Free From Microsoft

"C:\Program Files\EMET\EMET_Conf.exe" --add "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe"

This command must be run with elevated privileges. If you wish this command to run at every startup, save it in a batch file and use gpedit.msc to run this as a (Computer Configuration, Windows Settings,) StartUp Script.
Verify with

"C:\Program Files\EMET\EMET_Conf.exe" --list

See also Microsoft Security Advisories 2488013, 2719615 and 2757760 for an example of using EMET to mitigate a vulnerability in Internet Explorer.

"C:\Program Files\EMET\EMET_Conf.exe" --add "C:\Program Files\Internet Explorer\iexplore.exe"

"C:\Program Files\EMET\EMET_Conf.exe" --add "c:\Program Files (x86)\Internet Explorer\iexplore.exe"

When you enable EMET for a particular application, the EMET mitigation DLL (EMET.DLL for 32-bit, EMET64.DLL for 64-bit) will be injected into each instance (process) of your application. .NET and Administrative access are required for the EMET configuration tool.

EMET configuration settings are stored in HKLM\Software\Microsoft\EMET. An administrator can force EMET on Leastprivilege User Accounts (LUA).

  • Infrastructure Planning and Design (IPD) Guides
  • Infrastructure Planning and Design (IPD) Guide for Malware Response
  • Infrastructure Planning and Design (IPD) Guide for Active Directory (AD) Domain Services
  • Software Development Lifecycle (SDL) Attack Surface Analyzer analyzes changes to Windows Attack Surface.
  • Software Development Lifecycle (SDL) Threat Modeling Tool allows for early and structured analysis and proactive mitigation and tracking of potential security issues.
  • Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at: It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine. It can be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers).
  • Microsoft Anti-Cross Site Scripting Library V4.2 (AntiXSS V4.2) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.
  • Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP (32-bit) (64-bit) CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
  • Attack Surface Analyzer is used by Microsoft’s internal product groups to catalog changes made to the operating system attack surface by the installation of new software. Use this to review patches.
  • Software Development Lifecycle (SDL) Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition. SDL Regex Fuzzer is a tool to help test regular expressions for these potential vulnerabilities.
  • MiniFuzz basic file fuzzing tool is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.
  • BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.
  • MSF Agile + SDL Process Templates
  • The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.
  • Log Parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®. Overview, Unofficial Log Parser Support Site, Log Parser can also compute cryptographic hash values.
  • Microsoft Exchange Server Information Store Viewer (MDBVu32) can view or set details about a user’s message storage files, which consist of the private information store, the personal folder file (.pst), the public store, and the offline folder file (.ost).
  • Microsoft SQL Server 2008 R2 Express A free and feature-rich database for desktop, Web, and small server applications. Previous versions went by the abbreviation MSDE (Microsoft SQL Developer’s Edition or Microsoft SQL Desktop Environment)
  • Download the free PowerPivot for Excel and create amazing analysis and reports in Excel 2010.
  • Microsoft Office enhancements
  • Microsoft Office Add-in: Microsoft Outlook SMS Add-in (MOSA). Send text messages from Outlook; for Outlook 2003 and 2007.
  • Microsoft Security Essentials Anti-virus
  • Microsoft Safety Scanner: it seems like every anti-virus vendor offers a utility to scan for malware without installing their product. This is Microsoft’s.
  • Microsoft Security Compliance Manager (SCM) is a Solution Accelerator which provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.
  • Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
  • Microsoft Security Assessment Tool 4.0 is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.
  • Microsoft Windows SteadyState Microsoft utility to reset a shared access computer (such as a library’s computer). Supported on XP and Vista.
    Windows SteadyState is available for download through December 31, 2010. Support for Windows SteadyState will continue to be available through the Microsoft Knowledge Base portal through June 30, 2011.
  • Microsoft Windows SysInternals PsExec, ProcessExplorer, Process Monitor, FileMon, DiskMon, RegMon, AutoRuns, and so forth.

Keep your SysInternals files up-to-date with:
robocopy "\\\Tools" "C:\utils\sysinternals" /LEV:0 /Z /XO /IT /R:10 /W:10

Use Invoke-PsExec when running PsExec upon multiple targets.

  • WinDBG (or here) debugging tools for Windows; learn at Crash Dump Analysis
  • ADPlus is a tool from Microsoft Product Support Services (PSS) that can troubleshoot any process or application that stops responding (hangs) or fails (crashes).  You can analysis the dump with WINDBG.
  • Screenrecorder Capture screen shots to an MHT file; supports dual monitor machines (for Vista and XP; this capability is built into Windows 7: psr.exe)
  • Microsoft’s free software “Ultimate List of Free Windows Software from Microsoft”
  • Microsoft’s Security Tools Part of Security TechCenter. Assess vulnerabilities and strengthen security with these tools and technologies.
  • Microsoft’s Solution Accelerators “IT Compliance Management Guide” “Security Compliance Management toolkit”, “Malware Removal Starter Kit: How to Combat Malware Using Windows PE”, “Windows Server 2008 Security Guide” (and Vista and XP Security Guides), for example
  • Microsoft’s Windows Server 2003 Resource Kit Tools a set of tools to help administrators streamline management tasks such as troubleshooting operating system issues, managing Active Directory®, configuring networking and security features, and automating application deployment.
  • Office Communicator Server 2007 R2 Resource Kit Tools Snooper allows you to analyze OCS SIP Trace logs, for OC, Live Meeting, and the Live Meeting Add-In.
  • Microsoft SharePoint Foundation 2010 is for smaller organizations or departments looking for a low-cost entry-level or pilot solution for secure, Web-based collaboration.
  • Technet Virtual Labs, MSDN Virtual Labs Quickly evaluate and test Microsoft’s newest server products through a series of guided, hands-on labs you can complete in 90 minutes or less. You can use TechNet Virtual Labs online immediately, free.
  • Technet Virtual Hard Disks Run a Microsoft virtual environment for 90 days.
  • Windows Virtual Machines for Mac, Linux or Windows. No license key is included, so trial expires in 30 days and can be extended twice (“slmgr –rearm” command as administrator). The operating systems offered are Windows XP, Vista, Windows 7, Windows 8 and Windows 8.1. The VM software choices are specific to the OS you choose:
    • Windows – Hyper-V, Virtual PC, VirtualBox & VMWare Player for Windows
    • OSX – VirtualBox, VMWare Fusion and Parallels
    • Linux – VirtualBox
  • Windows 7 users can get a licensed XP Virtual Machine with Windows XP Mode from Microsoft.
  • AutoCollage 2008 is an application for automatically creating collages from your images. Pick a folder, press a button, and, in mere moments, AutoCollage presents you with a unique memento to print or to e-mail to your family and friends.
  • Image Composite Editor is an advanced panoramic-image stitcher. The application takes a set of overlapping photographs of a scene shot from a single camera location and creates a high-resolution panorama incorporating all the source images at full resolution. The stitched panorama can be saved in a wide variety of formats, from common formats such as JPEG and TIFF to multiresolution, tiled formats such as HD View and Silverlight Deep Zoom.
  • Infer.NET is a .NET framework for machine learning. It provides state-of-the-art message-passing algorithms and statistical routines for performing Bayesian inference. It has applications in a wide variety of domains, including information retrieval, bioinformatics, epidemiology, vision, and many others.
  • InkSeine is a prototype inking application for Tablet PCs and UMPC devices that offers the unique ability to search for objects directly from ink without transcribing queries to a search box. InkSeine makes it easy to get to your information without having to use a file system or to switch to a separate search application.
  • Pex finds interesting input-output values of your methods that you can save as a small test suite with high code coverage. Pex performs a systematic analysis, hunting for boundary conditions, exceptions, and assertion failures that you can debug right away. Pex enables parameterized unit testing, an extension of unit testing that reduces test-maintenance costs.
  • More Microsoft Research downloads

Comments are closed.