Labels
AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.
Take a look at this comparison table for an idea on features and differences between most famous statistics tools (AWStats, Analog, Webalizer,...).
AWStats is a free software distributed under the GNU General Public License. You can have a look at this license chart to know what you can/can't do.
As AWStats works from the command line but also as a CGI, it can work with all web hosting providers which allow Perl, CGI and log access.
Source: http://awstats.sourceforge.net/
Enables system administrators to view and evaluate individual users' usage and experience with Microsoft Exchange Server.
Use the Microsoft Exchange Server User Monitor to gather real-time data to better understand current client usage patterns, and to plan for future work. Administrators can view several items, including IP addresses used by clients, versions and modes of Microsoft Office Outlook, and resources such as CPU usage, server-side processor latency, and total latency for network and processing. Works with Microsoft Exchange Server 2000, 2003, 2007 and 2010.
Source: http://www.microsoft.com/en-us/download/details.aspx?id=11461
Additionally exchange servers can be monitored trough built-in performance tools such as Performance Monitor and Performance Troubleshooter under EMC Toolbox.
Also PowerShell can be used to obtain e.g. top 10 users that are most actively using Exchange Server:
Get-StoreUsageStatistics -Database Database1 | Sort-Object TimeInserver -Descending | Select-Object -First 10 | ft -AutoSize
Get-StoreUsageStatistics -Server Server1 | Sort-Object TimeInserver -Descending | Select-Object -First 10 | ft -AutoSize
Zabbix is the ultimate open source availability and performance monitoring solution. Zabbix offers advanced monitoring, alerting, and visualization features today which are missing in other monitoring systems, even some of the best commercial ones. Below is a short list of features available in Zabbix:
- auto-discovery of servers and network devices
- low-level discovery
- distributed monitoring with centralized web administration
- support for both polling and trapping mechanisms
- server software for Linux, Solaris, HP-UX, AIX, FreeBSD, OpenBSD, OS X
- native high performance agents (client software for Linux, Solaris, HP-UX, AIX, FreeBSD, OpenBSD, OS X, Tru64/OSF1, Windows NT4.0, Windows 2000, Windows 2003, Windows XP, Windows Vista)
- agent-less monitoring
- secure user authentication
- flexible user permissions
- web-based interface
- flexible e-mail notification of predefined events
- high-level (business) view of monitored resources
- audit log
Source: http://www.zabbix.com/index.php
RBAC Manager R2 for Exchange 2010 SP2, Exchange 2013 Preview and Office 365
RBAC Manager puts all efforts to simplify the RBAC administration. Basically it provides the missing GUI to edit RBAC settings on Exchange 2010 systems; including adding/removing cmdlets, cmdlet properties, assignments etc. RBAC tool is written in C# and using Powershell behind the scenes
Source: http://rbac.codeplex.com/
Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.
Source: http://technet.microsoft.com/en-us/sysinternals/bb963907
PST Capture is used to discover and import Outlook Personal Folder (.pst) File Format files into Exchange Server and Exchange Online.
PST Capture helps an organization that wishes to gain more control over their email data repositories by placing them into Exchange. By optionally installing PST Capture Agents on target machines, administrators can determine where .pst files are located and who their file owner is via the PST Capture Console. Administrators can import .pst files via Import Lists to Exchange Server or Exchange Online. Data can be directly imported into the primary mailbox or associated archive mailbox.
Source: http://www.microsoft.com/en-us/download/details.aspx?id=28767
Makes reading log files a breeze
If you're a system administrator of Windows 2000 or 2003 Server, you know how difficult it can be to decipher a Remote Access Service log. Now Ezee RAS Log Reader can make that task so much easier for you. It's as easy as opening a file!
To read a log, just browse to it and open as a file. The reader will analayse the file and display it in two grids - one showing the essential data from every entry, the other showing that from completed sessions only. Both IAS and Database formats are handled.You can export the grid data in CSV form, then open it in Excel or OpenOffice Calc for printing and further analysis. No installation required.
Source: http://heightssoftware.com/ezrasreader/ezrasreader.html
FreeNAS™ is an Open Source Storage Platform based on FreeBSD and supports sharing across Windows, Apple, and UNIX-like systems. FreeNAS™ 8 includes ZFS, which supports high storage capacities and integrates file systems and volume management into a single piece of software.
http://www.freenas.org/
MagicDisc is freeware.
It is very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs. 
Source: http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm
Windows Credentials Editor (WCE) is a tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).
The tool allows users to:
Perform Pass-the-Hash on Windows
'Steal' NTLM credentials from memory (with and without code injection)
'Steal' Kerberos Tickets from Windows machines
Use the 'stolen' kerberos Tickets on other Windows or Unix machines
Dump cleartext passwords stored by Windows authentication packages
http://www.ampliasecurity.com/research/wcefaq.html
http://www.ampliasecurity.com/research/wce_v1_3beta.tgz
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Source: http://www.aircrack-ng.org/
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. 
Source: http://www.apachefriends.org/en/xampp.html
mimikatz # privilege::debug
mimikatz # inject::process lsass.exe sekurlsa.dll
mimikatz # @getLogonPasswords
http://blog.gentilkiwi.com/mimikatz
Windows Credentials Editor
http://devteev.blogspot.com/2012/02/0day-lsa.html
What is FreeOTFE? FreeOTFE is a free, open source, "on-the-fly" transparent disk encryption program for PCs and PDAs
With this software, you can create one or more "virtual disks" on your PC/PDA. These disks operate exactly like a normal disk, with the exception that anything written to one of them is transparently, and securely, encrypted before being stored on your computer's hard drive.
Features include:
- Highly portable - Not only does FreeOTFE offer "portable mode", eliminating the need for it to be installed before use, it also offers FreeOTFE Explorer - a system which allows FreeOTFE volumes to be accessed not only without installing any software, but also on PCs where no administrator rights are available. This makes it ideal for use (for example) with USB flash drives, and when visiting Internet Cafés (AKA Cybercafés), where PCs are available for use, but only as a "standard" user.
- Source code freely available
- Easy to use; full wizard included for creating new volumes
- Both PC and PDA versions are available; data encrypted on your PC can be read/written on your PDA, and vice versa. Supports all versions of MS Windows from Windows 2000 onwards (including Windows 7), and Windows Mobile 2003 and later (including Windows Mobile v6.5)
- No need to install it; making it ideal for use on USB memory drives, etc
- Support for encrypted Linux volumes (Cryptoloop "losetup", dm-crypt and LUKS)
- Available in English, Spanish, German, Italian, French, Czech, Japanese, Croatian, Greek and Russian - with support for other language translations
- Optional support for smartcards and security tokens
- It's powerful: Supporting numerous hash (including SHA-512, RIPEMD-320, Tiger) and encryption algorithms (including AES, Twofish and Serpent) in several modes (CBC, LRW and XTS) - providing a much greater level of flexibility than a number of other (including commercial!) OTFE systems
- Encrypted volumes may either be file, partition, or even disk based
- Much more!
http://www.freeotfe.org/
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Is it really free?
Yes, KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.
http://keepass.info/index.html
Iperf
http://iperf.sourceforge.net/
Windows Iperf Installation - http://www.noc.ucf.edu/Tools/Iperf/
C:\iperf.exe -help
Usage: iperf [-s|-c host] [options]
iperf [-h|--help] [-v|--version]
Client/Server:
-f, --format [kmKM] format to report: Kbits, Mbits, KBytes, MBytes
-i, --interval # seconds between periodic bandwidth reports
-l, --len #[KM] length of buffer to read or write (default 8 KB)
-m, --print_mss print TCP maximum segment size (MTU - TCP/IP header)
-o, --output output the report or error message to this specifie
d file
-p, --port # server port to listen on/connect to
-u, --udp use UDP rather than TCP
-w, --window #[KM] TCP window size (socket buffer size)
-B, --bind bind to , an interface or multicast address
-C, --compatibility for use with older versions does not sent extra msgs
-M, --mss # set TCP maximum segment size (MTU - 40 bytes)
-N, --nodelay set TCP no delay, disabling Nagle's Algorithm
-V, --IPv6Version Set the domain to IPv6
Server specific:
-s, --server run in server mode
-D, --daemon run the server as a daemon
-R, --remove remove service in win32
Client specific:
-b, --bandwidth #[KM] for UDP, bandwidth to send at in bits/sec
(default 1 Mbit/sec, implies -u)
-c, --client run in client mode, connecting to
-d, --dualtest Do a bidirectional test simultaneously
-n, --num #[KM] number of bytes to transmit (instead of -t)
-r, --tradeoff Do a bidirectional test individually
-t, --time # time in seconds to transmit for (default 10 secs)
-F, --fileinput input the data to be transmitted from a file
-I, --stdin input the data to be transmitted from stdin
-L, --listenport # port to recieve bidirectional tests back on
-P, --parallel # number of parallel client threads to run
-T, --ttl # time-to-live, for multicast (default 1)
Miscellaneous:
-h, --help print this message and quit
-v, --version print version information and quit
[KM] Indicates options that support a K or M suffix for kilo- or mega-
The TCP window size option can be set by the environment variable
TCP_WINDOW_SIZE. Most other options can be set by an environment variable
IPERF_, such as IPERF_BANDWIDTH.
Network Speed
http://www.optimumx.com/downloads.html
C:\netspeed.exe /?
Network Speed [Version 1.40]
Calculates the network speed (transfer rate) between two winsock hosts.
The syntax of this command is:
netspeed.exe /H:host|/S[:n] [/P:n] [/M:n] [/C:y|n]
/H:host : Client mode, host=name/address of a machine waiting in server mode.
/S:n : Server mode, n=# of times to answer before exiting, default is 9999
/P:n : n=Port number, default is 7777. (Both client & server must match)
/M:n : n=Megabytes to transfer, default is 10. (Only valid in client mode)
/C:y,/C:n: y=The data sent will be compressible; n=Not compressible (default).
Jperf 2.0.0
Графическая оболочка удобна при настройке всех параметров. Рисует наглядный график пропускной способности. 
Download Jperf 2.0.0
Complete Memory Dump: A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected.
* must have a paging file on the boot volume
* previous file is over written if a second problem occurs
Kernal Memory Dump:A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your computer stops unexpectedly. You must have a pagefile large enough to accommodate your kernel memory. For 32-bit systems, kernel memory is usually between150MB and 2GB. Additionally, on Windows 2003 and Windows XP, the page file must be on the boot volume. Otherwise, a memory dump cannot be created.
It includes only memory that is allocated to the kernel and hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated to Kernel-mode drivers and other Kernel-mode programs, not include unallocated memory or any memory that is allocated to user-mode programs
* previous file is over written if setting is checked
Small Memory Dump
A small memory dump records the smallest set of useful information that may help identify why your computer stopped unexpectedly.A history of these files is stored in a folder
The Stop message and its parameters and other data
A list of loaded drivers
The processor context (PRCB) for the processor that stopped
The process information and kernel context (EPROCESS) for the process that stopped
The process information and kernel context (ETHREAD) for the thread that stopped
The Kernel-mode call stack for the thread that stopped
* If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file is given a distinct name. The date is encoded in the file name. For example, Mini022900-01.dmp
To configure startup and recovery options (including the dump type), follow these steps:
Click Start, and then click Control Panel.
Click Performance and Maintenance, and then click System.
On the Advanced tab, click Settings under Startup and Recovery.
Tools for the dump types :
I386kd.exe. - complete & kernla dumps with the windows 2000 support
Dumpchk.exe - Small memory Dumps
Over the life of an operating system install, configuration changes can occur that prevent the operating system or applications from functioning correctly.
When a formerly working installation suddenly fails, a natural troubleshooting step is to return to the last working configuration that existed when the operating system, service or application last worked, or in an extreme case, return the operating system to its out-of-the-box configuration.
This article describes supported and unsupported methods to undo or rollback changes to the following elements:
· Permissions in the Registry, File System and Services.
· User rights assignments
· Security policy
· Group membership
For windows vista : secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
For windows 2000/2003 server : secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
For more information: http://support.microsoft.com/kb/313222
Here is the few possible ways to clear unwanted files/logs in C Drive instead of increasing disk size in virtual servers or moving page file to other logical drive.
Folder with path
Category
Action taken
C:\temp
Temp Files
Delete
C:\windows\temp\
Temp Files
Delete
C:\windows\Minidump\*.dmp
Memory Dump
Delete
C:\windows\memory.dmp
Patches
Delete
Patch files older than 3 months starting with $NTUninstall in C:\Windows
Patches
Delete
TSM_images folder at c:\
Temp Files
Delete
Older than one day IIS Log files - C:\Windows\System32\LogFiles\W3SVC1
Log Files
Compress
IBM Serverraid logs at C:\Program files\IBM\Serverraid manager\
Log Files
Delete
Virus definitions older than 2 days at C:\Program Files\Common Files\Symantec Shared\VirusDefs
AV files
Delete
Unknown Accounts of more than 1.5 MB are deleted
Profile
Delete
Security and Apllication Event logs older than 180 days or 90% full - C:\Windows\System32\Config
Log Files
Archive
C:\documents and settings\ all users\Application Data\Symantec\Liveupdate\Downloads
AV files
Delete
Older than one month data at C:\Windows\SoftwareDistribution\Download
Patches
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\*.VDB"
AV files
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\*.WDB"
AV files
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\*.IAB"
AV files
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\*.IAD"
AV files
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\*.IEX"
AV files
Delete
"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp\*.*"
AV files
Delete
Delete the files in the %AllUsersProfile%\Application Data\Microsoft\Dr Watson folder
Memory Dump
Delete
Delete all *. Dat except config.dat file from C:\program files\Common files\Mcafee\engine\oldengine
AV files
Delete
Delete all *. Dat except config.dat file from C:\program files\Common files\network associates\Engine\old engine\old dats
AV files
Delete
Delete followingf files from C:\WINDOWS
Delete
a. kb*.log
Log Files
Delete
b. setup*.log
Log Files
Delete
c. setup*.old
Log Files
Delete
d. setuplog.txt
Log Files
Delete
e. winnt32.log
Log Files
Delete
f. set*.tmp
Temp Files
Delete
Move %Windir%\ServicePackFiles folder to a different volume.
Patches
Move
C:\Program Files\ibm\SCM\client\scripts\win.any.SAPV6\config\jacx.log is this log file is more than 500 MB
Log Files
Delete