Finds, and shall find, me unafraid.

It matters not how strait the gate,
How charged with punishments the scroll.
I am the master of my fate:
I am the captain of my soul.”

Below are the compiler types:

x86 on x86 (X86 native compiler): Allows you to create output files for x86 machines. This version of cl.exe runs as a 32-bit process, native on an x86 machine and under WOW64 on a 64-bit Widows operating system.

x64 on x64 (X64 native compiler): Allows you to create output files for x64. This version of cl.exe runs as a native process on an x64 machine.

1) Goto add remove programs and select visual studio.

2) click on remove visual studio 2005.

3) You will be taken to the visual studio 2005 setup.

Below is the screen shot:

4) Click next. you will be taken to the options for selecting any components.

5) select the x64 compiler option to install.  You are all set to go.

Continuing the series from Agnitum firewall guide:

3 . Application window control
Windows allows applications to exchange window messages between processes. Malicious processes can get control over other network-enabled applications sending them window messages and imitating user input from keyboard and mouse clicks. The example of using this technique is Breakout leaktest (http://www.firewallleaktester.com/leaktest16.htm).

Here the point is program interactivity through the SendMessage, PostMessage API, and so on. This technique is sometimes used for legitimate inter-process interactivity, but can likewise be used for nefarious purposes by perpetrators.

4 . Active Desktop modification
Installing the specific HTML file for Active Desktop, malicious processes can transfer private data on behalf of Windows Explorer. The example of using this technique is Breakout leaktest (http://www.firewallleaktester.com/leaktest16.htm).
Outpost Firewall Pro controls such attempts to steal data by bamboozling the firewall.

5 . DNS query submission
DNS Client service contains potential vulnerability called DNS tunneling. The main point is that malicious code can transfer and receive any information using correct DNS packets to the correctly configured operating DNS server. The example of using this technique is DNSTester leaktest (http://www.klake.org/~jt/dnshell/).
Outpost Firewall Pro performs double verification of access to the DNS Client service, providing a more secure system. This enables control access to DNS API even with the DNS Client service on, benefiting users who, out of compatibility concerns, cannot disable this service themselves. This functionality allows assigning permissions to a specific process for using the DNS Client service.
6. Application launch with URL
Malicious processes can launch the default web browser with a pre-configured web address in a hidden window, making the firewall believe a legitimate action is taking place. Firewalls that explicitly trust an application without looking beyond on who actually launched it in the first place and what additional connection parameters are supplied are unable to challenge the technique, meaning sensitive data could leave the computer past them. The examples of using this technique are Tooleaky and Ghost leak tests (http://www.firewallleak tester.com/leak test2.htm, http://www.firewallleak tester.com/leak test13.htm).
7. Application launch with command line parameters
Several firewalls are exposed to a vulnerability of a predatory code launching the default web browser with command-line parameters, allowing to circumvent the existing protection because the firewall is made to believe the legitimate application is performing the legitimate actions. However, in those command-line parameters some piece of private or critical data may be contained, along with the host name as a target recipient of thereof. The example of using such technique is Wallbreaker leaktest (http://www.firewallleaktester.com/leaktest11.htm).
8. Critical registry entry modification
Malicious processes can modify registry to get network access on behalf of other application, for example, Windows Explorer. The example of using this technique is Jumper leaktest (http://www.firewallleaktester.com/leaktest17.htm).
9. OLE application control
A relatively new technique to control applications’ activity through the OLE mechanism (a short form of Object Linking and Embedding command) – a Windows’ mechanism which allows one program to manage the behavior of another program on the computer. It uses the technique of OLE intercommunication to exchange data and commands between applications, for example, to manage activity of the Internet Explorer web browser so that it can send user-specified data to the remote location. The example of using this technique is PCFlank leaktest (http://www.pcflank.com/PCFlankLeaktest.exe).

10. Process memory modification
Several Trojan horses and viruses use sophisticated techniques that let them alter the code of trusted applications running in memory and thereby bypass the system security perimeter and perform their malicious activities. This is also known as code injection or copycat vulnerability. The examples of using this technique are Thermite and Copycat leaktests (http://www.firewallleaktester.com/leaktest8.htm, http://www.firewallleaktester.com/leaktest9.htm).

For example, Visual Studio 2005 would be able to modify memory, while the “copycat.exe” leak test would be disallowed from doing so. This feature protects against even “unknown” malware not detected by antivirus and anti-spyware vendors.
11. Low-level network access
Some network drivers allow direct access to network adapter bypassing the standard TCP stack. These drivers can be used by sniffers and other malicious programs to get low-level network access and pose an additional risk for the system as traffic passing through them cannot be screened by a firewall. The example of using this technique is MBtest leak test (http://www.firewallleak tester.com/leak test10.htm).
This feature strengthens the overall network security level preventing outbound data leakage. The user is able to control an application’s attempts to open a network-enabled driver, meaning that without the user’s authorization, an application is not able to send even the ARP or IPX data.

Below are some penetration techniques I recently came across in the agnitum firewall guide.  I thought I would share it with all who are doing some sort of tests of their firewall or just FYI.

1. Components injection
Windows operating system by design enables installing system interceptors (hooks) through which foreign code can be injected into other processes. Usually this technique is used to perform common, legitimate actions, for example, switching the keyboard layout or launching a PDF file within the web browser window. However, it can be likewise used by malicious programs to embed malicious code and thus hijack the host application. An example of leak test using such technique to stage a simulated attack is a PC Audit program (http://www.pcinternetpatrol.com/).
Outpost Firewall Pro controls the installation of a hook interceptor in a process’s address space. This is implemented via the interception of functions that are typically used by malicious processes (Trojans, spyware, viruses, worms etc.) to implant their code into legitimate processes (i.e. Internet Explorer or Firefox). The behavior of a DLL file invoking such functions is considered suspicious and triggers legitimacy verification.
2. Control over another application
DDE technology is used to control applications. Most famous browsers are DDE servers and can be used by malicious programs to transfer private information into the network. One example of this technique is Surfer leak test (http://www.firewallleaktester.com/leaktest15.htm). ZABypass is another example of a leak test using this method.
With Outpost Firewall Pro, every attempt to use the DDE intercommunication is monitored with no exclusion, whether the process is open or not. DDE inter process communication control enables Outpost Firewall Pro to control the methods used by applications to get control over the legitimate processes. It prevents malware from hijacking the legitimate program and checks whether such DDE-level interactivity is allowed to be performed upon the network-enabled applications. In case such attempt is detected, it triggers legitimacy verification.

We use doctest to check whether a written method is giving the correct output or to check for the docstrings for interactive examples or for regression testing or to write documentation.

Consider this example

def multiplyTwoNumbers(a,b):
product = a*b
return product

this method is used for multiplying two numbers. But there is no way to verify that the code written does that actually. What you can do is add a doctest to this.

def multiplyTwoNumbers(a,b):
This test is for multiplication of two numbers
>>> multiplyTwoNumbers(3,4)
12

product = a*b
return product

def _test():
import doctest
doctest.testmod()

if __name__ == __main__:
_test()

This will test the output to the methods output and will give an error if they dont match. In this way doctest can be used. From command line it can be used by calling:

python -v to give a descriptive error sequence else you can just execute the program.