Archive for the 'Certification/Security+/General Security Concepts' Category
Windows Password Recovery: ONTPRE

Offline NT Password & Registry Editor (ONTP&RE)

Did you lock yourself out of your Windows system?  Forgot your Windows password?  What is the best Windows password recovery?

The best way is to have a Windows Recovery disc ready.  But this is something you must do BEFORE you get locked out.



There are tools you can use to get into your system, but the first think you should try is to use “Administrator” as the user with no password.  “Administrator” is a default account on Windows systems.  On Windows 7 it is disabled by default but if someone has used the account you may be able to use it as backdoor into the system.

If their is not Administrator account and no Windows Recovery disc you will have to use a Windows password recovery tool.  ONTP&RE is a password recovery tool that allows quick access to windows systems.

Reset Password : Windows 7

1.  Download ONTP&E: First, download the Windows password recovery software from .

2.  Unzip ONTP&E:  Files are compressed into 1 folder named (  Unzip the file.

3.  Create CD with ISO:  Set the cd disc creator into ‘image to  disc’’. Burn the image to the cd.  Each CD burner software is different, so you will have to figure out how to create a CD from the ISO.  Sometimes its as easy as double clicking the ISO but it depends on the type of software.

4.  Reboot & Insert:  Actually, you need to make sure your Windows system is able to boot from the CD.  Once its done , insert the cd back to the CD ROM  and reboot your computer.

5.   Computer Boot from CD:  As your computer reboots, keep hitting F2 to go through the BIOS.  Select “Boot Options”.  Some versions of BIOS call this “Boot”.  But the idea is the same.  Go into the BIOS and make sure CDROM is on the top of the list for boot options.  This means that the computer first looks at the CD before going to the Hard Drive.  Instructions on modifying BIOS settings will be listed on the page.

6.  Boot into ONTRE:  Once the BIOS boot option is set, save and exit.  Your system will boot into your ONTRE disc.  Software will start running. Just follow the steps.  “Press enter” to boot into the “Offline NT Password & Registry Editor” CD.

windows password recovery

screen shot of Offline NT Password & Registry Editor

7.  Select an Account:  It will ask you to select an account.  If you hit “Enter” it will automatically boot into the [Administrator] account.

*note: Anything in [brackets] is the default value, so if you hit “Enter” it will auto-magically choose that [bracket] value.. its a linux thing.. you wouldn’t understand.

If you choose the “Administrator” account, you may need to Enable the account since the built-in Administrator account is  disabled by default in certain versions of Windows.

8.  Enable Built-in Administrator Account:  The Windows account  needs to be enabled.  Select 4  and enter ‘to Unlock and enable user Account’.

windows ontpre menu enable

windows ontpre menu

9.  Clear (blank) User Password:  After selecting 4-Unlock and Enable user account, you will be sent back to the User Edit Menu. If you want to clear the Administrator password (if it has one) then hit enter or type Administrator and Select 1 and “Enter” – to clear the user password.

10.  Save Changes:  Once you have made all the changes you want (enabled the Administrator account & cleared any passwords), you are ready for the next step.  Hit  ‘!’ and enter.

Windows Password save changes

Windows ONTP&RE password save change

On the screen it asks ‘What to do’?  hit q to quit. You will see:

Step FOUR:  Writing back changes

“About to write file(s) back.  Do it ?’’

Hit   Y  and enter to save changes.

11.  Last Step:  Hit “Ctrl-Alt-Del” to reboot and eject the cd quickly.  This will allow the system to boot into Windows on the Hard drive.

You can now login as “Administrator” with NO password.

Once you are in as Administrator you can change passwords of any local accounts in Control Panel | Users.

What Do You Love? (by google)

Google has a search tool call “What do you love?” You type in whatever you “love” and it gives you results of books, video, emails, products and items related to what you typed in.

I am a HUGE fan of Google despite my fear of the organization potential power and inevitable growth into our personal lives. So I type in something I love.. SEX.

And it gave me kittens. WTF
Why does google hate sex? I don’t get it.
The only thing better than Google would be a Google that does not wuss out about sex and porn because it might offend people. Google is pretty strict on pornography.

They recently got tough on religions. They recently removed churches from their non-profit list. I guess Google allows non-profits the ability to get Google Ads free! Which shows some sort of backbone although some religious organizations are incredible (and REAL non-profits) so I hope they don’t to secular on that decision.

Security Now Episode #95

Steve Gibson and Leo Laporte talked about OpenID on Episode 95.  OpenID would provide a single-sign on verification for site logins.  This would not replace something like SSL (which is mutual authentication), but it would be better for simple site logins to sites like, and others.

BYU professor Philip J. Windley, explains how OpenID works on his site.

Domain 1.0 – General Security Concepts (Security+)

1.1 Recognize and be able to differentiate and explain the following access control models

 o MAC (Mandatory Access Control)

· Access controls based on security labels (Sensitivity labels) associated with each data item

· Lattice = MAC model

· Uses levels of security to classify users and data is a characteristic of MAC

o DAC (Discretionary Access Control)

· Access controls that are created and administered by the data owner are considered.

· Each object has an owner, which has full control over the object

· Inherent flaw in DAC is that it relies only on the identity of the user or process, leaving room for a Trojan horse

o RBAC (Role Based Access Control)

· Access control decisions are based on responsibilities that an individual user or process has in an organization

· Relationship of user, role, operation: multiple users, multiple roles and multiple operations


Recognize and be able to differentiate and explain the following access control models

· MAC (Mandatory Access Control)
· DAC (Discretionary Access Control)
· RBAC (Role Based Access Control)

To understand MAC, DAC and RBAC you must first understand Access Control.

Access Control is the control of user and process control access to  network and operating system resources.  For example, many spyware and adware applications not only download themselves on to your computer without your permission, but they also help themselves to your systems CPU, hard drive and memory.  What happens to most of us is that we get hit with 10 or 15 of these applications by accessing the Internet without protection.  Imagine 10 to 15 badly written memory hogs using your CPU and memory to access your cached references to your web surfing habits (or worse credit card, ssn) and send that potentially valuable information to some server in Nigeria or Russia.


Mandatory Access Control (MAC)


Mandatory Access Control is military grade security.  Like DAC, it has been around since the 60’s.  With MAC, the security on all resources are strictly policy controlled.  All processes and users (or subjects) must specifically given permission to access a resource (or object). 


Subjects are given a number indicating their level of access.  Subjects can access any object with a lower number.  With modern military and national security systems this permissions matrix is supplemented with a classification level.


Discrestionary Access Control (DAC)


Discretionary Access Control is where a subject has control over an object. In this case a “subject” could be a home user.  And lets say the home user has admin privileges because he wants to download applications like Kazaa Lite ++.  The “object” or resource is Money Quick, a financial application that creates important bank account spreadsheets. 


The home user is no fool so he locks the Money Quick application down so that only the administrator has permissions to the file.  She is the only administrator on the computer so there is no problem right?  Wrong.  With DAC any application that runs while the current user is logged on has the same permissions. 


So, the home user finds Kazaa Lite ++ on Internet and downloads it.  The shareware app is of course loaded with all kinds of spyware, adware, Trojan filth that goes directly for her Money Quick software.


Is very popular and has been in use primarily in the commercial and academic worlds since the ’60’s.


Role Based Access Control (RBAC)


Role Based Access Control is fairly new and is considered the evolution of the DAC & MAC.  With RBAC, each subject is assigned a role.  Users without roles can be put into groups that pertain to a certain department or job such as sales or management.  Objects only allow subjects on a permission basis.  Modern operating systems such as Solaris, Linux and Window 2k/XP/03 are perfect example of how Role Based Access Control works.


The RBAC started in the 1990s and fully materialized in the RBAC96.  There is currently a lot of research being done on the RBAC.