Microsoft Windows Defender SmartScreen demo pages for testing

Microsoft provides some demo or testing pages, in which the Microsoft Windows Defender SmartScreen functionality can be tested, similar to the EICAR test virus:

https://demo.smartscreen.msft.net/

Microsoft Smartscreen Test URL Rep Demos

Is This Phishing?
Alert the user to a suspicious page and ask for feedback → https://nav.smartscreen.msft.net/other/areyousure.html

Phishing Page
A page known for phishing that should be blocked → https://nav.smartscreen.msft.net/phishingdemo.html

Malware Page
A page that hosts malware and should be blocked → https://nav.smartscreen.msft.net/other/malware.html

Blocked Download
Blocked from downloading because of its URL rep → https://nav.smartscreen.msft.net/download/malwaredemo/freevideo.exe

Potentially Unwanted Download
A download that may have unwanted content → https://nav.smartscreen.msft.net/download/puaademo/freevideo.exe

This feature is available only on the next major version of Microsoft Edge, based on Chromium

Exploit Page
A page that attacks a browser vulnerability → https://demo.smartscreen.msft.net/other/exploit.html

Malvertising
A benign page hosting a malicious advertisement → https://demo.smartscreen.msft.net/other/exploit_frame.html

Microsoft Smartscreen Test App Rep Demos

Download and run these files to see how SmartScreen responds.

Known Good Program
This program should run → https://demo.smartscreen.msft.net/download/known/freevideo.exe

Unknown Program
SmartScreen should show a warning before running → https://demo.smartscreen.msft.net/download/unknown/freevideo.exe

Known Malware
SmartScreen should block this program from running →
https://demo.smartscreen.msft.net/download/known/knownmalicious.exe

Ping with timestamp in powershell

Sometimes you want to simply check something from a Windows system with ping and review it with timestamps. In order to do that you may use the following commands in powershell

 ping.exe -t 8.8.4.4 |Foreach{"{0} - {1}" -f (Get-Date),$_} > C:\temp\ping_googledns1ipv4.txt
 ping.exe -t 8.8.8.8 |Foreach{"{0} - {1}" -f (Get-Date),$_} > C:\temp\ping_googledns2ipv4.txt
 ping.exe -t 2001:4860:4860::8844 |Foreach{"{0} - {1}" -f (Get-Date),$_} > C:\temp\ping_googledns1ipv4.txt
 ping.exe -t 2001:4860:4860::8888 |Foreach{"{0} - {1}" -f (Get-Date),$_} > C:\temp\ping_googledns2ipv4.txt


Example without writing the output into a file:

PS C:\Users\flo>
PS C:\Users\flo>  ping.exe -t 8.8.4.4 |Foreach{"{0} - {1}" -f (Get-Date),$_}
02.12.2020 08:53:32 -
02.12.2020 08:53:32 - Ping wird ausgeführt für 8.8.4.4 mit 32 Bytes Daten:
02.12.2020 08:53:32 - Antwort von 8.8.4.4: Bytes=32 Zeit=34ms TTL=56
02.12.2020 08:53:33 - Antwort von 8.8.4.4: Bytes=32 Zeit=42ms TTL=56
02.12.2020 08:53:34 - Antwort von 8.8.4.4: Bytes=32 Zeit=32ms TTL=56
02.12.2020 08:53:35 - Antwort von 8.8.4.4: Bytes=32 Zeit=34ms TTL=56
02.12.2020 08:53:36 - Antwort von 8.8.4.4: Bytes=32 Zeit=28ms TTL=56
02.12.2020 08:53:37 - Antwort von 8.8.4.4: Bytes=32 Zeit=31ms TTL=56

Browser Client-Side Storage Partitioning - Total Cookie Protection

A step to increase it-security is segmenting client-side (cookie) storage: https://github.com/privacycg/storage-partitioning

"User agent state that is keyed by a single origin or site is an acknowledged privacy and security bug. Through side-channels or more directly, this allows:

  1. A top-level site https://site-a.example A to infer that a user is also visiting top-level site https://site-b.example B, by embedding resources or documents from B in A. Beyond visiting, it can also allow A to infer specific state from B that depends on the user, thereby revealing many aspects of the user. Timing Attacks on Web Privacy, XS-Leaks, and COSI discuss this in more detail.
  2. Conversely, it allows a site https://tracker.example whose resources might be embedded on many different sites, to track the end user across these sites.

To solve a key aspect of this, any such user agent state needs to be keyed by more than a single origin or site.

There are many standards that together make up a user agent and many of these standards define “problematic” state. This repository’s issue tracker is where we're coordinating the effort to address these issues in an ideally holistic manner. The actual changes will happen in each impacted standard and are collated here for visibility."

Therefore Mozilla Firefox has started Total Cookie Protection in version 86. In Mozillas blog post is a nice picture, which explains the principle of client-side cookie storage partitioning:

Cribl - Change values to lowerCase

Some logs (e.g. Microsoft Azure) sometimes are not fully normalized to all lowercase characters. You can use Cribl to adjust those values by...