Still alive, just had some funding snags until I got paid. 🙂

You can grab Remote Desktop PassView from NirSoft but you will likely need to disable defender to make it run. I made this thread as it followed my mental rule for making a note of something handy I used in the past.
In my recent Windows 11 case this week, I forgot my main user password but logged in from another PC with saved RDP credentials, changed the password on a second local admin ( You can change another user's password without their old one, but while logged in locally as the same user, you need the current ( forgotten temporarily ) to change the current pass.
Logging in as second admin, I could then reset local admin password to something new, without the existing pass being needed.

I just made a crabby twitter comment ( as opposed to any other kind on there? ) about many No-CD fixes getting spirited away from Windows 7 onward and Defender's choice for 'bad files'. Typically removed with no notification or direct logging either. If you like it and want to archive it, store it on a Non-Windows based file server.

Bonus random note of old: If you are logging into another device without a domain, you can set your username and password to the same on local and your network share or what have you. Most all the time, you will be able to connect without being prompted for a password, since they are already the same.

Fun WiFi migration? Set your Access Point ( AP Network Name ) and password to be the same as a Wifi network you have already connected to. Your devices will be on the new access point without issue, most of the time. There are extra settings that could handle this change but the likelihood of them being a factor are very low. Save time migrating off access points and testing things or pretending to be an existing network,

Auto-connect being a client default makes this extra handy based on whatever you may be working on or with.

Prerequisites: Use whatever OS you like!  I have encoded using the same utilities on Linux, but in this case I'm using Windows.  Mac support should be comparable as well.

• mplayer
• ffmpeg
• your favorite text editor
• some patience while files encode
• A means to download source stream files. I am using Twitch Leecher in our case.

Since I am talking about Twitch being our source file, I use Twitch Leecher to grab the raw .mp4 file from Twitch.tv servers.  For point of reference your 720p video if it is 2 hours, it will be approximately 2.2 GB!  Shit, that's a pretty big file.  Your size to time ratio may vary but that puts into perspective the next step.  Encoding to .avi files.

Before we start, make sure you grabbed mplayer and ffmpeg.  For the Windows heads, let's make this easy and pick a folder for encoding files.  Let's say

D:\encodes

You can set paths and stuf for mencoder and ffmpeg, but let's be lazy and drop those extracted files into D:\encodes.

As you may guess, we will also copy the raw .mp4 file we want to encode into the encodes folder too.

Next step: let's prepare the encode scripts.  Considering you might be doing this for more than one episode, let's just gear up to batch this process out for multiple files and to make your task easier, for each new episode.

Pause for giving an overview of our process:

• Download the raw file
• Encode it with Xvid to trim some of the file size down
• Make an MP3 to strip the audio
• Run a maintenance task to make sure the timing index (You'll see why below)
• Upload your files somewhere for people to get them
• (Optional) Make an XML RSS Feed for your Podcast submissions

Sample Windows Batch file to make an .Avi:

@echo off
echo Cooking it up
mencoder "041_AndrewMorris_GreyNoise_io.mp4" -ovc xvid -xvidencopts bitrate=1800 -o "041_AndrewMorris_GreyNoise_io.avi" -oac mp3lame -lameopts abr:br=192

The 1st .mp4 is your source, I'm setting the bitrate for video to 1800 kbs, -o is outputting the encoded Xvid .avi and the the audio track is being encoded at 192 kbs bitrate for the same .avi output file.

Neat.  So now that we have a newly encoded .avi file.  Be a good encoder and test it!  Granted if one works, you should be golden for your other encodes.  Remember, that's why we are scripting it too.  Nice way to save some sanity while gaining consistency.

This will not be an instantaneous process.  I want to say my average FPS encoding is about 70 to 90 FPS when encoding the video.  So be prepared for that.

Next up: Let's cook up some tasty MP3s.

In this batch script, we are going to extract the audio from the raw .mp4, but label it as fixTimings.mp3.  Try to just run that encoded file and you will see the timing for the track is all broken and randomly changing.  that may have been fixed in a later version of mencoder, but I call ffmpeg to fix it.

@echo off
echo Cooking it up
mencoder "041_AndrewMorris_GreyNoise_io.mp4" -of rawaudio -oac mp3lame -lameopts abr:br=192 -ovc copy -o "041_AndrewMorris_GreyNoise_iofixTimings.mp3"
echo Sync Audio
ffmpeg -i "041_AndrewMorris_GreyNoise_iofixTimings.mp3" -acodec copy "041_AndrewMorris_GreyNoise_io.mp3"

As you can see in the ffmpeg call, I use the source file with bad timings and make a corrected .mp3 with the proper time tables.
Luckily, encoding just audio is crazy faster than doing video and audio.  On an Intel i7-7700k setup I do about 550 FPS in respect to speeds.

As I mentioned previously about the videos TEST YOUR OUTPUT FILES!  Once you have the first few good, you should have no shock or issues processing later files.

Getting into writing an RSS feed in XML:

Let me stop here for now, as the next steps would be uploading your encoded files, writing a RSS feed in XML then submitting that to various podcast services (iTunes, Spotify, Google Podcasts).  You can always view source of your favorite podcast (Duh, it should be ThugCrowd) and edit to your whim.

While most web browsers do not display RSS feeds in a nice format anymore besides OG Firefox engine (IE: PaleMoon web browser), you will see the XML displayed that is key to being processed by the podcast services.  None of the podcast services host your content, they basically point to your RSS XML feed and the file paths you specify for each episode.  So you will want formidably reliable a host.

As I mentioned, there are some specific tags for iTunes you should specify to make sure your podcast gets listed.  Out of respect for your listeners, be sure to add the date of episode, file size and track length.  It should also help you get listed since you gave good info out of the gate, before submission.

Then when you have a new episode, just add a new Item block with the relevant criteria and you have updates or all your subscribers to know there is a new episode!  Ok that is the end of this guide for now.

Preface:
This guide is for sharing a forensic approach to imaging a hard drive or solid state device.  I tend to not see many forensically tooled guides, so this one covers imaging from the perspective, that you need a verifiable image of a drive you will be working with.  I am writing it will full intent to be useful without needing to have a Write-blocker or needing to run and wait for the sha256 signature checks to be run.  In effort to be accessible I will cover the imaging of a Raspberry Pi with Raspbian and getting that running.  If you are familiar with that process, please jump ahead to the Action section.
My logic for using a Raspberry pi is because they are some of the cheapest functional computers one can get.  My logic for imaging the Pi fresh from an ISO, is to be sure no extra data is left over on the Pi from any previous projects you might have been doing in the past.

I want to add a side-note that you can follow the steps under action for almost any Linux distribution on various hardware.  I have done similar on a current era laptop running Tails before.  Your CPU heavy tasks like sha256sum will likely run much faster than on the Pi 2 I used for this guide. USB hard drive performance may also run higher based on your USB drive connectors and laptop, versus a Raspberry Pi 2.  Just for point of reference, I wanted to mention this.

I also have done a fire talk on imaging with dd.  The slides are shared and also transcribed in the linked thread.

Preparation:
Tools needed:

• Raspberry Pi
     
• SD Card
      
• A USB to MicroSD reader (to image your Pi)
      
• Power Supply
      
• HDMI Display
      
• Keyboard and probably a mouse
     
• Post-It notes to label your drives
      
• A USB powered hub (you want this for use with the external drives)
      
• A USB SATA Dock
      
• USB Write-blocker to prevent making changes to source drive. (or you can use a second USB dock but cannot count on the full unchanged integrity of the source USB drive.)

As I mentioned the Write-blocker, that will increase your cost quite a bit. Roughly $300 if you are going to use a Cru ComboDock 5.5 that I use.  You are still fully able to follow this guide without one, but minor changes to your source drive may happen while you read data from it (especially if you browse the drive contents and it generates thumbs.db files) and that would cause a problem in the sake of capturing a forensically sound image of that source drive.

With that noted, let's get the Raspberry Pi ready to go with a fresh install of Raspbian OS.

Download latest Rasbian to your main computer you are reading this from.
Install to sd card with etcher imager (resin.io is the imager I used to write the .iso to MicroSD Card)
Put sd card in your Pi and boot it up.
Bring up a terminal and set pi passwd (default password is: raspberry)
Raspberry Pi Configuration can be found under Preferences on the menu of Raspbian Desktop.  On this first tab of System you can change the bottom options:
    

• Disable auto login
      
• Boot to CLI

Now that we have the Pi booted and setup, let's jump into the Actions portion of the imaging.

Actions

Hook up source drive (If no write-blocker, use a USB drive bay / or external drive).  Follow the below steps to identify your source drive.
No gparted on Raspbian anymore, so use Parted in the terminal.
  

sudo parted -l

Typically the first usb drive will be /dev/sda.  Also cross reference the output to make sure it matches to the size of the drive you just hooked up. (500 GB source drive in my case)
You can also  type ls /dev/sd* in a terminal to see what drive is connected.  Now that we know what the source drive is, go ahead and hook up the destination drive you are using to be the clone of your source drive.
In another terminal, type sudo parted -l again.  In my case I now see a /dev/sdb.  This is my second drive I will be using to write the clone of the source drive to. (1000 GB destination drive in my case)

For your sake, this is where I recommend using post-it notes to write a note to put on each disk, stating what one is the source and it's /dev/path.  Also doing the same for your destination and it's /dev/path.

Source drive is /dev/sda
Dest drive is /dev/sdb

With that out of the way, we are ready to jump into the long haul of running  a dd command.  This will copy the data from your source drive, block for block to the destination drive.  dd is quite a serious command and can result in data loss if you do it wrong.  Here is where a write-blocker is especially useful to prevent overwriting the drive.  Also this is where the notes on the physical disk are helpful.  Below is the command for the setup we outlined.

dd if=/dev/sda of=/dev/sdb bs=16384k status=progress

Let's break this command down.  I look at the if= being equal to Input file.  That's our source drive.  of= being Output file.  This is where our destination drive is being overwritten.  bs= is Block Size.  I go with 16384k as it is a block size I have seen around good for imaging.  status=progress is a nice add-on so you can see the results of the dd command.  Otherwise you would be waiting for the progress to output once it is done.
This will take quite some time. 500 GB source to a 1TB destination drive.  Easily took about 8 hours as the finished results state:
27184.1 s, 18.4 MB/s.  Divide that by 60, then again by 60 and I got 7.55 hours to image a 500 GB drive to a 1 TB drive.
Hurry up and wait as you are doing a block for block image, so it even will copy the blank space to the destination drive.

Once done, verify each drive matches (Especially for forensic sake and use of write blocker).
Drive to drive sha will not match, so you want to do it for the partitions specifically.  Once again, be warned that it took around 7 hours on this Pi setup to run sha256sum against each one of these partitions.  Below are the commands I ran to generate the sha256 signature, followed by their matching results.

sha256sum /dev/sda1
sha256sum /dev/sdb1

813dcb6470f62c7c12623a0ef092551965b83e501e70dff4e01e1220cebf0129  /dev/sda1
813dcb6470f62c7c12623a0ef092551965b83e501e70dff4e01e1220cebf0129  /dev/sdb1

Bingo!  Image is a success and the source partition is a match to our cloned partition.  For conversations sake, if you were to run sha256sum against the entire disks, they would not match up.  Keep in mind the destination drive I used is a 1TB disk, so it has more free space than does the source drive.

Here are examples of mismatched checksum, because we compared the entire disks where one was larger than the other.

83b3b53d577d0ae793c947220b4ef3aa3d323e8349e0d3615b77964ec5baeb80  /dev/sda
f24189b6160b9a91bf5037ade4d4ab2f45a9bad9ebe254c0a349688f8987bc10  /dev/sdb

That concludes this guide.  If you have an questions or feedback, reply in this thread or hit me up online.  Thank you for reading and visiting. 🙂

Now that we got out of the way, let us start with the hardware and software used to build your Virtual Machine lab.
+ A modern desktop or laptop running an x64 processor.  You can be running Windows, Linux or OS X for your desktop operating system, as we are going to use VirtualBox to build the VMs.  The following guidelines can be applied to your Virtualization platform of choice, but I like VirtualBox for sake of cross-OS Virtual Machine migration and price point for running VirtualBox.
+ 16 GB RAM or more is preferable.  You could get by with less but may find your VMs running low for resources and have less options for multiple, concurrent running VMs.
+ A SSD drive.  Running on an SSD will greatly speed up time to copy an existing VM and also improve desktop performance of the VMs.  You can get by on a HDD, but you will wait much longer to clone a virtual disk image and your virtualized desktop OS might be laggy.

Getting started, we want to install VirtualBox, make sure VT-x support is enabled (likely a BIOS setting you can set when your PC is booting up) and to download Windows Server 2016.  We could go with older versions of Windows and poke those with a security stick, but if you are trying to get some viable business experience, I would jump into the more recent OS, particularly as many businesses have been lagging on their migrations from older Windows Server versions.  There is no shame in learning and trying to also be marketable at the same time.

• VirtualBox:

https://www.virtualbox.org/wiki/Downloads

• Windows Server 2016

Download the ISO image. https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016/
This will give you a 180 day trial install.  So long as not doing so on the Domain Controller server with that role active, you can Sysprep the install to reset the timer and OS back to it's initial state.  More on that further in this guide.

While those download and you install VirtualBox, let's step back to overview your intent with this test lab.  We are installing an initial Windows Server 2016 virtual machine.  Once that is up, we will clone that image so we have a master control image.  For the sake of this lab, let's leave the Master image intact then create 4x master clones.  I'm going with 40 GB disk size for the VM, so roughly 200 GB will be used.

• Master Image (Do not change once all patched)
• Windows Domain Controller
• Microsoft SQL Server
• AppServer.  This is optional if you want to save space and piggy-back your potential test application from the SQL VM.
• Client machine.  Not necessarily on the domain.  This will be your client device / scan box / non-domain network sniffer.

Let's get started:
From VirtualBox, click the New button to create a new Virtual Machine.  Type: Microsoft Windows, Version: Windows 2016 (x64).  Name this initial VM 'masterControlImg' for sake of reference.  Click the box for 'Create a virtual hard disk now'.  Let's set the Memory option to '2048' AKA 2 GB. Then click 'Create'.  I want to add a note that the virtual machine name you enter here will also be the subfolder in your VMs folder for VirtualBox on your storage drive (on your actual main machine).  You will get weird errors if you try to make a VM the name of a folder that already is in that folder.  FYI to save you headaches on that note.
Next will be the Create Virtual Hard Disk screen.  Leave the path as-is since it will match the prior line about being in a folder named to your VM, 'File size' of 32 GB is fine (but I suggest 40 GB for when you start adding Active Directory services and Replication), 'Hard disk file type' to the default of VDI (VirtualBox Disk Image) is good, as is the 'Storage on physical hard disk' remaining set to Dynamically allocated.  Good, now we can press 'Create' on the virtual hard disk screen.

Now that VM is created, let's go into it's settings then onto the Storage tab.  The second drive should be a CD icon and on the right side you will see a drop-down when you click the CD icon.  Select 'Virtual Optical Disk File...' then browse on your local computer to where you saved that Windows Server 2016 ISO, click OK until you are back to your VMs listed on the 'Oracle VM VirtualBox Manager'.

With the ISO mounted for Windows Server 2016, boot your VM to install.  Hurry up and wait.  Follow the prompts (you want Server 2016 with desktop experience) and select an Administrator password.  For the sake of this lab, we can use 'Babydonthurtm3!' without the quotes.
You will want to take note of this for later use, as this is the local administrator account for this install and your cloned virtual machines.  Wait for the installer to finish and when done, it will let you login and see your desktop.

Now the install process for Windows begins.

End of the Windows install process.  Let us login to this VM.

Minimize Server Manager for now.  We do not want to add any roles or features yet.

Clicking the Settings Gear, we want to install Updates for our Template OS.

This will likely take quite some time.  Better to do it now than to need patching every other machine we make as well.

Install the most recent windows update patches, reboot and log back in.  Once the patches finish, shut this VM down.  Avoid booting this VM into windows, since it will be our Source VM for new instances.
Then back on the Oracle VirtualBox VM Manager, go to Settings for your VM, then Network.  Change the Attached to from NAT to 'Internal Network'.  You can make a custom name for 'intnetLab01' for ease of reference later, if you expand your VM labs.  This setting will allow all the other VMs we spawn to communicate with each other.  If you forget to do this step later for other VMs, come back here if you wonder why your VM cannot see the Active Directory Domain Controller.

Clone machine image prompts:

With all of this done, let's make a clone of this VM.  We will name this Clone 'WinDC01_testFTB' or the like, as it will be the Primary Domain Controller for our Windows Domain.  Be sure to check the 'Reinitialize the MAC address of all network cards' because you do not want the same MAC address trying to talk to another computer.  That would also cause issues with DHCP and all sorts of networking issues you do not want.  

You do want to make it a Full Clone instead of a linked clone.  Wait for the clone process to finish, then boot up your newly spun 'WinDC01_testFTB' VM.

Log in to the desktop.  Before you get started making this a domain controller, we want to SysPrep this machine.  The action of this command will make it seem like a new windows install with the most important result being it will have a new SID / Windows Install ID.  As you dig into active directory, you will see AD links the machine name to it's install ID / SID as a unique identifier.  If that didn't make a lot of sense, know that running Sysprep will allow us to join each of our copied VMs into this test domain, without machine conflict issues.

Click Start and then Run cmd.exe.  If it's not prefixed with 'Administrator: Command Prompt' in the title bar, click Start, type cmd then right-click to Run As Administrator.
In this prompt type:

cd %systemroot%\system32\sysprep

then type:

sysprep /generalize /oobe

A brief prompt will come up as it prepares your install then it will shut down the VM.  Once that happens, start the VM back up and it will take you through a prompt similar to when you installed the OS.  Once done, you will be back at the desktop.  If it asks for an Administrator password again, take note of what you use and write it down.  You are welcome to use the Haddaway example from above again.
Jumping back to the Sysprep process, you will need to do this for each image you clone from your VM template.  I also wanted to mention %systemroot% that is an environmental variable in Windows.  If you get to writing scripts, environmental variables are quite the blessing to your sanity.  You can use them in powershell to some extent also, so the fun pays off there.
Final ramble about SysPrep.  If you try to do this on an Image that had AD Roles and Features installed, it will likely not re-activate the 180 day trial for Windows Server and if it was an AD services image, it will likely error on the sysprep process.  That's why we have our base image 🙂

Let's wrap this up getting you a domain created.  Starting off, let's set this machine to have a Static IP Address.  In the TaskBar down in the lower right by the Time, right-click the Network icon and then click 'Connections': Ethernet.  On the Ethernet status page, click Properties then Internet Protocol Version 4 (TCP/IPv4)  In the screencap you can see I went with:
10.0.2.10 on a /24 Subnet (AKA 255.255.255.0)

Pick a default gateway that will be the same for all other VMs made, intended to connect to this AD setup.
For the DNS, I put it's own IP but 127.0.0.1 (loopback) works too.  If and when you add a second DNS and AD Server, I highly advise making your second DNS server be the IP of that other DC.  It will make domain fail-over really easy and reliable if you shut down your primary DC or practice a patching cycle like as would be done in a production setting.

Another good thing to do, is Changing the Computer Name.  By default it will be something like 'WIN-StringofTextandNumbers'.  For sanity's sake you can rename this to 'WinDC01FTB' or something more descriptive.  To change the computer name, bring up an Explorer window then right-click on 'This PC' then select Properties.  Click Change Settings to change the Computer name, then reboot as it will ask you to do.

When you run the AD wizard without setting a static IP address, it will give you a warning about resolution issues.  So that's why we took care of that before using the Server Manager to add roles and features.  Take my word on it being annoying to change a computer name, once you add roles and services.  Planning to do the PC name change before adding roles will save you headaches.

Since we are in VirtualBox, select Devices menu then the 'Insert Guest Additions CD Image' if you would like to use options such as 'Shared Clipboard' and 'Drag and Drop' files.  Once the image is mounted in your VM, run the installer from it's CD drive then reboot when it's finished as it will prompt.  This is helpful for when you want to get or send files and text to the VM and your actual desktop machine.  Unless you like manually retyping scripts, I'd suggest adding these Guest Addons.
 

Wrapping this guide up, I am pivoting to a helpful guide for Installing AD Services:
http://www.rebeladmin.com/2016/10/step-step-guide-setup-active-directory-windows-server-2016/
Jump to Step 4 and it will show you click for click on adding the Active Directory Domain Services under Server Manager | Roles and Features.

I am going to present a bit of a shortcut / cheat.  Instead of clicking lots of next boxes, we can supply the config options by use of Powershell.  The below is the script I saved from the Wizard when it presented 'Export Configuration Settings'.  You can run this in a Powershell ISE window or save it to a text file and add a .ps1 on the name to make it a powershell script.

If you get an error, be sure the AD Directory Services modules are installed.

Install-WindowsFeature AD-Domain-Services

will run the PowerShell so you don't have to add it by using the server administration wizard.

#
# Windows AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "hivelan.int" `
-DomainNetbiosName "HIVELAN" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

This should let you spawn your Domain as if you entered these values in the Wizard.  In this setup we are calling the domain 'Hivelan.int', with a classic domain name of just Hivelan (for Window NT level old support).  On a reboot you should be able to login to the Domain you just created.

From here, the virtual domain is your oyster.  You can make another clone of your Template machine, sysprep it, then join it to the domain.  Since we didn't add the DHCP Server role to the current DC, go into your IP options and set all the IP info the same, except the IP address where you want the last octet (4th block of 3 digits) to be different than .10.
Then once on the same IP Space (your 255.255.255.0 subnet, means you can have an IP of 10.0.2.1 - 10.0.2.254).  Go into System Properties on this new VM.  Change your Computer name if you wish but the real objective is to change from a Workgroup to a Domain.  Enter 'Hivelan.int' as your domain and it should prompt for the Administrator account and Password.  You can always make a second domain admin account if you wish, but that boils into using Active Directory Users and Computers in Administrative Tools.

Once you add this machine to the domain and reboot, jump back into the Server Manager to add the Active Directory Domain Services on this machine, but we will say 'Add to an existing domain'.  Click Next until it's finished.

This guide got a little longer than I intended but I will stop here for the time being.  You can then make another clone of your Template VM and use that as a machine not on the domain.  Give it an IP address in the allotted space and you can use that for running Wireshark to see what kind of traffic you see.  You can then add that machine to the domain or make another VM clone to see how the traffic differs for a machine that is added to the domain.

Hopefully that helped get you into a test Windows environment and gave some help on getting started with VirtualBox.  If you have the funding and another Virtual Machine platform you like more (like XenServer or VMware), most of the concepts and options should be transferable and have similar naming.

Before you install, be sure if you are using a RaspberryPi or whatever device, that your user password is one of your own.  You do not want to go default with your LAN traffic.  If you wanna log a fun time, you can use one of these for short-term logging a little CTF monitoring style.  Logs are configured to purge after a few days on your standard Pi-Hole install. Please be sure to update your OS image with latest patches via said package manager.  In my case I set the primary network connection to a static address.  I have the service connection IP address details to use the actual router as DNS server.  Since all your other network DNS will be set to the fixed IP Address you bound to your Pi-Hole installed device.
SSH is likely disabled.  I like to administer my SSH session by serial to usb in the case of my Raspberry Pi installs.

Follow the install guide and advisory on their site about the bash | pipe install.  Quick comes at a trade off when you do not review the install process part for part.  If you go for the easy install and read the disclaimer, you can run the single line install:

curl -sSL https://install.pi-hole.net | bash

This thread is for administering and keeping yours updated, as with my configuration I ran into update issues using just the one connection.  Details ahead cover enabling a second connection to fetch updates, since you will have the primary network connection with a set IP address that handles DNS requests handed off from your router / main DNS device on your network.

To do updates to the OS and Pi-Hole local web services device / OS, I disable the service network connection to resolve conflicts of web requests to get out locally.  All the LAN clients will be fine getting pages.  In this case, I suspect the localhost calls in the Pi-Hole logs relate to my network layout and the device being bound to serve back to itself.  When logged into the [deviceIP]/admin configuration page I would also get failures to resolve list update servers.

Having plugged in a second USB NIC or using Wireless as an update connection, I ran the following commands to handle my network adapters.  Turning off the static address service NIC. In most cases likely eth0 as shown below

sudo ifconfig eth0 down

Do some pings and the like to see they should now resolve.  Do your updates etc for the OS.  In my case, Raspbian on a Pi 3.

Once those finish, load up the Web Admin panel for your Pi-hole install. Get your ip address for the active network connection with:

ifconfig

Connect to that IP address in a web browser and add '/admin' into the address bar at the end of the IP Address without the quotes around the path.

Login with your admin password to the admin panel and you should now be able to see updates are pending.  You need to start with the FTL update.  To do this, return to your SSH session.  As I mentioned I am working with serial over USB, but you can enable SSH over network if you so desire.  One more service for a network heavy component, so choose of your own accord in concern to security to conveinence.
On that SSH console, run:

pihole -up

Wait for the updater to get and deploy the new FTL version.  You will likely also be treated to the Web Interface and Pi-Hole version also being to current revisions.  Great!  Almost updated and running live AdBlocking again.
Still on your console, seeing the update completed you want to turn back on the main network connection we disabled for updating.

sudo ifconfig eth0 up

Overviewing network setup above:
Main Internet router will be your DNS server on the Pi-Hole device.  Manually set client DNS or change your DHCP server to set client DNS to the static address of your Pi-Hole install. (192.168.0.1 default-ish router)  Check your current IP config to get details if you do not know current network base configuration.
On the Pi-Hole install, set the primary network adapter to an address in that subnet (say 192.168.0.10)  Make sure DHCP server /or/ router will not also try to assign that address in it's pool.  The Pi-Hole DNS primary will be set to your local router (as above default-ish router 192.168.0.1)

I hope to have avoided huge gaps or inflected confusion in this thread. Jolly adblocking.  Even if you like making money from it, you have to know it is a vulnerable vector and kind of a shaky market.  I'm not here to tell you what to do, I'm sharing details to help block them on places that run them without respect to visitors.

• “This app is no longer available.” message comes up about CPUID CPU-Z. I had version 1.80.0 installed.  Latest is version 1.88.0 and updating should have resolved that.
  Still, the app removal feature of Windows 10 seems to be quite old based off the 2015 date for the build listed in the WindowsClub link from Version 1511.
• In my Taskbar applications, one of my pinned files said it was missing.  Browsing to the path opened the file fine.
  To resolve, I removed the existing pinned filename, then I just dragged the icon for the file down to the taskbar shortcut and had a 'Pin to AppName' option that applied when I let go of the mouse button.

For point of reference I wanted to confirm what recent updates installed on my PC.  We could do it via Add/Remove programs and view them by date but we out here trying to notate this, so let's run some PowerShell.

Get-Hotfix

Running this will give similar formatted results.

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------              
COMPYX86      Update           KB4483452     NT AUTHORITY\SYSTEM  4/13/2019 12:00:00 AM
COMPYX86      Update           KB4462930     NT AUTHORITY\SYSTEM  4/13/2019 12:00:00 AM
COMPYX86      Security Update  KB4493478     NT AUTHORITY\SYSTEM  4/13/2019 12:00:00 AM
COMPYX86      Security Update  KB4493510     NT AUTHORITY\SYSTEM  4/13/2019 12:00:00 AM
COMPYX86      Security Update  KB4493509     NT AUTHORITY\SYSTEM  4/13/2019 12:00:00 AM

Side note to add links for that Get-Hotfix syntax at SS64 and Microsoft Module Documentation.  There are some nice flags on there, especially for managing multiple machines.

Oh hey. My laptop installed the same 5x updates and also prompted me with a 'Welcome to the October Update' banner in Edge. Keep in mind I deliberately change my home machines to Semi-Annual Channel that means 'ready for widespread use in organizations' instead of the default Advanced Updates setting for Semi-Annual Channel (Targeted) that means updates are ready for 'most people', as that namely tends to mean Public Test Channel.

Perhaps one of those 5 updates invoked the compatibility check feature to run again but I will stop here for now, since that is a good jump off point.

ffmpeg -i in.mov -map_metadata -1 -c:v copy -c:a copy out.mov

Once this finished, run Exiftool again to confirm that sea of data, is now much smaller than it was previously.  For extra fun and confirmation, look for DJI_ images and have fun confirming GPS coordinates from those photos or videos to GPS coordinates on Google Maps.

gdisk -l /dev/yourDrive

to cross reference the raw partition values to what you may see in Gparted.

Partition results should look similar to below:

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048          292863   142.0 MiB   EF02  
   2          292864         2390015   1024.0 MiB  EF00  
   3         2390016       275019775   130.0 GiB   8300  
   4       275019776       288692223   6.5 GiB     8200  

I have been a fan of combing information security news and rss feeds for years. Largely because if a flaw is unknown then it gets a published release, you can bet it will be more commonly used against that package or program. Keeping up on things helps prevent intrusions and unscheduled downtime, as that is my intent to avoid dealing with both issues. As usual I will add some dialog and overview to the articles, to save you time reading them all, and possibly getting a chuckle out in the process.

# getEventLogs: Maintenance collection script.

$boxName = $env:COMPUTERNAME
$outEvt01 = ".\$($boxName)_EventLog_Apps.csv"
$outEvt02 = ".\$($boxName)_EventLog_System.csv"
$outSvc01 = ".\$($boxName)_Service-RunStates.log"
$outPorts01 = ".\$($boxName)_Network-Ports.log"
$outTask01 = ".\$($boxName)_Tasklist.log"
$outSchTsk01 = ".\$($boxName)_Scheduled-Tasks.log"
Filter timestamp {"Logs collected at $(Get-Date -Format "yyyy-MM-dd HH mm ss")"}

# Application Event Log most recent 100 messages.
Get-EventLog application -newest 100 | Export-Csv $outEvt01
timestamp | Out-File -Append $outEvt01 -Encoding ASCII
Get-EventLog system -newest 100 | Export-Csv $outEvt02
timestamp | Out-File -Append $outEvt02 -Encoding ASCII

# Collect service list and current state of each.
Get-Service | Sort-Object status | Format-Table -AutoSize | Out-File $outSvc01
timestamp | Out-File -Append $outSvc01

# Get process list with relevant details at time of script exec.
cmd /c netstat -aon > $outPorts01
timestamp | Out-File -Append $outPorts01

cmd /c tasklist > $outTask01
timestamp | Out-File -Append $outTask01

Get-ScheduledTask | Select TaskName, State, TaskPath | Sort-Object -Property TaskPath | Format-table -wrap | Out-File $outSchTsk01
timestamp | Out-File -Append $outSchTsk01

# Wrap all these output into update state / append single file.

# Stamp date and Time into said merged output.

Starting out at the top, I defining a variable for the powershell equivalent of environmental variables in the OS like %computername%.  Trust me here, you don't want to try and call a %variable% in a powershell script.  That's what line 1 is for.

Each of the following defined variables are my output paths for the collections.  I use .csv exports for larger data sets, since the default Table outputs can heavily chop data to fit the terminal output.

Brief OCD DBA note.  Being a fan of Databases and Microsoft SQL, I really value a good | (pipe) to run:

| Select *

after a command.  You can filter that raw output for fields you want to have outputted by writing a custom Select pipe.  There is an example of that for Scheduled Tasks, I just wanted to word out the logic as that took me some time to figure out that is how I can see what my options are for selecting output fields.

The other variables for file path are so I do not have to add the same string twice or more.  As you can see on the actual commands, I add an Out-File -Append to insert the Date string to each file.

Filter timestamp is my means for defining the date output string.  That time will be for when the script is run, so each file will have a matching output time.  Think of filter in this context as an easier Function.

The rest of the script uses either Powershell cmdlets or OS level commands to obtain the data I am looking for and saving to the output files.  I experimented both ways to see what output best matches the task and output I want to work with.

The Export Events logs are pretty simple in calling the 100 most recent events, saving that to a .csv, then adding the Date string at the end of said file.

Service list is sorted and exported to a .log file with the Date string added (as the date will be added for the other 4 output files as well).

' cmd /c ' calls a windows command but ignores keywords for powershell on that line.  Huge helpful thing to know when trying to process content by use of an OS-level command.  Otherwise you will see really esoteric issues you would rather not have to figure out the secret means of why they are failing.  cmd /c is quite nice.  FYI.

Neat.  We are at the part I rambled above in relation to databases and filtering content.  I did not need many of the details in the raw output from showing all the parameters of that Powershell cmdlet.  Selecting the relevant fields, I then sort based on the TaskPath field (to put the non-OS tasks first in the list), apply a -wrap text for the Format-Table output of that cmdlet, then output the data into a local file.

I have done some scripts with loop and condition evaluations but I will stop here for the moment.  If you want to gather some information about an environment, hopefully this example gets you in the right direction for your data collections.

Let me end with a link to a great resource. SS64 has some good resources and examples.  They have been very helpful in conjunction with the Windows Powershell manuals.

• Local Policy
• Security Options
• User Account Control: Admin Approval Mode for the Built-in Administrator Account
• Enable this then logout then back in

Overview objectives:
- Stop camera from saving GPS to photos.
  - This is in your Camera App Settings, not System device settings.
- Device Settings:
  - Lock Screen and Security:
    - Set lock mode and passcode to unlock device.
      - Password, PIN, Pattern, Swipe, None.
      - Biometrics. Face, Iris or Fingerprints
        - I do not use or particularly like any of the biometric means for device locking.
        - App Shortcuts: Define what apps can be used while phone is locked (IE Phone calls and Camera)
        - Find my mobile. Anti-theft and traacking options for your phone.
          - Remove controls: Allows phone to be remotely controlled via your Samsung account
          - Google location service.  Allow GLS to give more accurate location info to where your mobile is.
          - Send last location.  Allow your phone to broadcast last location when battery hits a certain level of charge.
        - Encrypt SD Card.  Your files on the SD card will only work with your phone.  If phone is reset to defaults, you will not be able to read the encrypted files anymore and would have to re-format the card.
  - Secure Lock Settings
    - Secured lock time
    - Auto factory reset. After 15 failed passwords (will also erase all your data on phone)
    - Lock network and security. Prevents disabling Wifi and mobile data when your phone is locked, to make someone stealing your phone easier to track by device.
  - Notifcations.  Choose to hide notification messages on lock screen.
      - Define what apps can put notifcations on the lock screen.
      - Hide content of message on lock screen from displaying. (Highly suggested to be on)
      - Notification icons only.  Just show app icon without details, on lock screen.

- Device Settings
  - Location
    - Turn GPS on or Off.  Besides privacy and tracking being less accurate, this can save a large amount of battery life.  Turn this off when not needed for directions.
    - Google Location History.  You can disable this from saving where you have searched and have been.
    - Google Location Sharing.  Can share 'Real-time location' with someone of Google.
    You can turn both of these off and GPS maps will still work fine.  The sharing and history are not needed, just GPS being turned on.

- Device Settings:
  - Apps.
    - See installed apps
      - Review and define App-specific system-level Permissions granted to device.
      - Decide if you wish to disable some apps completely or uninstall them.
      - Review battery usage and mobile data use, per app.

- Device Settings:
  - About phone.
    - Shows phone number, model, serial number and IMEI.
    - Software Information.
      - Show Android version
      - Android patch level
      - Various system level information.

Lo and behold, I was visiting a couple days ago, and the same MacBook Pro (2015) rebooted to give the following error:
[auth] failed to write file <private>
At the bottom of an error log display.  if you have an nvidia MacBook Pro 2015) and update to 10.13.4, you're gonna have a bad time. https://discussions.apple.com/thread/8338509

I followed the suggestion to select the Boot Disk option, then to pick the Mac Hard Drive to have it boot normally.  This 10.13.4 issue looks to have just started again the other day (5/30).  Hopefully an update will address this, because a recovery log screen is pretty daunting, especially for someone who does not normally see error logs, as I will generalize and say is the case for many Mac users who do not work in tech.  Needless to say they were happy when I got it to boot back up and she will continue delaying the prompts to install updates on OS X.

• 228376

  January 2016

• 253698

  February 2016

• 244374

  March 2016

• 494842

  April 2016

• 611021

  May 2016

• 259013

  June 2016

• 529243

  July 2016

• 406937

  August 2016

• 2096766

  September

• 264421

  October

Since my firewall is a Zyxel device, I gave a look at the .csv delimited log output. Easily enough you can use a Data Import Wizard to spin the logs into some tables. Rough table to log structure is as such:

CREATE TABLE zy_2016-09 (
  time VARCHAR(50) NULL,
  source VARCHAR(50) NULL,
  destination VARCHAR(50) NULL,
  priority VARCHAR(50) NULL,
  category VARCHAR(50) NULL,
  note VARCHAR(50) NULL,
  sour_interface VARCHAR(50) NULL,
  dest_interface VARCHAR(50) NULL,
  protocol VARCHAR(50) NULL,
  message VARCHAR(250) NULL,
  col00 VARCHAR(250) NULL,

I am having fun crawling some output. Typically it's some sort of fancy OpSec to not say your type of network gear, but this is meant to be informative and hopefully helpful.

So let's crawl some queries and output in the next post.

We will be in the CLI, so all those nice GUI configs you are used to with newer devices, are not at your disposal. So we have this guide for logging in, going into enable mode, then showing certain configurations. This can help you map a network out, especially if you inherited it and want to document and know how it really functions.

Starting out: (Run a cable from the console port on said switch, to your machine Serial port.)

• Use PUTTY or a similar application to connect to COM1
• Press Enter 2x. You should then see Console of some sort
• Login when prompted for a password (or if none)
• type 'en' without the quotes. This will take you to config / enable mode.
• show ? will give you a list of available commands.
• Start with show version to get an idea what platform and version of iOS (or PiX) you are dealing with.
• show running-config will show you the currently running device configuration. Feel free to archive this into a flat file for reference later.
• show vlan is huge if you need to know the VLANs defined on the network.

  Note: Your core switch will have them defined, then other devices can reference those VLANs and route accordingly. IF you do not have a VLAN defined somewhere, it will be useless to use as a target.

That's my primer on dorking your way though some older cisco devices. Granted these methods will work or be very similar in current, CLI based cisco sessions. Happy explorations.