Windows Shellbags

Discussion in 'Technical' started by darkfall, Sep 2, 2016.

  1. darkfall

    darkfall Monkey

    Windows keeps track of every file you have ever opened. It also logs every directory you looked in and every USB device you have connected. It stored the logs on a part of the registry called "shellbags". If your computer has been infected by a virus that allows remote access whoever is on the other end will know exactly what you are reading and likely what you are doing.

    You can see what is stored in shellbags with ShellBagsView: ShellBagsView - View All Folders Settings Of Explorer

    You can see what is in shellbags and remove entries with Privizer shellbag cleaner: Free PC cleaner - Download. Then double check with ShellBagsView after reboot.

    Shellbags is one of the first places a data forensics person will look if they are investigating you. You may not even be aware that you are under investigation or that you have gotten attention from one of out 3 letter agencies.

    If you Windows 10, the built in Windows Telemetry "feature" may already make this information available to Microsoft. Windows 7 and Windows 8 updates add telemetry in a variety of updates, so you are likely already sending information without realizing it.

    Sgt Nambu likes this.
  2. DarkLight

    DarkLight Live Long and Prosper - On Hiatus Site Supporter

    Which is why I run Linux on any critical system.

    Yes, I know, <insert your application here> doesn't run on Linux. I'm personally okay with that and more and more IS running via Wine. I have foregone software and just learned to deal with it if it doesn't run on Linux.

    On the other hand, if you have a business and MUST run Windows, DON'T DO STUPID SH!T ON THAT BOX!
    Ganado and BTPost like this.
  3. BTPost

    BTPost Stumpy Old Fart Snow Monkey Moderator

    If I need a WINDOWs Box, I run it in Virtual Machine.... I also only run 2000Pro and XP VMs which are connected to the Internet, thru the Virtual Machine and are isolated, from ANY Incoming Queries, by the Packet Monitoring suite, running on the Base OS.... It also does NOT allow any outgoing Internet Packets, except those that I choose to let thru.... If I should get a Virus, or Corruption, I can go back to the the VM as it stood, a Day, Week, or Month, before and reload it, from that Source. Windows holds NOTHING, for my operations, so I only need it rarely...
  4. darkfall

    darkfall Monkey

    Information on Linux from a forensics expert. You must take care regardless of what operating system you use. These are his words not mine. He has little regard for Linux including Tails. Nothing is safe.


    Oh look, another Linux user who thinks he's l33tx0rz because he knows how to install some Linux ISO and bash Windows.

    You're looking at rare insider information and you're complaining about not seeing guides that are already everywhere online.

    Listen kid, Linux may look secure to you, but to us it is just some insecure garbage. The Linux kernel is centralized but everything around it is heavily fragmented, every distro uses its own repository, or worse, share different sets of custom repositories and lib conflicts, everyone from experts to 13yo newbies keep duct-taping new codes onto it, adding new bugs and vulnerabilities.

    The Linux firewall is substandard, major Linux distros all do background updates, exploits are popping up everywhere just like Windows. Things got even worse after the controversial switch to systemd, due to Linux developers being too lazy to write proper init scripts.

    One of the most popular Linux distro is Mint, their site got hacked and was serving back-doored ISO just 6 months ago.

    So if you want to talk real l33tx0rz security, don't even mention Linux, use a real secure OS like OpenBSD, browse with a text browser like Lynx and encode video using ffmpeg in the shell, no GUI, no iptables (the Linux firewall), and no systemd, compile everything from source and don't do any binary updates.

    For desktops, Windows still has 80% market share while Linux is still stuck at 1.5%, bash Windows all you want, people are not going to switch any time soon.

    Over 90% of the people we busted used Windows, that is why I am writing this guide. I don't really care how secure Tails is, because I know for a fact I can write guides after guides on Linux but at the end of the day less than 2% of the people we bust will ever use it. Tails has too many unnecessary moving parts for my taste anyway.
  5. chimo

    chimo the few, the proud, the jarhead monkey crowd

    GUI is for wussy. ;)
  6. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    MS OS is always going to have vulnerabilities. From the .NET framework, to reporting and remote assistance, MS is a living security disaster. What isn't a security risk, is certainly monitored by MS so they can try to block third party software and receive cash from licensing these third parties to have access to their OS. Assume everything is open when using MS OS.

    The Linux Mint website was "hacked", and a corrupted ISO was quickly found, reported, and corrected. It only affected the single version of the ISO (17.3 cinnamon) and only for the one day it was actively hosted. Since this happened, new measures have been taken to avoid these script kiddies and their useless attempts to undermine the open source community. There are currently zero vulnerabilities like this which exist, and no active Linux security risks. The Linux OS varieties are not hacked.


    Children bragging about what is more secure, with no real justification for their macho pride. They really should leave the expert opinions to the experts.
    tacmotusn likes this.
survivalmonkey SSL seal warrant canary