Month: January 2016

Another Layer of Defense… Microsoft Baseline Security Analyzer (MBSA)

Once installed, you can use the program via the GUI or command line. If utilizing the GUI, it is very straightforward as there are only three options available (scan a computer, scan multiple computers, and view existing security reports).

At the conclusion of a scan, a report will be produced at which time you will be presented with an overall assessment and a breakdown of each category analyzed. The score is broken down into four categories, which are depicted below.

• Green checkmark — check passed
• Yellow exclamation — check failed – (non-critical)
• Red “X” — check failed (critical)
• Blue “I” — additional information

An additional benefit is that the program depicts what was scanned, the result details, and how to fix the program. While MBSA shouldn’t be the only defense a user has on their system, it should definitely be in their arsenal.

When a scan is performed, the program reaches out to the Internet to get the latest information, in order to accurately depict the state of the system. There may be cases where an Internet connection is not feasible and in that case, you can use MBSA offline. The offline assessment would then only be able to provide the information it knows about as of the last time it scanned and had Internet access. The use MBSA offline yet still have updated information, you can air-gap a few files over to the system doing the scanning. The files needed to do an offline assessment are

• Security update catalog (, available from the Microsoft website:
• Windows Update Redistribution Catalog (wu at
• Authorization catalog ( for Windows Update site access, available from the Microsoft website or by examining the contents of the file at
• Windows Update Agent standalone installers (if not already installed). The latest versions are available by examining the contents of the file at


Linux Secure Copy (SCP)

SCP is a must for quick transfer of files in native environments. In order to interact with a Windows machine, an SSH server is needed on the system but you may be able to get around that be specifying a different port.

Below are a few examples of how it help you in your daily work.

Copy the file “some_data.txt” from a remote host to the local host

Copy the file “some_data.txt” from the local host to a remote host

Copy the directory “some_dir” from the local host to a remote host’s directory “data”

Copy the file “data.txt” from remote host “sys_1” to remote host “sys_2”

Copying the files “data.txt” and “more_data.txt” from the local host to your home directory on the remote host

Copy the file “data.txt” from the local host to a remote host using port 2264

Copy multiple files from the remote host to your current directory on the local host

Search Exchange 2010 Mailboxes

NOTE: The user you run the script with must have the “Discovery Management” RBAC Role.

This script will search all mailboxes for email with attachments named “document1” and “document2” regardless of the file extension. The script will then copy the email message to the “admin.mailbox” mailbox in a folder called “Search_07102014”. Once the script is complete open “admin.mailbox” in Outlook and you’ll see the “Search_11242015” folder under the Inbox containing all the results.

This modification will search for all “.doc” and “.pdf” files and copy them to the same mailbox and folder.

To search for keywords use this modification.