Re-installing GTA V without download

I am a Windows Insider and recently had to revert back to Windows 8.1 due to some issue with a recent build. I don’t really mind as I know I am testing and am prepared to quickly switch Windows version without much more work than reinstalling the applications I use.

I achieve this by keeping most of my data on services like OneDrive and Visual Studio Online for my sources. I am also using multiple disks where my system disk is primary for OS, applications and cloud stored data. My secondary disk is where I keep files that I could be without but that is easier too keep, such as game installs. With GTA V being around a 60GB install I would prefer not to download it again even though I have plenty of bandwidth, but why use something when I don’t have to?

I was not sure how to be able to avoid having to download the GTA V files so I made a wild guess and started the install in the same folder as I had installed it previous. It seemed to start to do a full download, which would take a while, but it is also possible the installer is smart enough to see the already existing files, well, if not here is what I did that worked out fine.

  1. Start install into same folder as existing GTA V.
  2. Cancel when it is downloading
  3. Start install again
  4. Choose repair option
  5. Tada! All done in a few minutes.

It seems the repair option skips downloading if it finds all files to be correct.

I noticed I restarted my progress on story mode, but my online character was as I left it. Pissed and high in the strip club.

TechDays 2015 Keynote

Well, to be honest, I didn’t pay that much attention. Going up early and sitting down in the very comfortable chair made me doze off a bit. At least until James Whittaker took to the stage.

It was an interesting keynote, most of what you will find in his writing available at the link above.

You should have been there! 🙂 Now you can! James part start after 30 minute mark.

Next up Performance and Debugging with the Visual Studio Diagnostics Hub.

Microsoft TechDays 2015 and passing the hash

This year I went to Microsoft Tech Days in the Netherlands, hold at the World Forum in The Hague. I secured my ticket early and many thanks to Indivirtual that covered the cost and let me have a couple of days off to attend it. The event was awesome and here are some of the things that I experienced and learned.

For the first day I went up early in the morning to be able to catch a session before the keynote, early birds are early. Getting there involved a tram, a train and another tram. At the Hague Central Station I felt someone tapping me on the shoulder, did I forget to check in/out or? It turned out to be my colleague Sujen that had been on the same train. We headed off towards the World Forum.

We got there just on time and after a quick registration and receiving the mandatory SWAG he joined me for the session I had in mind: Pass the hash and Credential Theft – causes and practical mitigation. A presentation by Aaron Margosis, a Windows nerd, about techniques to hack networks. Cool!

It was an interesting presentation with the mandatory joke about the Dutch and passing the hashish.

The attack vector that passing the hash addresses is that Windows uses hashes of password to authenticate with other computers. What I found interesting was that the hash is stored locally and it is possible to extract it by using various tools. The tool used in the presentation was mimikatz and psexec.

Since these computers authenticate you by the hash you pass it is the root of this vulnerability.

From the presentation I also understood that this is not easy to resolve in the operating system. When used in a server cluster it seem that it relies on being able to pass the hash and while not solved now, by for instance using a password salt as an audience member suggested, it may be in the future.

If you have had more than one Windows computer in a network where you had the same Administrator user on both with the same password. Did you ever think about that you didn’t have to re-enter the password as often as if you had different passwords? Since the hash would be the same on both computers, passing it over to another would successfully authenticate as the local user on the other computer.

When an attacker gains access to a domain attached computer they will be able to authenticate as all users, domain as local, that has logged on to that computer by passing the stored hash of the password I am not quite sure how long the hash is stored but I saw some very old password, in clear text, when testing out mimikatz.

At the moment there is no universal solution for this but a couple of recommended practices to mitigate it. Well, some may say not to use Windows which is correct. 🙂

How to really avoid this today?

Do not login with domain administrator on any computer, basically only login with it on a dedicated computer to avoid mixing with users of other security tiers.

Do not use same password for same local user on computer in the network. As example, if your company uses the same image to setup all computers and do not change the local passwords it may be a possible attack vector.

There is a tool to help mitigate this. Local Administrator Password Solution (LAPS)

I am a developer so I will leave it up to any Tech Pro to figure out how to use it.

Overall, a very interesting presentation to see even for me as a developer and hobby hacker.

Next, the keynote.