bpcNews

Oopsie kitty (php errors)

Tue, 12 Nov 2024 22:02:34 +0000

I've been busy but do still exist. I saw some PHP errors on the wordpress and forums. Changed my running PHP version to 8.1 and they are resolved. I was on an older PHP version so that is sorted.

Say you want to recover a saved password from Windows

Sun, 24 Sep 2023 21:14:54 +0000

Quick info as I forgot my Windows password and was going to fetch it from a saved Remote Desktop Protocol connection file (RDP). I have done this in the past to grab saved credentials from Windows Services using Run As User credentials. Theoretically, you could find the same for stored network shares too. I presume this still works for Windows 7 to 11 but now a days, this NirSoft recovery tool from 2014 flags as "malware". You can grab Remote Desktop PassView from NirSoft but you will likely need to disable defender to make it run. I made this thread as it followed my mental rule for making a note of something handy I used in the past. In my recent Windows 11 case this week, I forgot my main user password but logged in from another PC with saved RDP credentials, changed the password on a second local admin ( You can change another user's password without their old one, but while logged in locally as the same user, you need the current ( forgotten temporarily ) to change the current pass. Logging in as second admin, I could then reset local admin password to something new, without the existing pass being needed. I just made a crabby twitter comment ( as opposed to any other kind on there? ) about many No-CD fixes getting spirited away from Windows 7 onward and Defender's choice for 'bad files'. Typically removed with no notification or direct logging either. If you like it and want to archive it, store it on a Non-Windows based file server. Bonus random note of old: If you are logging into another device without a domain, you can set your username and password to the same on local and your network share or what have you. Most all the time, you will be able to connect without being prompted for a password, since they are already the same. Fun WiFi migration? Set your Access Point ( AP Network Name ) and password to be the same as a Wifi network you have already connected to. Your devices will be on the new access point without issue, most of the time. There are extra settings that could handle this change but the likelihood of them being a factor are very low. Save time migrating off access points and testing things or pretending to be an existing network, Auto-connect being a client default makes this extra handy based on whatever you may be working on or with.

cleaning my desk

Sun, 26 Feb 2023 22:24:50 +0000

I also just got an amazing art commission. @nono on Twitter ❤️

disk free space

Mon, 15 Aug 2022 16:32:57 +0000

Check for disk free space on Linux. I forget my df and du flags so often when I want to recall them, so a thread for my usages. df I think of as disk free. This will check the volume. du I think of as disk used. Filtering output with this will give details on specific files as you widdle your free space down. Ubuntu based terminal implied for most syntax, as container wranglers know we getting more shells than bash with the extra trim. Be ready to drop some flags if container hopping in a docker and or kubernetes environment.\ du -a / | sort -n -r | head -n 20 df -h for your volume basic needs. A little more filtered example below as handy if triaging a host computer needing free space back. du -ah /var/lib/docker/containers | sort -n -r | head -n 20

NAS

Mon, 22 Feb 2021 01:12:22 +0000

Curious what everyone is running as a NAS. I have been running a Lenovo (rebranded Iomega) ix4-300d w/4x2TB hard drives for a number of years but the NAS is filling up and I need more storage. Looking at getting a Synology 920+ but don't know much or even if it is remotely better than QNAP, for my usage, which is way cheaper. WD also makes relatively cheap NAS's but from online reviews they are not great. I know I can build my own or repurpose an old PC fairly easily but I like the low power / small form factor as what I have now sits in a cupboard and just hums away. I use it for storage and network play via DLNA, not on the plex train...yet.

wat up

Mon, 20 Jul 2020 01:26:45 +0000

Been a bit. I have been in a linux life and steeping through containers, inter-connectivity and uptime debugging. It has been busy and I learned quite a bit, as I continue to make efforts in. Trying to be a sociable at least present person again more. Hope you are doing well currently. Keep it up

Fresh up win10 Build 18362 proEd

Mon, 02 Sep 2019 02:02:56 +0000

Been a spell since last fresh OS install. You will find plenty of extra save files in %localappdata%. Save games and Oculus content especially, will tuck your save data into this folder. Direct link for the environmental goes into your local path of AppData is typically hidden in explorer views and command prompts. Happily we can run a cmd with a dir /a to show all files. Typing %localappdata% in explorer will also display the contents in AppData. Some of these folders have os bound configurations and links to other drive paths. For sane measure, select game or application specific content from these folders. Mainly your Local subdirectory of AppData. Most all of prior installed app and game items will be here, if not in your typical [yourUsername]\Documents path. 10.0.18362 Windows 10 fresh operating system installs will go very heavy in having you create an online account for machine login. Pro version of Win10 has an 'I will join a domain' option so pick this and continue making your new user account. Local machine will still create a username with no domain to authenticate with. This is cool if you wish to not have your credentials for login on an internet cloud username. Hard pass on that one. Speaking of domains, if you login locally and your account is not restricted for local login without domain, your domain password last used will remain as the local authentication. Pop onto your VPN at the office or bridge connection to said real domain, lock and unlock your workstation to update your AD (hopefully kerberos based) authentication to be synced. Local machines off a domain will keep their last login, until the next time they see a Domain Controller that does exist. However since you tend to need logon to a local device away from AD network before you logon, the cached previous version of your password will work until you try to establish new connections. Most of the time the password issues actually using a domain authenticated account, are not really clear from the error until you search for online common issues and causes. Save you some sanity there, when connecting back to an actual domain from your local computer, old pass works until you try and go onto other network devices and components. Skip Speaking of domains for being needed on a fresh install. I wanted to dump more details on how normal domain overview, in context to just using a local account with no active domain to authenticate login for. Sweet, you have an offline user account bound to your newly installed machine. The Windows10 installer will blast you with privacy options. Most all off disable sharing of resources to apps from the microsoft store and also your locally installed, traditional applications. You may very well want to disable Windows Store updating as well. While about turning off these privacy settings, you can also control this once the install wizard finishes from Settings. Control Panel still has most all of the traditional OS configuration options you are used to. However items like Cortana voice activation and web search by start menu can be controlled in the newer Settings area. Pressing Winkey + X will display the right-click list from your start button. If no mouse, arrow or shortcut underlined letters will work to open panels. Make a note of microphone and video camera use will be disabled if you decline privacy to allow sharing of default recording preferences. You can allow this for applications and moderate some to no Windows Apps from the store for these capabilities. I have been burned trying to use a new external microphone with the microphone permission to deny all sharing. It was quite sneaky and gave no clear indication of such when I tried to use it in OBS. [+| Draft up: Shortlist of common applications to be installed (can we silently and script deploy these?) Install graphics nvidia or amd driver. If using intel gpu you can leave in hands of os drivers. Moderate recycle bin options - Confirm before delete - Disable save to recycle bin What is the role of this install? - All-in-One multimedia - AV - Browsing Web - Editing - Games - Meme processing - ???

Quality

Wed, 08 May 2019 22:21:52 +0000

Missing out on an old staple to gripe about things like Virtualization being off default each bios firmware update version increase flash. Thank you for this stroll, I know there is plenty of old babble here through the years. I keep on that though just less a so here

add Audio Chapters for podcasts

Mon, 06 May 2019 13:59:13 +0000

Total stub thread. Been working on adding chapter content to some files. https://ffmpeg.org/ffmpeg-formats.html#Metadata-1 ffmpeg -i INPUT -i FFMETADATAFILE -map_metadata 1 -codec copy OUTPUT https://medium.com/@dathanbennett/adding-chapters-to-an-mp4-file-using-ffmpeg-5e43df269687 Testing: MP3 will work but VLC will not inherently show you the chapters. If you encode to mp4, it will. Other Audio Players do show chapters for an MP3 just fine though. ffmpeg -i 049_Hacks4Pancakes.mp3 -i metadata -map_metadata 1 -codec copy 049_Hacks4Pancakes00.mp3 note that the metadata before -map_metadata is my filename with the [Chapters] content. The math is a little silly, but each minute is represented by 60000. I used a spreadsheet in my case to come up with numbers.

Windows 10 patch cycles

Sat, 13 Apr 2019 15:28:23 +0000

Here is a thread to share any notable changes or concerns with Windows 10 or recent server builds. I start the thread with 10.0.17763.437 version of Windows 10. Two things jump out upon installing patches: “This app is no longer available.” message comes up about CPUID CPU-Z. I had version 1.80.0 installed. Latest is version 1.88.0 and updating should have resolved that. Still, the app removal feature of Windows 10 seems to be quite old based off the 2015 date for the build listed in the WindowsClub link from Version 1511. In my Taskbar applications, one of my pinned files said it was missing. Browsing to the path opened the file fine. To resolve, I removed the existing pinned filename, then I just dragged the icon for the file down to the taskbar shortcut and had a 'Pin to AppName' option that applied when I let go of the mouse button. For point of reference I wanted to confirm what recent updates installed on my PC. We could do it via Add/Remove programs and view them by date but we out here trying to notate this, so let's run some PowerShell. Get-Hotfix Running this will give similar formatted results. Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- COMPYX86 Update KB4483452 NT AUTHORITY\SYSTEM 4/13/2019 12:00:00 AM COMPYX86 Update KB4462930 NT AUTHORITY\SYSTEM 4/13/2019 12:00:00 AM COMPYX86 Security Update KB4493478 NT AUTHORITY\SYSTEM 4/13/2019 12:00:00 AM COMPYX86 Security Update KB4493510 NT AUTHORITY\SYSTEM 4/13/2019 12:00:00 AM COMPYX86 Security Update KB4493509 NT AUTHORITY\SYSTEM 4/13/2019 12:00:00 AM Side note to add links for that Get-Hotfix syntax at SS64 and Microsoft Module Documentation. There are some nice flags on there, especially for managing multiple machines. Oh hey. My laptop installed the same 5x updates and also prompted me with a 'Welcome to the October Update' banner in Edge. Keep in mind I deliberately change my home machines to Semi-Annual Channel that means 'ready for widespread use in organizations' instead of the default Advanced Updates setting for Semi-Annual Channel (Targeted) that means updates are ready for 'most people', as that namely tends to mean Public Test Channel. Perhaps one of those 5 updates invoked the compatibility check feature to run again but I will stop here for now, since that is a good jump off point.

Remove meta data from videos

Thu, 28 Mar 2019 01:52:21 +0000

I have some threads about removing metadata exif info from images with exiftool by Phil Harvey but if you try this on some .mp4 videos, you may find the details are still present. In this case, if you have a DJI drone, I highly suggest checking the exifdata. GPS and all sorts of other data is present and you may very well want to remove that from any content you upload. Remove exiftool metadata: ffmpeg -i in.mov -map_metadata -1 -c:v copy -c:a copy out.mov Once this finished, run Exiftool again to confirm that sea of data, is now much smaller than it was previously. For extra fun and confirmation, look for DJI_ images and have fun confirming GPS coordinates from those photos or videos to GPS coordinates on Google Maps.

grub-efi-amd64 error OS Install

Fri, 15 Mar 2019 12:31:04 +0000

Howdy. I wanted to share some issues I am having installing Parrot OS. Long story short, the partition tables are being setup wrong to allow Grub to install. If you search for grub-efi-amd64 error you may see people suggest rebooting and selecting the non-UEFI usb boot to install. This turns out to fail too. What we want, is a drive with: 1st partition: bios_grub 2nd partition: boot, esp (EFI is esp based drive) Your OS partition and other partition choices are yours. Be it one for OS and another for Swap, or carve out a dedicated /home partition. A buddy told me a dedicated home partition makes life easier if you have a multi-boot linux environment config where you want home directory data to be shared between each Operating System running a Linux-based OS. This guide on is very nice and detailed partition layout and configuration for GRUB. It also show us how using gdisk or fdisk -l will show the defined parition configuration. gdisk -l /dev/yourDrive to cross reference the raw partition values to what you may see in Gparted. Partition results should look similar to below: Number Start (sector) End (sector) Size Code Name 1 2048 292863 142.0 MiB EF02 2 292864 2390015 1024.0 MiB EF00 3 2390016 275019775 130.0 GiB 8300 4 275019776 288692223 6.5 GiB 8200

SQLite crash-course

Tue, 19 Feb 2019 20:14:03 +0000

Backstory for this thread is I have a project where I want to review SQLite data. SQLite is more a less, a compressed database in a flat-file. Usage tends to be for storing application data, especially in the case of mobile apps. In my case I wish to query quite a bit and to do so across multiple databases. As I have the most database experience in MsSQL, I am exporting data from SQLite so I can place it into a MsSQL Database for better querying and results. There are a few GUI tools for reviewing SQLite databases but if you want to collect data from them outside of their native application, this is where and why I am exporting and importing the data into Microsoft SQL Server. You could do the same with MySQL and your usage would be slightly different (in the case of using ` instead of ' [single quote]). So pick the database platform you are the most comfortable with or like more. Task 01: Reading the SQLite Database. You can open up the .sqlite in a text editor but as I noted it being compressed, your results will essentially be gibberish characters. While there are some plaintext values, we want the actual raw data set. This will look like your standard database dump / csv / tables view. Task 02: Running SQLite. Let's grab a download of the SQLite binary. Pick your OS of choice. In my case I am a Windows main user so I grabbed the sqlite-tools-win32-x86-3270100 windows binary and extracted it to a target folder. Once extracted we will see sqlite3.exe. Get used to running this, as this will get us into the SQLite console. Task 03: Reading the SQLite database(s). Starting off, let's grab a copy of the .sqlite file you want to read and paste a copy into your extracted SQLite tools folder. I tried full path loading to my sqlite data file but it was giving me issues. Instead of fighting with that, I just pasted a copy into the same folder as sqlite3.exe we will be running. This is a helpful document on the SQLite website for querying as well. Once your .sqlite file is in the same folder, bring up a command prompt (cmd.exe) into that folder. I recently learned a nice trick about getting a cmd prompt into a current folder in explorer. Browse to said folder and in the address bar, replace the filepath with 'cmd.exe' (without quotes) and you will get a command prompt into that folder. Saving you from changing your drive letter and folder path in the command prompt. In this cmd window, start by running sqlite3.exe. By doing so your console will change to sqlite> as you are now running sqlite. .help will give you all the available options. Below I will give you a cheat guide in the case of how to: Load a database, select a table, set your export mode and to export the table contents to a flat file! Yeet .open 'SQLite_DB_in_folder.sqlite' .tables .mode csv .header on .output filename.csv select * from table; .quit - For the above console / code example, we start by opening the .sqlite database file. - List the tables in said database. - Set our export mode to CSV. - Export with header / column names as first row. - Output results of next line query to target flat-file. - Enter the query with desired table from listed .tables results (You can review these in console by just typing select statement in console, before you enter the .output line). - .quit exits sqlite3.exe console. I suggest exiting after an export or your output file will remain in use by the sqlite3.exe console connection. Step 04: Review your output then import to MsSQL, etc. Open up your output .csv files and they should look like plaintext output. With that being the case you should be able to import them into the relational database system of your choice and go wild querying away! I should end noting you can also query from the SQLite console too, but since I am looking to compare a large amount of data from various databases, I will import these exported tables into one database on MsSQL with different tables for each. Note: Your exported .csv will NOT have column labels. It may be easier to just add them to the first line for each of your exports! Thanks for reading and have fun heccing all the things!

GitHub I Has

Wed, 30 Jan 2019 08:09:00 +0000

Hey yo, peep my soundcloud Github. https://github.com/botsama I do have some pretty dope playlists made on SoundCloud though. Haha. Most all of the PowerShell scripts, I showed and explained on ThugCrowd (Twitch). Get back episodes on your favorite podcast service! https://thugcrowd.com

Podcast and Encoding guide

Tue, 15 Jan 2019 23:29:27 +0000

Encoding Guide. Overview on encoding video, stripping audio and preparing to submit a podcast. Prerequisites: Use whatever OS you like! I have encoded using the same utilities on Linux, but in this case I'm using Windows. Mac support should be comparable as well. mplayer ffmpeg your favorite text editor some patience while files encode A means to download source stream files. I am using Twitch Leecher in our case. Since I am talking about Twitch being our source file, I use Twitch Leecher to grab the raw .mp4 file from Twitch.tv servers. For point of reference your 720p video if it is 2 hours, it will be approximately 2.2 GB! Shit, that's a pretty big file. Your size to time ratio may vary but that puts into perspective the next step. Encoding to .avi files. Before we start, make sure you grabbed mplayer and ffmpeg. For the Windows heads, let's make this easy and pick a folder for encoding files. Let's say D:\encodes You can set paths and stuf for mencoder and ffmpeg, but let's be lazy and drop those extracted files into D:\encodes. As you may guess, we will also copy the raw .mp4 file we want to encode into the encodes folder too. Next step: let's prepare the encode scripts. Considering you might be doing this for more than one episode, let's just gear up to batch this process out for multiple files and to make your task easier, for each new episode. Pause for giving an overview of our process: Download the raw file Encode it with Xvid to trim some of the file size down Make an MP3 to strip the audio Run a maintenance task to make sure the timing index (You'll see why below) Upload your files somewhere for people to get them (Optional) Make an XML RSS Feed for your Podcast submissions Sample Windows Batch file to make an .Avi: @echo off echo Cooking it up mencoder "041_AndrewMorris_GreyNoise_io.mp4" -ovc xvid -xvidencopts bitrate=1800 -o "041_AndrewMorris_GreyNoise_io.avi" -oac mp3lame -lameopts abr:br=192 The 1st .mp4 is your source, I'm setting the bitrate for video to 1800 kbs, -o is outputting the encoded Xvid .avi and the the audio track is being encoded at 192 kbs bitrate for the same .avi output file. Neat. So now that we have a newly encoded .avi file. Be a good encoder and test it! Granted if one works, you should be golden for your other encodes. Remember, that's why we are scripting it too. Nice way to save some sanity while gaining consistency. This will not be an instantaneous process. I want to say my average FPS encoding is about 70 to 90 FPS when encoding the video. So be prepared for that. Next up: Let's cook up some tasty MP3s. In this batch script, we are going to extract the audio from the raw .mp4, but label it as fixTimings.mp3. Try to just run that encoded file and you will see the timing for the track is all broken and randomly changing. that may have been fixed in a later version of mencoder, but I call ffmpeg to fix it. @echo off echo Cooking it up mencoder "041_AndrewMorris_GreyNoise_io.mp4" -of rawaudio -oac mp3lame -lameopts abr:br=192 -ovc copy -o "041_AndrewMorris_GreyNoise_iofixTimings.mp3" echo Sync Audio ffmpeg -i "041_AndrewMorris_GreyNoise_iofixTimings.mp3" -acodec copy "041_AndrewMorris_GreyNoise_io.mp3" As you can see in the ffmpeg call, I use the source file with bad timings and make a corrected .mp3 with the proper time tables. Luckily, encoding just audio is crazy faster than doing video and audio. On an Intel i7-7700k setup I do about 550 FPS in respect to speeds. As I mentioned previously about the videos TEST YOUR OUTPUT FILES! Once you have the first few good, you should have no shock or issues processing later files. Getting into writing an RSS feed in XML: Let me stop here for now, as the next steps would be uploading your encoded files, writing a RSS feed in XML then submitting that to various podcast services (iTunes, Spotify, Google Podcasts). You can always view source of your favorite podcast (Duh, it should be ThugCrowd) and edit to your whim. While most web browsers do not display RSS feeds in a nice format anymore besides OG Firefox engine (IE: PaleMoon web browser), you will see the XML displayed that is key to being processed by the podcast services. None of the podcast services host your content, they basically point to your RSS XML feed and the file paths you specify for each episode. So you will want formidably reliable a host. As I mentioned, there are some specific tags for iTunes you should specify to make sure your podcast gets listed. Out of respect for your listeners, be sure to add the date of episode, file size and track length. It should also help you get listed since you gave good info out of the gate, before submission. Then when you have a new episode, just add a new Item block with the relevant criteria and you have updates or all your subscribers to know there is a new episode! Ok that is the end of this guide for now.

Powershell Log collection

Tue, 25 Sep 2018 18:25:41 +0000

I have been doing a bit of powershell to configure and interact with various Windows versions. I built up some core scripts to use as my own kind of workshop for system review and administration. I wanted to drop an example script to chat about. One of the things I struggled to understand starting out was string substitution and being able to define a variable that would also consistently output to a file path of my choosing. TL;DR on that resolution is to wrap the other variable you are calling (example: file paths) in a $() block. As seen below, I call my Computername environmental variable so it can be used in the output of file names and logs. # getEventLogs: Maintenance collection script. $boxName = $env:COMPUTERNAME $outEvt01 = ".\$($boxName)_EventLog_Apps.csv" $outEvt02 = ".\$($boxName)_EventLog_System.csv" $outSvc01 = ".\$($boxName)_Service-RunStates.log" $outPorts01 = ".\$($boxName)_Network-Ports.log" $outTask01 = ".\$($boxName)_Tasklist.log" $outSchTsk01 = ".\$($boxName)_Scheduled-Tasks.log" Filter timestamp {"Logs collected at $(Get-Date -Format "yyyy-MM-dd HH mm ss")"} # Application Event Log most recent 100 messages. Get-EventLog application -newest 100 | Export-Csv $outEvt01 timestamp | Out-File -Append $outEvt01 -Encoding ASCII Get-EventLog system -newest 100 | Export-Csv $outEvt02 timestamp | Out-File -Append $outEvt02 -Encoding ASCII # Collect service list and current state of each. Get-Service | Sort-Object status | Format-Table -AutoSize | Out-File $outSvc01 timestamp | Out-File -Append $outSvc01 # Get process list with relevant details at time of script exec. cmd /c netstat -aon > $outPorts01 timestamp | Out-File -Append $outPorts01 cmd /c tasklist > $outTask01 timestamp | Out-File -Append $outTask01 Get-ScheduledTask | Select TaskName, State, TaskPath | Sort-Object -Property TaskPath | Format-table -wrap | Out-File $outSchTsk01 timestamp | Out-File -Append $outSchTsk01 # Wrap all these output into update state / append single file. # Stamp date and Time into said merged output. Starting out at the top, I defining a variable for the powershell equivalent of environmental variables in the OS like %computername%. Trust me here, you don't want to try and call a %variable% in a powershell script. That's what line 1 is for. Each of the following defined variables are my output paths for the collections. I use .csv exports for larger data sets, since the default Table outputs can heavily chop data to fit the terminal output. Brief OCD DBA note. Being a fan of Databases and Microsoft SQL, I really value a good | (pipe) to run: | Select * after a command. You can filter that raw output for fields you want to have outputted by writing a custom Select pipe. There is an example of that for Scheduled Tasks, I just wanted to word out the logic as that took me some time to figure out that is how I can see what my options are for selecting output fields. The other variables for file path are so I do not have to add the same string twice or more. As you can see on the actual commands, I add an Out-File -Append to insert the Date string to each file. Filter timestamp is my means for defining the date output string. That time will be for when the script is run, so each file will have a matching output time. Think of filter in this context as an easier Function. The rest of the script uses either Powershell cmdlets or OS level commands to obtain the data I am looking for and saving to the output files. I experimented both ways to see what output best matches the task and output I want to work with. The Export Events logs are pretty simple in calling the 100 most recent events, saving that to a .csv, then adding the Date string at the end of said file. Service list is sorted and exported to a .log file with the Date string added (as the date will be added for the other 4 output files as well). ' cmd /c ' calls a windows command but ignores keywords for powershell on that line. Huge helpful thing to know when trying to process content by use of an OS-level command. Otherwise you will see really esoteric issues you would rather not have to figure out the secret means of why they are failing. cmd /c is quite nice. FYI. Neat. We are at the part I rambled above in relation to databases and filtering content. I did not need many of the details in the raw output from showing all the parameters of that Powershell cmdlet. Selecting the relevant fields, I then sort based on the TaskPath field (to put the non-OS tasks first in the list), apply a -wrap text for the Format-Table output of that cmdlet, then output the data into a local file. I have done some scripts with loop and condition evaluations but I will stop here for the moment. If you want to gather some information about an environment, hopefully this example gets you in the right direction for your data collections. Let me end with a link to a great resource. SS64 has some good resources and examples. They have been very helpful in conjunction with the Windows Powershell manuals.

2018 D33'z Build

Tue, 04 Sep 2018 23:02:45 +0000

Attached is the specs of the new build! Last full build was Sept 2011 (In a older post here) CPU: AMD Ryzen Threadripper 2950X Processor (YD295XA8AFWOF) COOLING: Thermaltake Water 3.0 Ultimate 360mm Aluminum Radiator Triple Curve Fans AIO Enthusiast Liquid Cooling System CPU Cooler MEM: Corsair Vengeance RGB PRO 32GB (4x8GB) DDR4 3600MHz C18 LED Desktop Memory MOBO: ASUS ROG STRIX X399-E GAMING AMD Ryzen Threadripper TR4 DDR4 M.2 U.2 X399 EATX HEDT Motherboard with onboard 802.11AC WiFi, USB 3.1 Gen2, and AURA Sync RGB Lighting HD: Samsung 970 EVO 1TB - NVMe PCIe M.2 2280 SSD (MZ-V7E1T0BW)

Windows 10 Settings error Apps and Features

Wed, 29 Aug 2018 18:06:47 +0000

Say you are trying to use Settings | System | Apps and Features but you get an error along the lines of "windows cannot access the specified device path or file. you may not have appropriate permissions" trying to uninstall a program. You can also get a hard error and better search cross reference by clicking Manage optional features when in the Apps and features screen. This applies to Windows 10 and Server 2016. In my case I am on Server 2016 Standard Eval Version 1607 OS Build 14393.2273. Stepping back on the error, you might thing it a permission issue but in my case I was logged in as domain administrator. Base searching might have you remove and recreate your user profile but that is a waste of time and irrelevant to the issue. Don't waste your time messing with the profile. You can confirm in Control Panel that using that Programs and Features works without error to uninstall programs. Thanks to clicking the Manage optional features of Apps and features, I got info on the systemsettingsadminflows.exe to better search against my issue. Thanks to this page, I followed the secpol.msc steps to change a local policy to allow access for 'Admin approval mode'. Once I enabled that option and did a log out and back in (shutdown -l), I could use the Apps and features portion of settings without cryptic error. Local Policy Security Options User Account Control: Admin Approval Mode for the Built-in Administrator Account Enable this then logout then back in Hopefully that helps you avoid the black holes that can be searching for unable to uninstall program in windows with via settings, or similar strings.

Make a VM Lab for Active Directory

Mon, 23 Jul 2018 19:06:54 +0000

Ad Build Guide: Primer: I see quite a few people talk about wanting to do vulnerability research, yet not having much Windows exposure. It could be heavy bias on my part but for the roles i have seen, Windows is pretty dominant in the wilds of the business world. The intent here is to learn more about Windows domain environments by building a test environment of our own to test on. Disclaimers apply to why we want to make a test environment: I really really really do not want to read about you getting arrested for poking a stick at some Windows environment you found in the wild, without having been granted permission to do so. It is really minor effort to find a server with Remote desktop protocol port open to the internet. Granted at this point in time, that should be considered negligence on the part of sites with that port open, but alas, that would not work as a defense for your sake. I have intended to write this guide with a minimal technical background being required, for the sake of welcoming more people to utilize it. Now that we got out of the way, let us start with the hardware and software used to build your Virtual Machine lab. + A modern desktop or laptop running an x64 processor. You can be running Windows, Linux or OS X for your desktop operating system, as we are going to use VirtualBox to build the VMs. The following guidelines can be applied to your Virtualization platform of choice, but I like VirtualBox for sake of cross-OS Virtual Machine migration and price point for running VirtualBox. + 16 GB RAM or more is preferable. You could get by with less but may find your VMs running low for resources and have less options for multiple, concurrent running VMs. + A SSD drive. Running on an SSD will greatly speed up time to copy an existing VM and also improve desktop performance of the VMs. You can get by on a HDD, but you will wait much longer to clone a virtual disk image and your virtualized desktop OS might be laggy. Getting started, we want to install VirtualBox, make sure VT-x support is enabled (likely a BIOS setting you can set when your PC is booting up) and to download Windows Server 2016. We could go with older versions of Windows and poke those with a security stick, but if you are trying to get some viable business experience, I would jump into the more recent OS, particularly as many businesses have been lagging on their migrations from older Windows Server versions. There is no shame in learning and trying to also be marketable at the same time. VirtualBox: https://www.virtualbox.org/wiki/Downloads Windows Server 2016 Download the ISO image. https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016/ This will give you a 180 day trial install. So long as not doing so on the Domain Controller server with that role active, you can Sysprep the install to reset the timer and OS back to it's initial state. More on that further in this guide. While those download and you install VirtualBox, let's step back to overview your intent with this test lab. We are installing an initial Windows Server 2016 virtual machine. Once that is up, we will clone that image so we have a master control image. For the sake of this lab, let's leave the Master image intact then create 4x master clones. I'm going with 40 GB disk size for the VM, so roughly 200 GB will be used. Master Image (Do not change once all patched) Windows Domain Controller Microsoft SQL Server AppServer. This is optional if you want to save space and piggy-back your potential test application from the SQL VM. Client machine. Not necessarily on the domain. This will be your client device / scan box / non-domain network sniffer. Let's get started: From VirtualBox, click the New button to create a new Virtual Machine. Type: Microsoft Windows, Version: Windows 2016 (x64). Name this initial VM 'masterControlImg' for sake of reference. Click the box for 'Create a virtual hard disk now'. Let's set the Memory option to '2048' AKA 2 GB. Then click 'Create'. I want to add a note that the virtual machine name you enter here will also be the subfolder in your VMs folder for VirtualBox on your storage drive (on your actual main machine). You will get weird errors if you try to make a VM the name of a folder that already is in that folder. FYI to save you headaches on that note. Next will be the Create Virtual Hard Disk screen. Leave the path as-is since it will match the prior line about being in a folder named to your VM, 'File size' of 32 GB is fine (but I suggest 40 GB for when you start adding Active Directory services and Replication), 'Hard disk file type' to the default of VDI (VirtualBox Disk Image) is good, as is the 'Storage on physical hard disk' remaining set to Dynamically allocated. Good, now we can press 'Create' on the virtual hard disk screen. Now that VM is created, let's go into it's settings then onto the Storage tab. The second drive should be a CD icon and on the right side you will see a drop-down when you click the CD icon. Select 'Virtual Optical Disk File...' then browse on your local computer to where you saved that Windows Server 2016 ISO, click OK until you are back to your VMs listed on the 'Oracle VM VirtualBox Manager'. With the ISO mounted for Windows Server 2016, boot your VM to install. Hurry up and wait. Follow the prompts (you want Server 2016 with desktop experience) and select an Administrator password. For the sake of this lab, we can use 'Babydonthurtm3!' without the quotes. You will want to take note of this for later use, as this is the local administrator account for this install and your cloned virtual machines. Wait for the installer to finish and when done, it will let you login and see your desktop. Now the install process for Windows begins. End of the Windows install process. Let us login to this VM. Minimize Server Manager for now. We do not want to add any roles or features yet. Clicking the Settings Gear, we want to install Updates for our Template OS. This will likely take quite some time. Better to do it now than to need patching every other machine we make as well. Install the most recent windows update patches, reboot and log back in. Once the patches finish, shut this VM down. Avoid booting this VM into windows, since it will be our Source VM for new instances. Then back on the Oracle VirtualBox VM Manager, go to Settings for your VM, then Network. Change the Attached to from NAT to 'Internal Network'. You can make a custom name for 'intnetLab01' for ease of reference later, if you expand your VM labs. This setting will allow all the other VMs we spawn to communicate with each other. If you forget to do this step later for other VMs, come back here if you wonder why your VM cannot see the Active Directory Domain Controller. Clone machine image prompts: With all of this done, let's make a clone of this VM. We will name this Clone 'WinDC01_testFTB' or the like, as it will be the Primary Domain Controller for our Windows Domain. Be sure to check the 'Reinitialize the MAC address of all network cards' because you do not want the same MAC address trying to talk to another computer. That would also cause issues with DHCP and all sorts of networking issues you do not want. You do want to make it a Full Clone instead of a linked clone. Wait for the clone process to finish, then boot up your newly spun 'WinDC01_testFTB' VM. Log in to the desktop. Before you get started making this a domain controller, we want to SysPrep this machine. The action of this command will make it seem like a new windows install with the most important result being it will have a new SID / Windows Install ID. As you dig into active directory, you will see AD links the machine name to it's install ID / SID as a unique identifier. If that didn't make a lot of sense, know that running Sysprep will allow us to join each of our copied VMs into this test domain, without machine conflict issues. Click Start and then Run cmd.exe. If it's not prefixed with 'Administrator: Command Prompt' in the title bar, click Start, type cmd then right-click to Run As Administrator. In this prompt type: cd %systemroot%\system32\sysprep then type: sysprep /generalize /oobe A brief prompt will come up as it prepares your install then it will shut down the VM. Once that happens, start the VM back up and it will take you through a prompt similar to when you installed the OS. Once done, you will be back at the desktop. If it asks for an Administrator password again, take note of what you use and write it down. You are welcome to use the Haddaway example from above again. Jumping back to the Sysprep process, you will need to do this for each image you clone from your VM template. I also wanted to mention %systemroot% that is an environmental variable in Windows. If you get to writing scripts, environmental variables are quite the blessing to your sanity. You can use them in powershell to some extent also, so the fun pays off there. Final ramble about SysPrep. If you try to do this on an Image that had AD Roles and Features installed, it will likely not re-activate the 180 day trial for Windows Server and if it was an AD services image, it will likely error on the sysprep process. That's why we have our base image 🙂 Let's wrap this up getting you a domain created. Starting off, let's set this machine to have a Static IP Address. In the TaskBar down in the lower right by the Time, right-click the Network icon and then click 'Connections': Ethernet. On the Ethernet status page, click Properties then Internet Protocol Version 4 (TCP/IPv4) In the screencap you can see I went with: 10.0.2.10 on a /24 Subnet (AKA 255.255.255.0) Pick a default gateway that will be the same for all other VMs made, intended to connect to this AD setup. For the DNS, I put it's own IP but 127.0.0.1 (loopback) works too. If and when you add a second DNS and AD Server, I highly advise making your second DNS server be the IP of that other DC. It will make domain fail-over really easy and reliable if you shut down your primary DC or practice a patching cycle like as would be done in a production setting. Another good thing to do, is Changing the Computer Name. By default it will be something like 'WIN-StringofTextandNumbers'. For sanity's sake you can rename this to 'WinDC01FTB' or something more descriptive. To change the computer name, bring up an Explorer window then right-click on 'This PC' then select Properties. Click Change Settings to change the Computer name, then reboot as it will ask you to do. When you run the AD wizard without setting a static IP address, it will give you a warning about resolution issues. So that's why we took care of that before using the Server Manager to add roles and features. Take my word on it being annoying to change a computer name, once you add roles and services. Planning to do the PC name change before adding roles will save you headaches. Since we are in VirtualBox, select Devices menu then the 'Insert Guest Additions CD Image' if you would like to use options such as 'Shared Clipboard' and 'Drag and Drop' files. Once the image is mounted in your VM, run the installer from it's CD drive then reboot when it's finished as it will prompt. This is helpful for when you want to get or send files and text to the VM and your actual desktop machine. Unless you like manually retyping scripts, I'd suggest adding these Guest Addons. Wrapping this guide up, I am pivoting to a helpful guide for Installing AD Services: http://www.rebeladmin.com/2016/10/step-step-guide-setup-active-directory-windows-server-2016/ Jump to Step 4 and it will show you click for click on adding the Active Directory Domain Services under Server Manager | Roles and Features. I am going to present a bit of a shortcut / cheat. Instead of clicking lots of next boxes, we can supply the config options by use of Powershell. The below is the script I saved from the Wizard when it presented 'Export Configuration Settings'. You can run this in a Powershell ISE window or save it to a text file and add a .ps1 on the name to make it a powershell script. If you get an error, be sure the AD Directory Services modules are installed. Install-WindowsFeature AD-Domain-Services will run the PowerShell so you don't have to add it by using the server administration wizard. # # Windows AD DS Deployment # Import-Module ADDSDeployment Install-ADDSForest ` -CreateDnsDelegation:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainMode "WinThreshold" ` -DomainName "hivelan.int" ` -DomainNetbiosName "HIVELAN" ` -ForestMode "WinThreshold" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true This should let you spawn your Domain as if you entered these values in the Wizard. In this setup we are calling the domain 'Hivelan.int', with a classic domain name of just Hivelan (for Window NT level old support). On a reboot you should be able to login to the Domain you just created. From here, the virtual domain is your oyster. You can make another clone of your Template machine, sysprep it, then join it to the domain. Since we didn't add the DHCP Server role to the current DC, go into your IP options and set all the IP info the same, except the IP address where you want the last octet (4th block of 3 digits) to be different than .10. Then once on the same IP Space (your 255.255.255.0 subnet, means you can have an IP of 10.0.2.1 - 10.0.2.254). Go into System Properties on this new VM. Change your Computer name if you wish but the real objective is to change from a Workgroup to a Domain. Enter 'Hivelan.int' as your domain and it should prompt for the Administrator account and Password. You can always make a second domain admin account if you wish, but that boils into using Active Directory Users and Computers in Administrative Tools. Once you add this machine to the domain and reboot, jump back into the Server Manager to add the Active Directory Domain Services on this machine, but we will say 'Add to an existing domain'. Click Next until it's finished. This guide got a little longer than I intended but I will stop here for the time being. You can then make another clone of your Template VM and use that as a machine not on the domain. Give it an IP address in the allotted space and you can use that for running Wireshark to see what kind of traffic you see. You can then add that machine to the domain or make another VM clone to see how the traffic differs for a machine that is added to the domain. Hopefully that helped get you into a test Windows environment and gave some help on getting started with VirtualBox. If you have the funding and another Virtual Machine platform you like more (like XenServer or VMware), most of the concepts and options should be transferable and have similar naming.

Task details grep-like output filtering

Thu, 12 Jul 2018 11:54:10 +0000

Say you are checking you tasklist output for a certain Windows process id (pid) that matches your netstat -o output. These commands are helpful but matching the output can be annoying, even if you output them to a text file. By the way, context wise this process is a throwback to the Bitcoin Miner Malware removal thread, as it could help for any open port you want to reference back to a running process. If you want to see what said PID in your netstat output is with a single CLI string, here is a helpful pipe option. tasklist | findstr "PID#" IE: running tasklist | findstr "812" on my system throws details on wininit but also shows other process IDs with 812 in them. I think of this as a light grep-like command you can do in Windows. Like Linux, '|' (piping) will take the output of your first command and run the 2nd command against it. The tasklist find is a common and moderately easy grep-like thing you may want to do often if you are checking a machine for open ports and trying to correlate what process details are for said PID linked to those open ports.

Android security overview

Wed, 13 Jun 2018 01:28:06 +0000

I will edit this over time but I wanted to have the thread up to start with. Overview objectives: - Stop camera from saving GPS to photos. - This is in your Camera App Settings, not System device settings. - Device Settings: - Lock Screen and Security: - Set lock mode and passcode to unlock device. - Password, PIN, Pattern, Swipe, None. - Biometrics. Face, Iris or Fingerprints - I do not use or particularly like any of the biometric means for device locking. - App Shortcuts: Define what apps can be used while phone is locked (IE Phone calls and Camera) - Find my mobile. Anti-theft and traacking options for your phone. - Remove controls: Allows phone to be remotely controlled via your Samsung account - Google location service. Allow GLS to give more accurate location info to where your mobile is. - Send last location. Allow your phone to broadcast last location when battery hits a certain level of charge. - Encrypt SD Card. Your files on the SD card will only work with your phone. If phone is reset to defaults, you will not be able to read the encrypted files anymore and would have to re-format the card. - Secure Lock Settings - Secured lock time - Auto factory reset. After 15 failed passwords (will also erase all your data on phone) - Lock network and security. Prevents disabling Wifi and mobile data when your phone is locked, to make someone stealing your phone easier to track by device. - Notifcations. Choose to hide notification messages on lock screen. - Define what apps can put notifcations on the lock screen. - Hide content of message on lock screen from displaying. (Highly suggested to be on) - Notification icons only. Just show app icon without details, on lock screen. - Device Settings - Location - Turn GPS on or Off. Besides privacy and tracking being less accurate, this can save a large amount of battery life. Turn this off when not needed for directions. - Google Location History. You can disable this from saving where you have searched and have been. - Google Location Sharing. Can share 'Real-time location' with someone of Google. You can turn both of these off and GPS maps will still work fine. The sharing and history are not needed, just GPS being turned on. - Device Settings: - Apps. - See installed apps - Review and define App-specific system-level Permissions granted to device. - Decide if you wish to disable some apps completely or uninstall them. - Review battery usage and mobile data use, per app. - Device Settings: - About phone. - Shows phone number, model, serial number and IMEI. - Software Information. - Show Android version - Android patch level - Various system level information.

Mac OS X screens and updates

Sat, 02 Jun 2018 12:35:45 +0000

I have done some maintenance on Mac laptops before and have a Mac Mini myself. I haven't had any issues with the Mini, but I did with a 2015 Macbook Pro. Initial issue was some screen damage that looks like a residue stuck on the screen. Turns out that was an issue with some Mac models, including the Macbook Pro 2015 model due to the anti-glare coating they used. Fortunately, since they got their laptop at an Apple store, they had 4 year coverage and the repairs were free. There is also a recall / free replacement for the logic board. That repair was $575, before the cost was zeroed out because a warranty repair. The new screen was crystal clear again and the laptop continues to soldier on. We got this repaired in January of this year. Item Number Description Price Amount Due S1586LL/A Labor Charge, PBG4/MBP15" $ 100.00 $ 0.00 S5741LL/A Flat Rate 2 Repair Charge MBP15/MBP17 $ 475.00 $ 0.00 Total (Tax not included) $ 575.00 $ 0.00 Lo and behold, I was visiting a couple days ago, and the same MacBook Pro (2015) rebooted to give the following error: [auth] failed to write file At the bottom of an error log display. if you have an nvidia MacBook Pro 2015) and update to 10.13.4, you're gonna have a bad time. https://discussions.apple.com/thread/8338509 I followed the suggestion to select the Boot Disk option, then to pick the Mac Hard Drive to have it boot normally. This 10.13.4 issue looks to have just started again the other day (5/30). Hopefully an update will address this, because a recovery log screen is pretty daunting, especially for someone who does not normally see error logs, as I will generalize and say is the case for many Mac users who do not work in tech. Needless to say they were happy when I got it to boot back up and she will continue delaying the prompts to install updates on OS X.

Forensic drive imaging with dd image and backups

Thu, 05 Apr 2018 16:42:41 +0000

Raspberry Pi dd imaging guide. Preface: This guide is for sharing a forensic approach to imaging a hard drive or solid state device. I tend to not see many forensically tooled guides, so this one covers imaging from the perspective, that you need a verifiable image of a drive you will be working with. I am writing it will full intent to be useful without needing to have a Write-blocker or needing to run and wait for the sha256 signature checks to be run. In effort to be accessible I will cover the imaging of a Raspberry Pi with Raspbian and getting that running. If you are familiar with that process, please jump ahead to the Action section. My logic for using a Raspberry pi is because they are some of the cheapest functional computers one can get. My logic for imaging the Pi fresh from an ISO, is to be sure no extra data is left over on the Pi from any previous projects you might have been doing in the past. I want to add a side-note that you can follow the steps under action for almost any Linux distribution on various hardware. I have done similar on a current era laptop running Tails before. Your CPU heavy tasks like sha256sum will likely run much faster than on the Pi 2 I used for this guide. USB hard drive performance may also run higher based on your USB drive connectors and laptop, versus a Raspberry Pi 2. Just for point of reference, I wanted to mention this. I also have done a fire talk on imaging with dd. The slides are shared and also transcribed in the linked thread. Preparation: Tools needed: Raspberry Pi SD Card A USB to MicroSD reader (to image your Pi) Power Supply HDMI Display Keyboard and probably a mouse Post-It notes to label your drives A USB powered hub (you want this for use with the external drives) A USB SATA Dock USB Write-blocker to prevent making changes to source drive. (or you can use a second USB dock but cannot count on the full unchanged integrity of the source USB drive.) As I mentioned the Write-blocker, that will increase your cost quite a bit. Roughly $300 if you are going to use a Cru ComboDock 5.5 that I use. You are still fully able to follow this guide without one, but minor changes to your source drive may happen while you read data from it (especially if you browse the drive contents and it generates thumbs.db files) and that would cause a problem in the sake of capturing a forensically sound image of that source drive. With that noted, let's get the Raspberry Pi ready to go with a fresh install of Raspbian OS. Download latest Rasbian to your main computer you are reading this from. Install to sd card with etcher imager (resin.io is the imager I used to write the .iso to MicroSD Card) Put sd card in your Pi and boot it up. Bring up a terminal and set pi passwd (default password is: raspberry) Raspberry Pi Configuration can be found under Preferences on the menu of Raspbian Desktop. On this first tab of System you can change the bottom options: Disable auto login Boot to CLI Now that we have the Pi booted and setup, let's jump into the Actions portion of the imaging. Actions Hook up source drive (If no write-blocker, use a USB drive bay / or external drive). Follow the below steps to identify your source drive. No gparted on Raspbian anymore, so use Parted in the terminal. sudo parted -l Typically the first usb drive will be /dev/sda. Also cross reference the output to make sure it matches to the size of the drive you just hooked up. (500 GB source drive in my case) You can also type ls /dev/sd* in a terminal to see what drive is connected. Now that we know what the source drive is, go ahead and hook up the destination drive you are using to be the clone of your source drive. In another terminal, type sudo parted -l again. In my case I now see a /dev/sdb. This is my second drive I will be using to write the clone of the source drive to. (1000 GB destination drive in my case) For your sake, this is where I recommend using post-it notes to write a note to put on each disk, stating what one is the source and it's /dev/path. Also doing the same for your destination and it's /dev/path. Source drive is /dev/sda Dest drive is /dev/sdb With that out of the way, we are ready to jump into the long haul of running a dd command. This will copy the data from your source drive, block for block to the destination drive. dd is quite a serious command and can result in data loss if you do it wrong. Here is where a write-blocker is especially useful to prevent overwriting the drive. Also this is where the notes on the physical disk are helpful. Below is the command for the setup we outlined. dd if=/dev/sda of=/dev/sdb bs=16384k status=progress Let's break this command down. I look at the if= being equal to Input file. That's our source drive. of= being Output file. This is where our destination drive is being overwritten. bs= is Block Size. I go with 16384k as it is a block size I have seen around good for imaging. status=progress is a nice add-on so you can see the results of the dd command. Otherwise you would be waiting for the progress to output once it is done. This will take quite some time. 500 GB source to a 1TB destination drive. Easily took about 8 hours as the finished results state: 27184.1 s, 18.4 MB/s. Divide that by 60, then again by 60 and I got 7.55 hours to image a 500 GB drive to a 1 TB drive. Hurry up and wait as you are doing a block for block image, so it even will copy the blank space to the destination drive. Once done, verify each drive matches (Especially for forensic sake and use of write blocker). Drive to drive sha will not match, so you want to do it for the partitions specifically. Once again, be warned that it took around 7 hours on this Pi setup to run sha256sum against each one of these partitions. Below are the commands I ran to generate the sha256 signature, followed by their matching results. sha256sum /dev/sda1 sha256sum /dev/sdb1 813dcb6470f62c7c12623a0ef092551965b83e501e70dff4e01e1220cebf0129 /dev/sda1 813dcb6470f62c7c12623a0ef092551965b83e501e70dff4e01e1220cebf0129 /dev/sdb1 Bingo! Image is a success and the source partition is a match to our cloned partition. For conversations sake, if you were to run sha256sum against the entire disks, they would not match up. Keep in mind the destination drive I used is a 1TB disk, so it has more free space than does the source drive. Here are examples of mismatched checksum, because we compared the entire disks where one was larger than the other. 83b3b53d577d0ae793c947220b4ef3aa3d323e8349e0d3615b77964ec5baeb80 /dev/sda f24189b6160b9a91bf5037ade4d4ab2f45a9bad9ebe254c0a349688f8987bc10 /dev/sdb That concludes this guide. If you have an questions or feedback, reply in this thread or hit me up online. Thank you for reading and visiting. 🙂

CLOUD Act

Fri, 23 Mar 2018 22:56:44 +0000

https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes

Memory Info / Diagnostics

Sun, 04 Mar 2018 16:35:42 +0000

Hey guys, Looking for recommendations on a freeware program for live memory info and/or diagnostics, in Windows. Currently, only running CPU-Z.

Learning Linux Issues

Wed, 21 Feb 2018 16:40:27 +0000

One of the biggest issues you will encounter learning Linux, is how most anything you may search for, will fall in 2 camps of info: Pre-Systemd and Post-Systemd. Guides and articles from 2013 or earlier will especially be based on older utilities that have been decommissioned but may still exist on recent distributions. It can be a little maddening but that's where more specific and newer articles are your guide. Ideally, the newer write ups will reference the older method too. Both for the sake of showing up in your search results and showing how both old and new work, so you can get to your solution. Case example for me here, is setting up a NTP server to do internal time synchronization for machines not able to contact a Windows Domain Controller. ntpd exists but not as a stand-alone server, as it's part of ntp services. tzselect works to set your timezone as a command but does not impact anything, since timedatectl is the current handler for system time on Raspbian and other more recent distro releases. Once you set the right timezone, ntpd -qg will connect to your defined external ntp servers, so your local service will have accurate timing to share with the internal machines you want to clock sync. To check your status for the ntp service to see it's running state, you want to: systemctl status ntp I just wanted to share a potentially helpful rant, as searching for information online, tends to bring up the older linux tools. It can be extra rage inducing when the original stuff is still around but has no impact on what you are trying to change.

Final Fantasy XV Benchmark

Wed, 07 Feb 2018 16:03:12 +0000

There is a Final Fantasy XV Benchmark for PC (NA), to prepare for the PC release of the full game. Be warned that the shown benchmark score comparisons they give you will likely be higher than your recorded score. Thank Windows 10 1709 Creators Update (version 10.0.162.99.125) for that. While I do not know the cause of the slowdown, it has been pretty consistently recorded on sites for frame drops. Perhaps an OS level stop-patch for the processor vulns, I am not sure. Expect a frame drop though as I felt one in other play, but thought that was the Oculus 2.0 beta. Enough on that rambling theory. Notice on the benchmark site that their screencap for the demo has Windows version 10.0.15063. I'm getting average 7700 score on the performance high 1080p setting. On my 1080 Ti 11GB it seems 720p with high setting scores the same score. When checking the Stats output, it will open a window for web browser results. Running the high 3840x2160 resolution put me around 3xxx maybe 4100 score. Let me add some machine context. I am on Windows 10 Pro (version above) with an Intel Core i7-7700k @ 4.20 GHz (4.5 GHz load) with 32 GB RAM and a Nvidia Geforce 1080 Ti 11GB running Nvidia driver 390.77. In my testing, it looks like the game window is 1080p no matter your option and the upscaling or downscaling are applied in that window. This is somewhat supported in my benchmark score between 720p and 1080p as the scores are nearly identical. 1080p High Quality Score: 8111 with High Performance ranking. 4k High Quality Score: 4436 with Standard Performance ranking. 720p High Quality Score: 8067 with High Performance ranking. Additional benchmarks below for standard quality are in my next post. In my testing on an HD TV @ 4k and a PC LCD 144 Hz display, scores ended up basically identical, as the benchmark has score drift of a hundred or so points. You can definitely see the quality increase running 4k, as the license plate in the start of the benchmark becomes clearly readable. I have to say I'm cool with the 1080p window upscaling to 4k, because that means I can play the game @ 4k and 60 FPS on a TV with my PC. I checked these with display details on the PC LCD and also on the TV via Info on my Samsung remote control.

Security 2017 armchair recap

Tue, 12 Dec 2017 17:49:49 +0000

It's pretty difficult to fully gauge the scope of things broken in 2017. Running with the armchair line in the title, there are some things you did not want to be right about and the state of operating security is one of those things. I have some time and what I consider to be considerable experience in running and supporting systems. The scope of things broken or data swiped away from production, really large systems in 2017 is out of scope, short of you imagination running wild. BitCoin exchanges have been taken over multiple times since the folly of Mt. Gox, user data has rampantly been leaked, be it by opt-in systems or the more nefarious collection services like Equifax. Vendor equipment has been found multiple times with back doors, while operating systems and integrated devices have seen more updates and bug fixes this year, than I feel like the last 4 years combined. Retconning the current trends, it feels like development and security are still not concurrent activities. The run to get something online and into production with the intent to harden it later, is frankly, a crock of shit. I know that no one is perfect and there will be issues, but when the design choices dictate to move fast and fix things later, you find the foundation of that object is flawed. Looking at the Internet of Things integrated devices, those things turn on and phone home, at best. Patching is either a black hole or some sort of last ditch effort when you are in a bind. Granted the IoT devices also tend to have OS-level runtime vulnerabilities that can turn them into a horde of DDoS devices. Likely along the lines of default credentials and the combo of being largely unattended online. Stepping back, then we have the stacking issues Intel ME vulnerabilities that run on a privilege ring higher than that operating system level. Chip-level overseer vulnerability access is something right of of some techno-dystopia, yet here we are. I can complain for days but instead I keep reading and trying to stay somewhat informed. Crypto-lockers and malware are scaring businesses into their backup confirmations, but it does not seem like the inroads for fully scoping the priority of their business data and investing in people and equipment resources, is quite getting there yet. The more 3rd party tools you rely on, the greater need to vet the chain of software used and interacting with an environment. Ending my rant, please be conscious of information you share online. It could be a matter of days before that mega hot new company, either gets their database popped and sold, or they have a bad quarter and sell the user data to bail them out of a debt hole. These days the data is the big money item. I dare say that's why so many new applications and operating systems try to phone home with diagnostic data and the like.

Desktop Window Managers

Tue, 17 Oct 2017 16:01:00 +0000

I enjoy using multiple operating systems. I love Linux for performance but I have to say most of the window managers are nowhere near Windows or OS X in terms of control and keyboard shortcut operations. This is very rant filled of an opinion, as I do quite a bot of text editing work and am a huge user of Ctrl+Tab and Ctrl+Shift+Tab to navigate between multiple open windows. If may seem minor, but when editing multiple bash scripts, having to select your other window with the mouse instead of jumping tabs by keyboard... is clunky. I guess the burden of choice also leads to an inconsistent UX in Linux distros. I would say we should step back and know that this is a limiting factor to having people fully switch from Windows or Mac OS. That stuff really matters over time on your day-to-day computer usage. Personally, I tend to manage my Linux installs over SSH from a Windows box, or occasionally a Mac as well. Hopefully this comes to become a little cleaner an operation on some Nix ditros, but as I mentioned, it's difficult to get everyone to agree. One person's issue is another person's workflow to it working as intended. This rant came up encoding videos, where my bash scripts were not simply a Ctrl+Tab, followed by a Ctrl+R to replace strings for the next output. When you are grinding out the repetitious stuff, shortcuts are helpful and can lead to better automation too. Depends on what you are up to, but the emphasis on a clean UX, is what gets people to invest (mentally and emotionally) to your platform.

Pi-Hole

Wed, 20 Sep 2017 04:20:12 +0000

Pi Rasperry Pi-Hole config quide: Howdy and welcome to another thread. I have a history of not being a fan of advertisements and do not run those banners on this site. Besides a security concern, I think advertisement gets really creepy online. Pi-Hole is an Operating System with dns capabilties and use of adblocking lists. The added benefit of the request being denied even without plugin-based web browsing, is pretty handy. Before you install, be sure if you are using a RaspberryPi or whatever device, that your user password is one of your own. You do not want to go default with your LAN traffic. If you wanna log a fun time, you can use one of these for short-term logging a little CTF monitoring style. Logs are configured to purge after a few days on your standard Pi-Hole install. Please be sure to update your OS image with latest patches via said package manager. In my case I set the primary network connection to a static address. I have the service connection IP address details to use the actual router as DNS server. Since all your other network DNS will be set to the fixed IP Address you bound to your Pi-Hole installed device. SSH is likely disabled. I like to administer my SSH session by serial to usb in the case of my Raspberry Pi installs. Follow the install guide and advisory on their site about the bash | pipe install. Quick comes at a trade off when you do not review the install process part for part. If you go for the easy install and read the disclaimer, you can run the single line install: curl -sSL https://install.pi-hole.net | bash This thread is for administering and keeping yours updated, as with my configuration I ran into update issues using just the one connection. Details ahead cover enabling a second connection to fetch updates, since you will have the primary network connection with a set IP address that handles DNS requests handed off from your router / main DNS device on your network. To do updates to the OS and Pi-Hole local web services device / OS, I disable the service network connection to resolve conflicts of web requests to get out locally. All the LAN clients will be fine getting pages. In this case, I suspect the localhost calls in the Pi-Hole logs relate to my network layout and the device being bound to serve back to itself. When logged into the [deviceIP]/admin configuration page I would also get failures to resolve list update servers. Having plugged in a second USB NIC or using Wireless as an update connection, I ran the following commands to handle my network adapters. Turning off the static address service NIC. In most cases likely eth0 as shown below sudo ifconfig eth0 down Do some pings and the like to see they should now resolve. Do your updates etc for the OS. In my case, Raspbian on a Pi 3. Once those finish, load up the Web Admin panel for your Pi-hole install. Get your ip address for the active network connection with: ifconfig Connect to that IP address in a web browser and add '/admin' into the address bar at the end of the IP Address without the quotes around the path. Login with your admin password to the admin panel and you should now be able to see updates are pending. You need to start with the FTL update. To do this, return to your SSH session. As I mentioned I am working with serial over USB, but you can enable SSH over network if you so desire. One more service for a network heavy component, so choose of your own accord in concern to security to conveinence. On that SSH console, run: pihole -up Wait for the updater to get and deploy the new FTL version. You will likely also be treated to the Web Interface and Pi-Hole version also being to current revisions. Great! Almost updated and running live AdBlocking again. Still on your console, seeing the update completed you want to turn back on the main network connection we disabled for updating. sudo ifconfig eth0 up Overviewing network setup above: Main Internet router will be your DNS server on the Pi-Hole device. Manually set client DNS or change your DHCP server to set client DNS to the static address of your Pi-Hole install. (192.168.0.1 default-ish router) Check your current IP config to get details if you do not know current network base configuration. On the Pi-Hole install, set the primary network adapter to an address in that subnet (say 192.168.0.10) Make sure DHCP server /or/ router will not also try to assign that address in it's pool. The Pi-Hole DNS primary will be set to your local router (as above default-ish router 192.168.0.1) I hope to have avoided huge gaps or inflected confusion in this thread. Jolly adblocking. Even if you like making money from it, you have to know it is a vulnerable vector and kind of a shaky market. I'm not here to tell you what to do, I'm sharing details to help block them on places that run them without respect to visitors.

Technolust save file

Wed, 23 Aug 2017 14:33:08 +0000

I have been playing VR games and decided to take a plunge into Technolust. Some of the reviews were hit or miss, but if you actually explore around the game and appreciate all the options and content, you may enjoy it nearly as much as I have and continue to do. I wanted to start noting how much I enjoy it, as this is why I jumped into repairing a save issue I had. You can save in the game but I had an issue where each time I loaded the game back up, it looped me to the intro portion, instead of the MURC teleport menu you should see, after having saved your game. I shared some of this info on the Oculus forums and Steam once I got a fresh file to work with saving. Quoted below. In this case, I moved a copy of my stuck save file, as it was not working due to that 1st character of 'ý' in the save.txt. Using various text editors showed me varied results in the save.txt. ConText editor showed me mostly blank space and some of the item strings; Notepad seemed to show everything, but without formatting, and Notepad++ showed me a dump of each parameter and their set flags. Here are some screen caps from each editor showing the same file, along with the registry keys. ConText Editor Notepad (Windows standard text editor) Notepad++ Registry Keys Most all of this information is overkill, since I was only a couple of hours in. To resolve the save issue I copied the broken save file to another folder and deleted it from the save folder. Once the game made a new file, I was able to save without issue onward. I had fun checking the save file for stuff I missed but didn't successfully change any flags for stuff I did not find in-game. For conversations sake, the registry values match my arcade high scores. When my new save file was made, simply playing the games I won again, without beating my prior high score, toggled back to my high score, once I interacted with them on the fresh save. You can migrate your save.txt and registry info to another machine, as I did on my laptop to test that I got all the save data. If there is any take away from the thread, be sure to check files in multiple editors. I also messaged the gave dev to say thanks for a rad game. He noted that encrypting the save file seemed like it would have been contrary to the concept of the game. Thanks for not doing that, because it was also fun to splunk through the save data and see how it applied to in-game content I encountered. I'll recap the start of the thread by saying I really enjoy this game. Hell it was so good, I was concerned enough to figure out the intro looping issue. Hopefully you don't have the same issue, but if you do, it's relatively easy to fix.

SMB levels and services

Mon, 07 Aug 2017 15:20:25 +0000

Especially over the last few months, the public face of SMBv1 and how it is quite vulnerable, has become a solid talking point. If you have poked around on some Windows Servers and also some Nix file servers, you may have noticed these legacy-era protocols still running. Even if you have a more recent Windows Server Deployment, they tend to have SMB 1 enabled by default. Oh Lordy. If you have done any nmap scans you may have also noticed there have been notifications about SMB1 for a loooong time. Lucky for us, I would like to think by disabling SMB1, all your existing systems would work. Please note the optimism, because that's all it is if you do not confirm things still work, after having turned off SMBv1 or for that matter, any service. Microsoft has a guide using powershell to manage these. Before you go wild, do make sure to note that SMB 2 and 3 are related and enable relevant network features too. If you still have XP devices connecting to servers (gods save you), you will lose communication when you turn off SMB v1. Another fine reason to finally push and accomplish getting rid of those things. I think cryptolockers scared non-security people enough this year, to give your pitch some viability. Looking at the PowerShell syntax, Windows 8 and Server 2012 have some really clean powershell cmdlets. On Windows 7, Server 2008, etc, you are essentially changing a registry key on the command line / by script. If you are rolling an Active Directory domain, you can push the SMB 1 disable out over group policy. Once again, pausing to make sure stuff works after you do this, and it would not hurt to test this in waves, as to not cause a huge problem in one fell swoop. You can also have fun diving into some PCAPs to get a feel for SMB levels in use. You can apply filters to weed out noise from your scan. Keep good notes. I don't know about you, but when I tell people I'm doing security maintenance, some folks like to come up with some fantasy stories of things they say worked prior. Typically stuff that never worked or something that way decommissioned months prior, not the week of your rollout. Jolly August. Fall is creeping up :)

Bad Windows advice

Sat, 22 Apr 2017 16:40:11 +0000

This is a topic near and dear to my heart. That would be because sites like Answers.microsoft.com are shit. Really shitty advice. While it is temping to follow some of the advice they list, be warned that there tends to never be a reflective diagnosis of what will happen as a result of this advice. From the link: Many folks will be familiar with making sure to cross reference information to see the full scope of a change before applying it, but let me tell you what happens here in the quoted case: Prior Windows Update history is removed. You will need to wait for a scan to re-check what is installed and give an accurate list of what updates are still needed. So you go from updating being stuck from installing, to the following error: "WSUS clients fail with WARNING: SyncServerUpdatesInternal failed: 0x80244010. Congratulations! A bad scenario got even worse. Thanks answers.unvalidated_shit.microsoft.com. Now enter the TechNet article. Luckily these are a bit more inflective than the answers site, because the TechNet article is more based on how something works, instead of someone blasting blind solutions and getting upvotes. Notice how this gives information on what happens when you go ahead and blast away "C:\Windows\SoftwareDistribution". Short hand is, after a few queries, the machine *should* rebuild the installed updates then be able to install the pending ones. I wanted to share this rant as I have seen lots of people fall info the answers site trap. Especially when people give up but instead of saying 'I don't know why that is broken', they return with 'You need to reinstall the OS'. I'm guessing you could imagine that is not practical in many situations. Also full disclaimer, I may have fallen for seemingly innocuous advice late in the morning, that turns an issue into a full blown bad news scenario. ServerFault / StackExchange is somewhat better than Answers, but they also have their fair share of really shitty advice. Hopefully this story and cross-reference helps you avoid some BS and maybe explain to some trigger-happy colleagues , why the 1st solution pitched online, may not be the best one. Also of course you have factoring in how you ask the question, quality of results and resolution. It might make me a bad person for saying so, but so be it. Answers.microsoft.com is a dangerous and shitty site.

atkex_cmd.exe error

Fri, 30 Dec 2016 19:37:42 +0000

So you may have installed some windows updates and one of them is for Realtek audio drivers. Upon a reboot, you may very well see 3 or so errors about atkex_cmd.exe. So far, all I have for a resolution is to remove the Realtek HD Audio drivers. Searching your windows install, it should be around c:\Program files\Realtek\HDA\. It looks like the device driver installs hdaudio.inf and hdxrog.inf. Noting that I do have a Republic of Gamers model Asus motherboard. There is also a Driver Service called IntcAzAudAddService. I wanted to share if anyone wins some new odd errors. From Windows 8.1 Pro x64. For sake of my ease, I use a Creative Recon3D device. Even grabbing the latest HD audio driver from the Realtek site (from mid-Dec 2016), the error remains, until you uninstall the Realtek software. The (windows) update says it's pushing MEDIA - 11/8/2016 - driver version 6.0.1.7982. From the Realtek driver site we have latest of version R2.80 with a file name of 0007-64bit_Win7_Win8_Win81_Win10_R280.exe. For conversation's sake, I did remove this version after installing it didn't resolve the errors. I also tried the prior version from 2014, but it still errors, from what I think is related to the device driver and the 2 .inf files listed above.

KB3201860 Adobe Flash?

Fri, 28 Oct 2016 21:11:32 +0000

So I did not install Adobe Flash, it is not in my add remove programs, nor is it any active plugin for my installed web browsers. On this machine, I have Windows 8.1, the Flash options in control panel, but no Add/Remove for flash. I was legit baffled seeing this update pop up, as I didn't install the software, because I feel it is more harm than good, as a security exploit vector. KB3201860 details @ Microsoft. I am still digging around but I am really concerned how something I didn't install is on here. I guess it will be an interesting weekend, finding this and gutting it out of this system. I also see no Adobe windows services installed. I have heard and seen Google Chrome has it's own version of Flash. But it adds extra concern it's escaping the Chrome 'sandbox' because if you can make a call to it, it can be exploited. IMO and all of that. Oh wow, the plot thickens. Thanks to adobe's link, it is rolled in with Windows 8. Checking with this Installed Flash web tool, Chrome of course has Flash baked in, as it's baked into Chrome. My installed Mozilla based browsers fail the test (yay). IE 11 on Windows 8.1 also has it's baked in Flash. It looks like that is what this update is for. Now of course, is the quest to eviscerate it from being able to execute or be invoked. ... So then I checked again and saw Shockwave Flash Object in Internet Explorer Add-onsand was able to disable the plugin, then the 'Is this installed' check failed.

Computer news recap

Tue, 25 Oct 2016 14:06:58 +0000

So everyone has been foaming at the mouth about the Dyn DNS attack / mirai botnet theory on how some large sites had been down over last Friday (10/21/2016) into the weekend for some folks. There were heat maps of areas in the USA hit, and laughably common, Russia was the 1st to blame. That of course turned into more competent speculation that the attack came from a botnet of devices, such as cameras and other Internet of Things (trash) with default passwords, or worse yet hard-coded passwords. Pardon the cynicism, but I am waiting for this coffee to cool down and it's the morning. I would also make a list of major websites that had their user databases taken, but that would be a huge and no where near complete list. When that happens, the obfuscated passwords are run against some cracking methods to get the raw ASCII value. Hashcat is something I do not yet have experience with, but would like to setup a test windows domain to reverse the AD password obfuscation, for sake of seeing it run and deliver personally. I enjoy projects. Notable sites where the user data got popped are (with some speculation on my part, perhaps): Yahoo Hotmail LinkedIn AshleyMadison MySpace Twitter (~2014) Facebook (~2013) Please note that Twitter and Facebook are speculation on my part and that is why I put the projected date next to it. At this point honestly, I give consideration that every site has potentially been popped for their user databases. Salting and Hashing your user passwords will get you so far, but like encryption, if you leave the keys with the protected data... you are not really gaining any benefit because you gave away the key to the puzzle. We can call this security nihilism, but seriously this is worth restating. Do not store private keys with your data, if you salt and hash method are in that production database, you are going to have a bad time. *Sips Coffee* There is no such thing as perfection, so do not worry about chasing that dragon. The moral of the story above however, is to not re-use passwords. Do you have the same password for your email, bank, work, and social network sites? Please don't do that. It makes being a victim way easier, especially after a data breach / password dump from a major site. Let me assure you I'm not spouting this out from my ivory tower, because I had some shared passwords between services too. Fortunately I seem to have changed those before the accounts could get popped. Granted, depending on how bad a network gets run, authentication could be irrelevant because an attacker had full access to the site by side-stepping authentication completely. Another one of those theories, but yeah you have to do what you can. I spend a formidable amount of time reading about security news and researching myself. A few years ago I dorked around pretty heavy on facebook, laughed at the perceived privacy controls, and got put in 'Facebook Jail' a few times for abusing features. That taught me the humor of what privacy means, to a site that really wants to sell me t-shirts and crawl the search history on my mobile phone to schlep advertisements, if I use their mobile application. Wrapping this up with some dystopian nightmare, I see more and more corporations are merging on up into massive conglomerates. It feels like only yesterday Time Warner and Comcast merged, yet AT&T is preparing to buy Time Warner. By Time Warner I mean more than just the cable services as well. So much for reasonable internet prices. I mean it's pretty clear that balanced media reporting is a relic of the past, short of some slivers of the internet and print sources. Complaining about the media, I reference the fault that comes from major networks only reporting from one perspective, so conservative hones in on their pitch, while moderate or whatever you call Fox and not CNN, also ignored highly relevant details, so they can pitch their sponsors agenda. Worst of all, leading people to argue about disinformation they get from controlled outlets, instead of combining multiple resources and trying to come to their own conclusion. For what it is worth, hopefully instead of trying to support broken infrastructures, global society rolls up it's sleeves and looks to put in new solutions, instead of band-aids for flawed infrastructure. In this case I mean things like replacing DNS and core network topology with a new back end, at least designed with some concepts of preventing major issues from being so detrimental. Granted, Global Society applying similar methods to non-technical processes would be great too. I hope you enjoyed the rant :bunny:

Firewall Log Fun

Sat, 22 Oct 2016 23:11:19 +0000

This thread is ongoing, but let me start with the results I have from a year worth of dropped firewall connections. 228376January 2016 253698February 2016 244374March 2016 494842April 2016 611021May 2016 259013June 2016 529243July 2016 406937August 2016 2096766September 264421October Let's jump back a minute. I am importing firewall logs for dropped connections into a MS SQL Database. September as you can see is a fun month with 2,096,766 records.Since my firewall is a Zyxel device, I gave a look at the .csv delimited log output. Easily enough you can use a Data Import Wizard to spin the logs into some tables. Rough table to log structure is as such: CREATE TABLE zy_2016-09 ( time VARCHAR(50) NULL, source VARCHAR(50) NULL, destination VARCHAR(50) NULL, priority VARCHAR(50) NULL, category VARCHAR(50) NULL, note VARCHAR(50) NULL, sour_interface VARCHAR(50) NULL, dest_interface VARCHAR(50) NULL, protocol VARCHAR(50) NULL, message VARCHAR(250) NULL, col00 VARCHAR(250) NULL, I am having fun crawling some output. Typically it's some sort of fancy OpSec to not say your type of network gear, but this is meant to be informative and hopefully helpful. So let's crawl some queries and output in the next post.

Active Directory re-design in production

Mon, 15 Aug 2016 15:08:09 +0000

The topic hook here, is redesigning the Active Directory Object Units of an existing network. Really, OUs are like Subfolders of a Windows User and Computer tree / list. I am working with a live domain structure, so more important before making any changes, is knowing and documenting how it was / currently is. This being in case you move something and it breaks. Especially 3rd party applications linked into Active Directory, and the OU path is like a network or folder path, if the lookup is where it assigns user permissions via the AD / LDAP (Lightweight Directory Access Protocol) / Windows Challenge/Response (NTLM) mechanisms. Point here being, if you assign permissions to a user as below, moving them to a new OU and not updating that lookup in an app can break it, unless it verifies the current path of that user account in its NTLM-esc lookup. DomainTree.local\OU_Name\Object_UserAccount Point being, if I move the Object_UserAccount into a different OU or a deeper subfolder / OU on that domain, that lookup may very well be broken for the 3rd party app, using AD for it's lookup. That is kind of long in the teeth, but in Windows land, especially when changing domain structure around, you can get some nasty snags. Documenting is as it was, lets you see if the old path is defined in whatever 3rd party app or device you are working with. Also applicable, are Group Policies and where they apply. Group Policy Editor on a domain controller will let you see what ones are applied and what OU they are nested under. Group Policies are a step of this, but I am not focusing on these for this thread. Knowing the old policies they apply to, will be helpful on your rollout, as in my case, some departments have printers autoinstall, based on their location. I note this to troubleshoot or recreate that behavior on the new side of domain OUs. Tools: csvde.exe: This C(ommand L(ine) I(nterface) tool will let you connect to your domain.local, while picking a root OU, to then export all those details to a CSV file. Along with some screenshots of the tree structure, this is a great method to know what OU path a user was in, before you redesigned the trees and moved users around. This in especially the case, of someone's windows or other app, stopping to work, upon you moving their account or machine around in the domain tree. Excel or Libre based office spreadsheet program: I use these especially in migrating a live domain to a new server. You have to clean the AD export up to 8 relevant columns, as the rest of the data is made by the new domain controller, thus importing the old stuff will just fail. Rambling point here, is that when you import a new domain controller to an existing domain, it will inherit the security level of the prior domain. Server 2012 running on a Windows 2003 Domain Forrest level? No thank you, please don't even. You can and likely will use the spreadsheet program for reference in the future, either to make sure you moved the user from old to new, correct path, or to debug why an app may have stopped working, and trend a fix for anyone else who may have the same issue. Great. We have a dump of users with their original path (in my case, over 100 sub-OUs for maybe 20 different business units.). Sometimes, people over-design systems. It can be intentionally confusing to dissuade others from making changes, or simply be over-designed for some fantasy scope projection of future growth, instead of something that works with their current, yet is still scaleable for later add-ons. In my opinion, empty folders are a BAD design call, especially in OUs. Sometimes the path is limited to a certain amount of characters, so 50 of them characters being empty sub-folder paths, is just a shitty design call.

Cisco Noob Guide

Fri, 15 Jul 2016 15:51:10 +0000

Especially on old-school devices, you might find no one logged any of the network topology and config details. If you are lucky (depends on your outlook) there is no password for the console connection. To connect over console, you will need an ethernet cable that plugs into a serial port on your config machine. If you do have a password on console port, hopefully it's something from your list of other device passwords. Probably a Level-15 account. We will be in the CLI, so all those nice GUI configs you are used to with newer devices, are not at your disposal. So we have this guide for logging in, going into enable mode, then showing certain configurations. This can help you map a network out, especially if you inherited it and want to document and know how it really functions. Starting out: (Run a cable from the console port on said switch, to your machine Serial port.) Use PUTTY or a similar application to connect to COM1 Press Enter 2x. You should then see Console of some sort Login when prompted for a password (or if none) type 'en' without the quotes. This will take you to config / enable mode. show ? will give you a list of available commands. Start with show version to get an idea what platform and version of iOS (or PiX) you are dealing with. show running-config will show you the currently running device configuration. Feel free to archive this into a flat file for reference later. show vlan is huge if you need to know the VLANs defined on the network. Note: Your core switch will have them defined, then other devices can reference those VLANs and route accordingly. IF you do not have a VLAN defined somewhere, it will be useless to use as a target. That's my primer on dorking your way though some older cisco devices. Granted these methods will work or be very similar in current, CLI based cisco sessions. Happy explorations.

Software Restiction Policies - Windows GPOL

Thu, 26 May 2016 14:45:19 +0000

I hope you are enjoying your day. Perhaps you found yourself in a pickle with malware and need to finally implement a software restriction policy on your Windows Domain. Considering the items in question, I am presuming and hoping you have a Group Policy on your side to help manage these machines and users. Software Restriction Policies (SRP) are here to help you out. Great! Since you are looking to add a restrictive group policy, I would suggest making a test OU (Object Unit - I will only define acronyms once) and creating GPO (Group Policy Object). With your Test OU and user account, I would suggest a VM (Virtual Machine) with that user account having minimal level domain access (Group: Domain Users). Making our new policy, you want to focus on the following tree of your new policy. Computer Configuration | Windows Settings | Security Settings | Software Restrictions Brief pause here. Respect to SwiftOnSecurity for bringing this conversation up recently on Twitter. My guide is based from Branko Vucinec's SRP Guide. There is also a guide I will link below, that is for when you realize your policy also prevented Admins from installing programs. There is a fix for that too. ;) Let's talk about Environmental Variable Paths (EVP). These are commonly used by installers and scripters for installing, both legitimate and exploit code & applications. Ones I am focusing in are: >@echo %appData% C:\Users\{username.fullpath}\AppData\Roaming >@echo %localAppData% C:\Users\{username.fullpath}\AppData\Local >@echo %temp% C:\Users\{username.8char~}\AppData\Local\Temp >@echo %tmp% C:\Users\{username8char~}\AppData\Local\Temp Echo shows us we have the right file paths and how they output per the active user account. As noted, we are looking to restrict some access to items in these folders executing. Along with that, we have some extensions to focus on restricting. The linked guide covers, while I also add: Archives (7z, zip, rar) EXE JAR MSI VBS COM BAT PS1 Wild list, with some oldies on there. Let's just say, you can lots of automation with .bat files. Everything else listed has more capabilities than that, but if you can call something else from a batch, there are options from there. This is not meant as an exhaustive stop-all-exploit execution solution! Honestly nothing really is (and if someone says so, they are lying). This is about presenting extra layers to prevent exploits from 'getting the keys to your castle' in respect to infrastructure. This is getting wordy on the backdrop narrative... Let's get going here. Time to make the policy. Making our new GPO, jump into the tree and Right-click on SRP then click New Software Restriction Policy. Under Additional Rules, add our Disallowed exceptions. These being the EVP list of folders I noted above. An example being "%temp%\*.exe" We add these by making a New Path Rule. I could lie to you here, but you have quite a few to add. Branko's Guide covers the syntax while my extension list adds other possibilities. Make the call what is most probable on your network and what you may have seen in attack patterns. Besides, you are one of the people who has to test this, and ideally one of the 1st to do so... so you can eliminate the immediate conflicts with business operations, before anyone else can try to prevent the implementation from happening. Good Job. Now that you finished your new GPO, add your test machine into the linked OU with that policy and have your test account login on said VM or test desktop. Try to do some standard fare user operations and software patching. Install Firefox, update Flash, whatever you or anyone else might do on a frequent basis. If you managed to remove flash from your network. Give yourself a high-five. Ok now try to install some software as an Administrator. In this case, Firefox will fail because it extracts the installer to %localAppData%. Turns out your policy also applies to Local and Domain Administrators logged into that machine. Good thing we are testing before launching live, huh? To resolve this, we are jumping back into that policy you just made. We need to add an Enforcement exception for Administrators. The Policy path for that is: Computer Configuration | Windows Settings | Security Settings | EnforcementOn the Enforcement settings, you will see Apply software restriction policies to the following users: Go ahead and in this middle section, set the radio dot to All users except local administrators MS KB on Enforcement.Hit OK, Close your policy, jump back onto your VM and run another 'gpupdate' command to get the latest policy on that machine. Diagnostic Note: If you have questions if the policy is actually applying, run RSOP.msc and see the Resultant Set of Policy. These details will show you what options are set by all GPOs and what one is defining the settings. Try running that installer again, but this time right-click it and do a Run as Administrator. It will prompt if you are not logged in with an admin-level account, else it will just run. Your installer should now properly execute. In addition and most of all, rouge applications matching your filter rule list, should not be able to run. The protections are only as good as your rules, so keep an eye out for what applicable stops you can build to protect your network from processes gone awry.

UEFI Linux Grub Boot Fix

Mon, 09 May 2016 04:06:53 +0000

Rad. This OP Linux thread is from 2008 / Ubuntu 7.04. On Ubuntu 16.04, you may get an UEFI / EFI install error. When it refuses to boot grub OS loader, you need grub-efi-amd64-signed from a restricted repository. Adding the repo along with an install would get your 1st run on that 100 emoji-launch. Boot-Repair is a handy item, as this popped a dialog from a usb install ubuntu xenial studio (in relation to my error). In my case, I wiped the whole SSD as a 64 GB chopped in half was too light with free space. Once the missing package was installed, my EFI partition installed and boot repair gave the sequential output script to Ctrl+Shift+V into a terminal. Boot Repair sequence install the following into a terminal: sudo add-apt-repository ppa:yannubuntu/boot-repair sudo apt-get update sudo apt-get install -y boot-repair && boot-repair This HP Pavilion x2 11" LCD Tablet was a Windows 8.x and 10 device but the partitions were too small. It was just prior a Windows 10 and Ubuntu Studio 14.04 x64 dual-boot. This Studio distro works with the touch screen but lacks the features and lcd touch keyboard calls, without targeting app keyboard osd.

Ansible and Vagrant. DevOps acronym decoded

Sun, 08 May 2016 03:14:01 +0000

Let me start by saying Ive lived the System Admin life for quite some time. The decoding title is in reference to: Installing, deploying, configuring, and monitoring servers in a rapid deployment manner. Most important of all, in a non-static and non-fragile manner. TL;DR security - Running services across multiple servers, that can be shut down in the event of intrustion or broken configuration and replaced with a new image with all the required configuration, out the gate on your reployment. You will be communicating and deploying over SSH sessions, so encrypted communcations are how you 'make the magic happen'. Here are some notes I took from a great presentation by Chris Rossi of AppliedTrust, that also got me running my own deployments. I am also working from the following book: Absible for DevOps by Jeff Geerling. As this is a technical and video game heavy site, Im sure many visitors and members know the struggle of single-thread processes not scaling your gaming hardware. By deploying your server topology with Ansible (Python based) and Vagrant (Ruby syntax) scripting, you get a performance scalable topology, where services can be allocated per Virtual Machine; while also being able to be replaced by a fresh spun VM, in the event of misconfiguration change or security exploit. You also get some botnet-like controls to distribute commands across all or selected servers in your Vagrant configuration. Personally, I have been learning Python to make tools to assist me in log crawling functions, configuration and other data driven projects. I legit feel like Ansible and Vagrant usage has progressed me beyond making bash script, as the state control / config deployment and validation is light-years beyond cobbling my own scripts from scratch. I have been exploring this for less than a week, so please excuse the details thus far. However I will say this knowledge is really addictive, since I am seeing my personal projects materialized in a deliverable, community cooperative platform of Ansible using Vagrant. Borrowing from Chris's presentation, patch deployment and distributing content is the final leg / deliverable of the DevOps process. Considering I am used to living a Windows SysAdmin life with the use of windows cmd and Linux scripting, this point resonates as solid truth in the compliance being the hardest deliverable, while being consistent. Did I mention scaling your network and sever topology? Because that is what you are up to with deploying dynamic servers in a VM environment. Get the most performance per service to VM, with added benefit of essentially real-time monitoring. In the event of a fault, you can also handle the decommission and re-launching of a new, compliant VM in the event of mis-config change / exploit.

Windows Group Policy & IE settings

Wed, 06 Apr 2016 15:19:45 +0000

I wanted to share some experiences I have been having on an existing AD topology I manage. Backstory: This site has been run by various contractors over a decade or so. Having been a contractor myself in the past, I got pretty familiar with poorly configured server deployments and gaining the task to cleaning them up. Great. Back to the point, multiple group policies can get messy, but the slop comes into play when you are trying to set Internet Explorer settings to domain machines. IE 11 changes quite a bit of these options around and I actually had policies fail to apply, with IE 11 installed due to all the subsettings for the browser. This is the part where you review what settings were being modified and determine what ones are actually relevant. IMO, some of the settings are defined, for the sake of generating more service calls, than to actually implementing helpful security. So about the faults. In this case, I had a few servers that did not report to the local WSUS patch server. Turns out bad policies were the cause of this. I removed the multi-policies that were not applying valid settings, and shortly after said servers started reporting to my WSUS list. Message here being, revisit your group policies, export them to XML and review them. If you have a bunch applying different settings, consider merging them. Policies can also be exported, so doing that before making changes, will give you a control of what the config was, before you made any changes. Back to cleaning malware off a machine one of the helpdesk people ignored the other day. Living the dream. Lol not so much there. Edit: Oh yes, let me add some helpful commands for tinkering with your group policy. It should be obvious, but keep notes of what you change, especially if changing the active policies. You do not want to break the parts that are working / critical to operations. rsop.msc = Resultant Set of Policy. This will show you what policies are applied and what the settings are. Also errors will display here if the policy fails. gpupdate = Group Policy update tool. Run 'gpupdate /force' to apply all settings @ execution time. Log into your WSUS server and confirm the machine in question is reporting to the patch server. You can run the following command to have it query the WSUS server for patches. wuauclt /detectnowThis should shortly display a tooltip bubble with pending updates. Assuming you approved them on the WSUS server, the client machines should see them and you can install them. Pick your install method via Group Policy to determine if you want them to auto install or prompt the user to install them. Review your reports in WSUS to see how many are being installed and if any are having errors installing.

Database Guide MSSQL

Tue, 15 Mar 2016 01:09:26 +0000

I made the attached guide from notes and documentation I was reading around 2009. I meant to share it before and very well may have, but it had poor naming and was hard to find. Hopefully this helps you explore ;) MSSQLDatabaseNotes2009Guide.txt

Hmm,.. not enough about Computer Audio in here!~

Tue, 02 Feb 2016 21:50:05 +0000

I'm done with modding computer hardware. My last build featuring a Intel 2500k chip with 8GB ram (out of a 16GB set ordered, one bad stick), and a couple of Crucial SSD's, a small one for the OS and Programs on the other, was the first desktop I'd built where I never felt it worth the bother to OC. I still tweak out my GTX 770 4GB card, but not much. My dwindling interests in video games were replaced by a return to music appreciation, and I got rid of my old (but newer) stereo and replaced it with a 1979 Yamaha CR-2040 (120w/ch & way underrated at that) hooked up to a pair of Cerwin-Vega dx9's. I hooked up the computer to it with a Muse dac that was fed power and signal by a USB coming from the desktop, but it sounded pretty bad. So I found another dac disguising as a headphone amp (SMSL SD793-II) that could accept the optical out from my Soundblaster X-Fi Titanium HD card, and now I have all the features the card has to offer, and it sounds incredible.

Tor browsing via Raspberry Pi

Wed, 30 Dec 2015 18:54:28 +0000

I recently explored setting up an OnionPi to be a dedicated device for browsing .onion sites and obfuscating the source IP address. Just to say it, you don't have to be doing 'criminal' stuff to be using tor. I just wanted to get that out there and encourage more people to explore the 'darknet' / 'deepweb' / etc. I followed an Adafruit guide on setting up my OnionPi. I will describe more about the device, how it functions and some extra feedback, relating to the guide on installation. Presuming you have a Raspberry Pi and supported Wireless adapter, you will be plugging in a wired internet cable to your Pi, that will share the onion-routed internet connection over wireless. Once you complete the configuration and install steps, your Pi will be ready to route your wireless traffic over TOR. If you are more curious about tor and what it is about, checkout https://torproject.org/. The guide I worked from is this link on AdaFruit. The kicker here, is that you really need your Wireless setup for the Tor install process to work and for the Tor service to work properly. So really, You want to start with installing WiFi and DHCP support. Before you start, be sure to set a custom password for root and pi accounts on your Raspbian (or whatever you choose) OS. I did not run the installation script, since I figured it would be easier to troubleshoot if I manually ran each step / configuration command. Besides I got to learn in the process of manually following along, so win bonus. Once you setup your WiFi Access Point, go for the Tor install and configuration. Once done, fire up the service and check your internet-facing IP (WhatisMyIP or any similar site will do). You will also know you are on Tor, because CAPTCHA prompts will be more common in your browsing. A fun little fact I noticed, is to browse .onion pages, you still want to have the Tor Browser installed. Any other browser will still benefit from an obfuscated IP Address, but you will get an error trying to browse to .onion sites. One of the main benefits of setting up a hardware-based Tor device, is you can connect whatever wireless enabled device you wish to it. There have been many write-ups and conversations about the Tor Browser alone, being vulnerable to leaking data... especially if your connection is not fully-routed through an onion router. Not to say using an onion router is 100% untraceable, but every little bit helps. Extra notes, that really apply to any web browsing, is to install add-blocking plugins. Advertising has been a known attack vector for years now and it only becomes more common. Visitors to this site may be aware of my lack of love for online advertising. Different strokes for different folks and all of that. To conclude this post, I also want to mention Tails. This is a USB based operating system that is very handy in browsing tor, especially on the go. If you want to use your own OS and applications on the tor network, that is where the extra work of setting up an OnionPi (Raspberry Pi Device with Tor installed) is helpful to you.

Encrypt stuff guide

Thu, 29 Oct 2015 18:08:27 +0000

This thread will be a collection of resources on how to use encryption, tool use suggestions and where possible, usage explanations. I'm fine with reading technical documents, however I also value time and the ability to convey a point, without a huge time investment. The easier and more clearly encryption can be used, the better everyone will be. Be it an individual or some sort of state agency / boogeyperson, more layers and protections are a good thing. Having protections does not make one a criminal, either. CryptSetup LUKS guide. There are command syntax examples and console response dialogs. Cryptsetup is nice, as it also handles mounting of drives and partitions. If you are unable to mount a drive, you will likely need to install cryptsetup. This should also work to mount any TAILS persistent volumes you have setup. For more info on DM-Crypt (cryptsetup), the Arch wiki is a great resource. Samples of flow (1st link) 01 step: install cryptsetup (dm-crypt) 02 step: confirm your drive target and valid partition (gparted or parted to get your /dev/(drive)) 03 step: initialize your drive # cryptsetup -y -v luksFormat /dev/xvdc(This is setting up your passcode to access drive) 04 step: # cryptsetup luksOpen /dev/xvdc backup2(Mounts newly configured drive) 05 step: format the LUKS partiton (needless to say, you really want to have the correct drive or you have lost data on the drive you are using) # dd if=/dev/zero of=/dev/mapper/backup2(This will take quite some time. Let the cursor do it's work, check your hdd led to confirm activity)

Google Data Mining

Fri, 16 Oct 2015 16:36:54 +0000

I wanted to share the details listed in Google services with your history. https://history.google.com/history/ will let you check through search history, advertising settings and so on. To clear them, you want to click the vertical ... bar and select Delete options. Pick advanced and All Time. You will need to do this for each record set / option of google services. If you use chrome and log in, you will surely see some data there. Personally, I think Google is playing a little Cover-Your-Ass by disclosing these tools to general users. Along those lines, I find it hard to pretend other major data players, do not do the same thing with user data. Here is a guide on the privacy settings. Remember your GPS history is there and that some content will persist, even after a clear all history. You 'Pause' the tracking services. Interesting wording there.

Fall 2015 security topics

Wed, 30 Sep 2015 17:37:27 +0000

October is a great month and one of my favorite seasons. As the consumer holiday shopping season comes up, the amount of disclosures seem to scale up as well. Granted the last year continues a steady stream of disclosures on bugs, exploits, and patches that may address them. Allow me to take a moment to point out that malware distribution through advertising networks, is not only a thing but has become pretty common. This has been one of those things I suspected, but have more recently seen to become a common attach vector. Speaking of security, we certainly live in a world where more than windows platforms are targeted. Be it flash, java, or some other variant... issues arise. Social network sites like to do post-reactive security. However putting up a condition based lock for something originally designed to be accessible, tends to lead into the additive protection being side-stepped. For some odd reason, security in the design phase seems to remain under-looked or overlooked completely. Scale also is a factor, since getting the scope of all use is difficult to do, before implementation and feature requests come into play. Rambling aside, let's note the more common infection of linux machines being herded into botnets. A nice technical read at the link. Mobile phones are not immune either. Android has it's abandoned versions (4.3 and lower) and apple iOS has patches until a device is considered 'end of life'. Keeping in mind the patches, only cover the disclosed and more publicly disclosed exploits. So yes, mobile phones are being used as attack vectors. Cryptography wise, your key is great, but when the machine gets exploited, your credentials to that encrypted drive have (multiple) risks of being stolen. If a government can do it, you should bet individuals or 3rd party contracting groups have the same or potentially more means to do the same. Finally, you can enjoy some art of the security nature.

Linux Starter Guide | Desktops

Tue, 08 Sep 2015 16:10:49 +0000

Howdy. This thread is focused on the Window Manager experience in Linux. In my case, I am using Ubuntu and rolling it with Xfce as my window manager / desktop environment. I am on Ubuntu 14.03 x64. Square One: Installing XFCE, you may notice the defaults will have dark on black console. To resolve this quickly, you can make a New Profile from the File menu of Terminal. Pick colors of your chosing so you can read the text displayed. Next: Xfce will likely have no file icons if you do not have gnome installed. Settings | Appearence will let you pick different a different style, as the default is Gnome. As you may have guessed, you can also install Gnome to resolve the missing icons. This will also show the category icons in your Applications Menu, upon picking a theme that is valid. I was tipped off to changing my Style options thanks to this thread. Workspaces in Linux are really nice. Multiple desktop environments that Microsoft Windows users have to runs 3rd party applications to get similar functionality. Being able to drag across displays and workspaces is really helpful. I recommend trying this out and seeing the bonus of this window management / application juggling system. You can thank me, when you are doing less minimzing of applications, to get things done. Since most all distros come with or have Remote Desktop Protocol (RDP) support, you can login to Windows machines and do your work with proprietary applications. Also an option is installing WINE. This layer will let your run .exe files under your Linux environment and break past the 'windows limitation' barrier. In my case, I like leaving a Windows device available, for others who may need to access said tools and desktops. Also a good consideration if you need to train people who only work in microsoft environments, so you have choices and I am done rambling about those options. As I noted before, depending on what you are migrating from a MS Windows to Linux setup, you should be able to manually or find a tool for exporting your data. Cross platform applications help smooth this out, so Mozilla products are handy for your web and email needs. Choose what works for you and go with that. No sense in fighting over or trying to force a person into another platform, unless there is some benefit that they identify with. The line of this thread, is semi-easily getting a functional desktop environment that allows you to do everything you need to do. You can tweak and optimize the layout later. My intents here, are getting more people running a stable and robust desktop, that does not keep a person thinking 'only microsoft or apple' can do this. If anything, the open source community, is driving the corporate communities to enhance. So why not get in on the ground level?

Deny Windows 10 Rollout info

Mon, 17 Aug 2015 14:14:15 +0000

If you wish to not install Windows 10, and also prevent the sharing of installers off your connection, you will want to make sure not to / remove the KB3035583 update. I am considering a Windows 10 test install, but not to wipe over my main windows install. However the use of my connection, a la Xbox Live methods, is not so much in my interests. Here are some extra GWX details. Without making this a huge rant of observations in Windows 10 thread, I will say that the privacy controls need to actually not phone back to microsoft servers, when you set the options that are supposed to disable that feature. Also automatic forced updating is not my cup of tea. I believe in testing. Call me crazy.

Oh Hello

Thu, 06 Aug 2015 03:10:51 +0000

I find myself enjoying some late nights. Looks like I have a bite here on the Windows 8.1 PC. HTTP and HTTPS services running as RPC items. Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) is port 5357 I also hope you got to read my submission in 2600 32:2 issue. Always looking to explore something. It has been a blast so far. :ninjawub:

UEFI Windows Installing

Mon, 03 Aug 2015 19:14:17 +0000

Howdy. My latest adventure is setting up a HP ProLiant ML150 Server with Windows Server 2012. I keep forgetting how I get workable USB install media, so I am making a guide to that effect. Starting off, there used to be a MS ISO to USB Making Tool, however it fails to make the USB stick from the .iso with an nondescript message. So to make a working, UEFI compliant boot USB stick, we are going to format is as FAT32. This is very similar to setting up a Raspberry Pi SD card as well. However using a Windows Install CD and Win32DiskImager does not work, so to get it working: Open Command Prompt in elevated mode (Run as Administrator) Type diskpart and press Enter Type list disk and press Enter. Note the list of existing disks. Insert the USB Disk. Type list disk and press enter again. Note the new disk showed up which is our USB disk. I assume the new disk is 2 for example purpose. Type select disk X where X is your USB disk. E.g., select disk 2. Press Enter. Type clean and press enter. Type create partition primary and press enter to create primary partition 1. Type select partition 1 and press enter. Type active and press enter to make the partition 1 active Type format fs=fat32 quick (Or use the Right-Click step to quick format). Exit diskpart. (or instead of format in diskpart) Right-Click the drive in (My) Computer and do a Quick Format to FAT32.(Otherwise it will not UEFI Boot, only legacy boot) Extract the contents of the .iso and copy them to the root of the USB stick (Use 7zip or Winrar like archiver tools) Re-written steps thanks to the following guide. I use quick format, as a full format on multiple GB drives, takes quite a long time for no real good reason. Without over-complicating why you want UEFI for more recent device boot options, you will have a worse time trying to legacy boot an install on a UEFI BIOS enabled system. Thus installing from UEFI media works the best to avoid issues. Luckily Kali and Ubuntu work out the gate with UEFI, so long as you boot the CD Drive / USB as a UEFI target. This allowed me to remove Windows 8.1 from a 2 in 1 tablet and make a Kali / Ubuntu multi-boot instead.

Powershell Windows Support

Mon, 27 Jul 2015 14:49:27 +0000

Real quick and dirty, I wanted to note this Chart of Windows Powershell supported operating systems. If you run into some Server 2008 instances, you will want to enable Powershell in Programs | Add Features of your control panel. Server 2008 R2 ships with Powershell, but Non-R2 versions look to need having it enabled for support. Be warned, some installers just presume powershell is installed, and will error out when that package is running. Happy Admining. :)

Hacking Team leak

Tue, 07 Jul 2015 02:31:01 +0000

There is a 400 GB dump around of the Hacked Team pages where various social network and internal servers were compromised disclosing various international war crimes against human rights, not excluding journalists targets for oppressive government regimes. Essentially most all of them, despite claims and 'compliance' against doing so intentionally. Recent weeks have been intense with matters such as default Cisco SSH Keys on many devices.

Happy Summer 2015

Thu, 02 Jul 2015 01:41:00 +0000

Keep tinkering and exploring. Personally, I have been playing less games and trying more hardware, different operating systems and things. I have been enjoying trying to project our more learning and reading. I'll play an inspired game, but I would rather not waste time on click or pay to win style that dominates most recent video game design. No hate though. :) Vidya Games for life, just not worth playing most % of it. FTB challenge. Uninstall Adeobe Flash

HP Pavilion 11-h110nr x2

Mon, 08 Jun 2015 17:59:28 +0000

Hello. I wanted to share that a HP Pavilion 11-h110nr x2 will support Linux USB boots and installs to the internal hard drive. I will overview the default SSD partition layout. The SDA# Partitions are approximate so check your drive to be certain. /SDA1 = FAT32 patition /SDA2 = EFI Boot Partition. You will want to replace the windows one, with a Linux EFI partition so the BIOS boots from SSD. /SDA3 = Windows Installed Partition. ~45 GB or so /SDA6 = Restore partition. Approximately 11GB. 250 MB accessible on file system directly, rest in an unknown part of file system. BIOS access comes up with F10. If you hit escape, you will get a full list of options, including Boot device order (F9). Select the place you want with the F# key, as arrow keys to an item with enter, will simply boot normally. In the BIOS, you can change the boot order and remove old EFI keys. If you want to leave Windows installed, just add your USB device to the boot list or change the boot order. Default, you will not be able to boot from USB, so change your BIOS settings. In my case, I left the recovery partition in place, then cut my ~45 GB into 4 partitions. 2 Distro install drives, 1 Swap Partition and 1 Home partition. Everything seems to work well in Kali and Ubuntu Studio. Only caveat being when in tablet mode, the on-screen keyboard does not trigger automatically. I added an on-screen keyboard shortcut to my launcher to solve that problem. SD Card reader also works in both distros, just be sure the partition is NOT ExFAT, else you will not be able to easily read it. I set my SD Card to be NTFS and it works without issue. Since I am running off the SSD, I have access to both USB ports while the tablet is docked to the keyboard. It seems like the on-board video works better in Linux than it did in Windows 8.1. The video is an Intel HD Graphics on an Intel Pentium N3520 2.17GHz. My Windows 8.1 install was eating about 30GB on the SSD. I put some Virtual Machine images on the SD Card, but it was running pretty slow in a VM. Not to mention having hardware direct access, is pretty nice. Consider this an FYI for anyone wanting a nice slim machine, that also works as a tablet and customizable Linux device. ;) Windows 10 also runs on this device. I gave it an install this week.

Service Accounts and Credentials

Mon, 01 Jun 2015 16:07:48 +0000

Top o the morning (technically about noon). This thread is an outline of life as a Windows Server based admin. Focuses in this thread relate to Active Directory user credentials, system and application services, while also touching on analysis of existing business systems. Traveling and supporting various systems over the years, one thing that stands out in a windows server topology, is especially how Application and Database servers are configured and secured. I should say 'secured' because most often with things like MS SQL Server, you will see those services running as a 'NETWORK SERVICE' account, as opposed to being setup with a Service Account. You might ask what a service account is and why would you use it? Allow me to list some reasons for doing so. [*]Running services on dedicated service accounts gives better debugging. You know what user is running said service. [*]Securing Network Shares is easier, as you grant the required Read / (and or) Write access to the service account. [*]Windows Authentication is better handled for clients in a service environment, as you can define client users as needed, instead of starting with a wide-open access approach, especially when your intent is a limited client base. [*]Cleaner Management. Running a service account will help keep GUI interface items running and accessible , if you are dealing with fat-client applications and diagnostic tools. [*]Automation. Using service accounts related to your production environment will enable some more automation related to the user account. Say you want a login script to run, etc. [*]Anti-Lockout. Tiering your service accounts, you can prevent mis-configured items from locking your production environment by locked accounts / invalid password attempts. [*]Backup and communication recording. Similar to the Management perk, you can better trend logs for actions performed by 'x' user. Vastly more helpful than all app services running with a domain admin level account, solely because it is 'easier to setup'. Please always avoid granting domain admin, unless it is imperative to the application. Along this line, another bad practice I see, is when development is done with a C$ admin share design. Making a mapped drive in the 1st place, allows a ground-up service account testing topology. This is also helpful in preventing user accounts from getting vastly more domain or local server console access than they need. A very good practice in my opinion that goes ignored in the design phase too often. When you have to add security later, you are honestly making more work for yourself.

Windows Remote Services

Thu, 12 Mar 2015 18:37:15 +0000

Especially helpful on malware detection side, many of the command-line tools in windows, support remote machines too. While you can use 'Computer Management' to connect to a remote console, many commands such as tasklist and taskkill support remote system commands. tasklist /s 'computername or IP' Replace the 'quote text' with said machine or IP address. If you want to output these to a text file for review and archiving, any command you use will support 'less than' > pathing for your results to be dumped into a flat-file. tasklist /s 'computername or IP' > C:FileName.log I recommend writing to a sub-directory and not the root of the C: drive, as users without admin privileges will get an error creating the file. If you are really in a pinch and want to invoke a soft-shutdown of a windows machine, taskkill the svchost.exe processes and one of them will invoke a reboot. This is helpful if you get an error trying to execute the following shutdown command for a remote PC. shutdown /m 'computername or IP' -rThe -r designates a reboot, while the -m in this case is specifying to do this on a remote PC and not your local PC.

Mozilla Profiles

Thu, 12 Mar 2015 13:10:53 +0000

So I did a reinstall and forgot to run MozBackup on my old OS before I wiped it. I did however get a drive backup and copy of my C:Users folder. Turns out with Mozilla (browsers and email clients) you can copy the contents of the profile folder, into the new one. The folder name should remain the same on the new PC, so copy the contents of the old profile into the new one. C:Users$Username$AppDataRoamingMoonchild ProductionsPale MoonProfiles$string$.defaultThis will restore all your history, logged in sessions and likely saved password, if you do the saved password thing. I found it amusing that a new machine with the folder contents copied over, registered as the same machine. Interesting vector if you are an exploiter or hand lots of system deployments with data migration. Remember, what is nefarious for one person, can be used to help someone else out. Replace the Pale Moon path with a relevant Firefox install directory. It will also live in the Roaming portion of your profile AppData folders. Pale Moon is a forked browser based off Firefox.

Windows 10, Anyone?

Wed, 01 Oct 2014 12:59:37 +0000

Yesterday marked some information from Microsoft about Windows 10. Considering Windows 8 and 8.1 is still trying to get a foothold over Windows 7 and Win XP. If anyone gets froggy and installs it, feel free to share feedback. If I free up a HDD, I might give it a trial run. Enjoy some talk about Asimov. A tool used in Windows OS to track what features users are using and how. Kind of creepy but I understand the applicable use they are gunning for. Call me paranoid, I like to turn off as much of that 'phone home' crap as I can. Not just in Windows environments either. There was rumor that Windows 10 (9) will also be a free upgrade for Windows 8 users. - I like the feedback I am hearing about new server backends. I will likely grab another SSD and setup a boot. HDD Encryption is something I am testing around more with lately too. Anyhow, the Preview is up for download. Technical Preview

900 Series Nvidia Video Cards

Wed, 17 Sep 2014 19:23:49 +0000

Within a week, Nvidia 980 and 970 model video cards will be available. Personally my favorite part of new releases, is better prices for prior generation cards. However with Titan cards still being more a less the king by speed and pricing, many of the other cards do not fully address the speed and memory requirements that are coming more to light lately. The 770 Ti has good speeds, but does not float 4GB RAM unless you go with the 780 rehash models. All I know is my 570 GTX with 1024 MB RAM has seen it's share of video limits. Of random note, when you run out of video memory, jank lag is a thing you may see. I saw this a bit maxing out Skyrim and also in the higher graphic settings for Watch Dogs. Granted I have not been playing a ton of games the last year, so there is no immediate push into a new card. Just one of those things I like to think about upgrading. ;) I am also only interested in 1 video card. None of that SLI chicanery and extra heat generation.

Google Map Tracking is Real

Mon, 18 Aug 2014 15:04:21 +0000

Logging into Google Maps builds more of a complete travel landscape than one might think. After checking this article and logging into the google maps chart, you will see Google Maps and logged in users are certainly tracked. You can see a day by day chart of your location history with google by logging into said location history page on Google. This has been one of those theories I had for some time, but seeing the charts vividly prove the suspicions is really surreal. It also appears that some triangulation occurs by cellular towers, as I keep my GPS function off most often to preserve battery. Interesting stuff indeed. Lots of power and money in that tracking data, I am sure. Please give these charts a read, if you doubt the level of tracking in the world today. Because the proof is in the pudding.

Spoof Attack Theories

Thu, 14 Aug 2014 15:07:14 +0000

Oh hey. One of my theories about IP and attack spoofing being leveraged to make 'enemies' appears to be a real thing.. If you also thought it was convenient that attacks from "China" matched up with current global news, then got extra suspicious when "Russia" became a buzzword source of hacking theft claims, to match local and national news... you might be interested in Monstermind. This is a NSA project. Samba is likely a familiar topic for any Linux users, who interact with Windows environments. Last week or so, it was disclosed that an exploit allowing Root (superuser) access was found in the SMB equivalent, Samba. Also of note are the newer cars with big old exploit issues. Bluetooth running on the same bus as the steering and brake systems, is kind of a huge issue. Top models to be exploited are: [*]2014 Jeep Cherokee [*]2014 Infiniti Q50 [*]2015 Escalade TOR has been shown to be violated a few solid times now, but also in the last week or so, more info on the tainted endpoints has been covered. Also of note, Blackhat 2014 conference was within the last week or so. As this is where some of these conversations hit the public dialog. This may be a re-covering of the http://www.wired.com/2014/08/operation_torpedo/]malware that was planted on some Tor nodes to infect users, by that good olde FBI.[/url]

Domain Exploration

Tue, 05 Aug 2014 14:15:21 +0000

I may have noted this before, but I do quite a bit of local domain exploration, service detection, backup system verification, design and implementation. Finding devices and tagging them is a very helpful process, as I have seen quite a few 3rd party contractor run organizations over the years. The most fun part, is when you are local and have been asked to survey said network, you are within the letter of the law, able to help fix things, and in my case, having fun along the way. Common thread 01: Verify all backups. - You will be told everything is being backed up, but do not believe it. The tricky part in validating this, is knowing enough about the business systems to identify the types of data systems and file shares they utilize. Are the MSSQL driven, do they have file shares and DB pointers, etc. How are the backups run, what is being backed up, on what schedule, full or differential, local and remote backups? Especially in the realm of contractors, you need to validate all of this. I have seen many assumptions that "backing up the main file server" will catch everything. However in reality this tends to be false. Does the application or users rely on local information? Does that replicate somewhere? Virtual / DFS a factor too? As you can see, questions are a huge factor to mapping an existing network. Be polite to the prior contractor if you are able to obtain information before they leave. Even a subtle hint can go a long way. What backup systems are in use? Can you show me the main backups? This will establish the known systems and applications used for data backup. From there, I am currently mapping each server to backup systems. Since there are multiple backup utilities in place, I am logging use of each one on every server. Since I have some DBA experience, I find mapping each portion to be effective in delivering a more concise end-report. Think of it as System Normalization. Once the Server Side is mapped, I will correlate the Business systems to backup methodologies. Speaking of Business Systems / Application Data... Do not be afraid of working with end users. They will possibly and probably be your best indication of where information is being stored. Either by them telling you, or checking their mapped drives and local / web based application configurations. :) From Week 02 of my new gig. Tons of data and business systems here. As I have encountered many times in the past, the belief of "everything being backed up properly", is a huge bluff. Thank goodness at least most essential systems are here. Believe me when I have seen places with 0 active backup systems. Since I am an employee here, they will not get all pissed about me finding problems and resolving them. Interview wisely, my friends. There are many many many bad companies out there. Try to find the better ones, even if you go without pay for a longer time period. Your life and mind will thank you.

Java Error: could not open 'C:\...\jvm.cfg

Thu, 10 Jul 2014 21:53:50 +0000

When running java -version, I was getting an error Also before that, I was trying to run Eclipse and got . Since I am on a x64 OS, with the same builds of Eclipse and Java, my version error was the tip off. I used to have Java on this machine but had since removed it months ago. I am thinking this may be as to why the installer and java execution failed. TO resolve this, Delete the c:windowsjre folder. You should then be able to use Java again. Information from this link. Transcribed with my personal experiences. Prior Last installed version of Java: jre-7u25-windows-x64.exe Currently installed Java version: jre-7u60-windows-x64.exe

CISPA, SOPA, PIPA, CIPA

Mon, 30 Jun 2014 12:26:02 +0000

CIPA is the new iteration of the internet censor bill floating around. In politics, if you cannot pass a corporate empowering bill, you keep changing the names and hope no one notices it being passed. No commercials and plenty of content is what many know Netflix for. No wonder the RIAA and MPAA (Music and Movie industries) hate them so much. As for this bill, let us not forget the vaguely worded context and clauses to relay information to federal agencies. Also relevant, The Internet's Own Boy The Story of Aaron Swartz 2014 is out to watch.

InfoStuffs 2014-06-27

Fri, 27 Jun 2014 13:57:40 +0000

The topic name format will likely change, but yeah. Computers are a common part of many people's lives these days, yet there are many gaping issues that are finally coming to more minds as valid concerns. Especially the pocket computers, AKA Smartphones. Spying is a concern for some folks, since it used to only be suspected criminals, now a days, it is quite literally entire populations, if not the entire world. On that note, why is the ex-NSA General Keith Alexander running a 1 million per month security firm?. Personally I get a very Haliburton / Blackwater / Academi vibe. Call me paranoid. Also in the Gov't sector, the US Marshals Service is auctioning ~29600 bitcoins. Roughly worth $17.5 million USD. Flashback being Silk Road was the online drug retailer taken down by law enforcement sometime in 2013. Also of note, is when the BCC for all buyers turned into a reply-all and that list was leaked. Oops. Cryptome.org was temporarily taken offline for a 'malware issue' by their host provider. Cyptome has been disclosing leaked documents since June 1996. In entertaining news, World Cup Wif-Fi password for the security center was disclosed in a press article. If you are taking photos in a security center, check those screens for info you would rather not publicize. A 16 year old crafted a browser plugin that shows the financial contributions to politicians. You know mobile phones have been backdoored to spy on people, right? Well some good people are reverse-engineering those spy tools to try and defeat the methods used, and to further disclose their operations. Speaking of Spying, USA politics continues to be largely theatrical in restricting the bulk surveillance of persons around the world. Since the House of Representatives was called out for being really weak on their stance, they are apparently looking to cut NSA funding. If you are not concerned about spying yet, I really advise you to see what organizations are involved with NSA compliance. When software and hardware is deliberately weakened, these agencies are not the only ones with access. Then get into the vast amount of spying 3rd parties do under contracts, with an addition of Stingray (cell phone interception spying by false cellular tower) surveillance by local police departments (Guardian write-up). Thanks for reading this current events in security post. :)

Forum Intro (Security Events)

Fri, 27 Jun 2014 13:11:55 +0000

Think of this sub-forum as the Summer (in)security thread, but as this forum will display newest posts 1st, it will be vastly easier to keep on current dialog, without jumping through prior posts to current. I have been a fan of combing information security news and rss feeds for years. Largely because if a flaw is unknown then it gets a published release, you can bet it will be more commonly used against that package or program. Keeping up on things helps prevent intrusions and unscheduled downtime, as that is my intent to avoid dealing with both issues. As usual I will add some dialog and overview to the articles, to save you time reading them all, and possibly getting a chuckle out in the process.

Port Listing and MMC commands (Windows)

Sun, 15 Jun 2014 04:24:59 +0000

Bonus Port and Service info by command. Thanks to Vas.com for this syntax, you can get what ports are running and what those services and applications are. netstat -a -n -b -p TCP Running an Nmap will likely show the ports 49152 - 49159 running on a Windows system. On your scan (with -A scanning option) they will list as [Version]Microsoft Windows RPC and a [service]msrpc. The details on what is actually running on these ports, is provided via the above netstat command. As described in the above link, these are Event Log and other remote services & domain related items. As with most all of the .MMC options, you can execute them to load remote servers. I do this often in administration. compmgmt.msc /computer:"IP or MachineName"Chain these in a batch file if you have multiple machines to audit. Closing the MMC will open the next one in your batch list. For a list of .mmc objects you can invoke by command line, this list should do you justice.

Botnet infection sample and removal

Mon, 09 Jun 2014 17:08:37 +0000

Botnet Removal Overview This thread is an overview on how to detect, identify and remove a botnet infection. This is merely one example of such an infection. Honestly the main reason I was able to detect it (before it was added to malware definition databases), is because of it's aggressive processor use. Bitcoin miners are extremely intense processes, to 98% CPU usage stood out like a sore thumb. This will be a 5-step & thread process on how I went about checking around and figuring out how this bitcoin miner was operating. There are various ways to go about the same methods, but I am sharing mine, in hopes it helps someone remove similar trash in the future. I will make a post in this thread for each process, to help describe the methods used, and hopefully do so in a clear manner. Steps used: Suspect and Detect Network Traffic PID to Process Explorer mapping Service, Payload and Command and Control targeting Potential Removal As for any infection, you have to be formidably sure you completely removed the infection, otherwise you are waiting for more damage down the road. Do you wish to reinstall the OS, or do you feel confident the exploit has been removed? This question is especially relevant in the business environment. Luckily I saw this on my personal machine, so I could afford more time to debug what was happening and log it. The attached picture should make more sense as you read each progressive step.

Raspberry Pi

Mon, 26 May 2014 16:19:35 +0000

Howdy. I have been an owner of a Raspberry Pi here for a few months. I've tried a few of the distros such as NOOBS, RaspBMC, and Raspbian. You can pick from a quite wide selection on the Raspberry Pi site. My hardware with my 1st board was a Raspberry Pi 1 model B revision 2. Big SD Card and the lip to go with the power input side being shared. I was just trying to setup a Tor node with my device, but the mirror guide is out of date in the following guide. So instead I will continue installing SSH and things, from the Jan 2014 image provided at the download link. Just for interests sake, I was trying to use NOOBS 1.3.4 as a main OS functions. Performance spikes to max level doing web stuffs heavy in multimedia (aka facebook). It was nice to know the performance of NOOBS, so I am giving Raspbian a whirl for more function based uses. Have fun. If you have the sub-$50 to pick one of these up, I woud give it a go. SDFormatter is a handy application to have to bypass the Microsoft imposed limit, can make your SD card FAT32. You have many options for this, but on windows, large FAT partition making is limited by design. Quite silly, to be honest. Anyhow, copy the downloaded image onto the SD card, boot your device and you are installing an OS on your Raspberry Pi. For raw .img file, you will want Win32DiskImager to write the boot items to your SD card. Heads up that Raspbian looks to be the N00BS installer, unless I had those mixed up. I just put the Raspbian install on here now and it looks exactly the same as when I had N00BS on here.

MHL to HDMI

Mon, 12 May 2014 05:13:01 +0000

I recently joined the Samsung / Android mobile phone club. Being a curious person, I wanted to know about TV-Out options, as I saw the MHL adapters were a thing. (Mobile High-Definition Link) Turns out, you need to have a MHL compliant device for this to work Regular HDMI works OK. I had to install the included Samsung adapter. HDMI alone will not cut it, as the cable being connected does not detect as HDMI does on android devices. I picked an adapter up at the store and the salesperson told me "That adapter should work on any HDMI TV". So far, this is false. However the specs for the Samsung edition adapter say they work on a TV or PC monitor, so I would like to think that would work over USB. Here is a link to MHL specs on WikiPedia. TL;dr edition is that this is a video cable standard, the adapters have an inline connection for you to hook power up, and they are up to MHL 3.0 I am testing with a Samsung Galaxy S4 and one of the Rocketfish BestBuy branded adapters. (please see the bold portion. I have to use the included adapter for Non-MHL devices on my Samsung phone) MHL is actually quite nice. Vastly nicer than trying anything on an Apple mobile. On MHL you get: [*]Full screen mirroring. None of that only in video player or slide show madness on iOS. [*]Movie player support and audio output. [*]Landscape and Portrait support. Main desktop is only in portrait, but any and everything else seems to fully support going to full screen in 1080p. [*]So yes. If you wish to hook your mobile up to any HDMI display, get a MHL adapter, as the passive cables may only work on the MHL-compliant devices.

Heartbleed SSL Flaw

Thu, 10 Apr 2014 15:16:35 +0000

I am guessing you have heard about the Heartbleed SSL / HTTPS flaw that has been in the wild for around 2 years now, while being patched this week. Currently here nothing but the service level logins run on HTTPS (host), so users have nothing directly to worry about, short of the whole database being rooted and lifted away. Let me please remind you of good password practices. I use disposable and varied passwords online and otherwise. I really suggest you do as well. Avoiding dictionary terms is a good idea, using other languages should be a pretty decent protection, depending on the tenacity of someone's word list. Alpha-numberic and special characters are always a good precaution. Details on Heartbleed and where you should be wary, are in the link below. Heartbleed site list and precautions.

Bebop Box like Mobile

Sat, 29 Mar 2014 18:06:29 +0000

I wanted to have an Edward like rig for years, and recently I came into a laptop with a broken LCD and a PC LCD without a stand (I used the stand to replace my broken on on my 24" LCD). With these parts, I came up with an idea for a rig to meet this old desired build. :) Ghetto is the score, since I was using all items I had already, short of $5 bucks in mounting hardware. Part list: [*]Parts: (4x) 2 inch #8 bolts [*](4x) washers [*](8x) #8 nuts [*](1x) Hanger Strap pipe mount. 10ft package. Also, Milk crate, Monitor, PC, cables. :) Mounting hardware was around $5. Rest of items were spare parts, so no cost implied. [*]Works quite well. The crate is imbalanced with the LCD alone, so I put the laptop power brick on the back end of the crate. This balances the weight, then I put the laptop console on top and bam, I'm rocking. Cables route out the holes and I can stack the crates for variable height. All components bound to 1 crate, and also very mobile. The PC fits in the top of the crate sideways for travel. :bunny: [*]As you can see, the monitor is not completely level. This is how the VESA holes match to the grates. [*]

Spying by Government Agencies

Mon, 24 Mar 2014 01:09:21 +0000

I've been trying to keep up on things regarding information security for quite some years. Issues and concerns post 2001-09-11 (9/11 as the media calls it) had been a president for huge erosion of privacy for domestic spying on citizens, politicians and businesses. Over the last few years, these issues have been proven, but now thank to #SEA (Syrian Electronic Army), details and costs from Microsoft have been proven and disclosed on how this spying is happening and being itemized by the companies to respond to government requests, with a scope of how often this is / was occurring. Trade secrets have also been recently confirmed to have been stolen from major firms in other nations. As for Microsoft, they are charging $50 to $200 per request, totalling hundreds of thousands of dollars per month. Considering this is likely paid from tax money and unlisted black budget funds, it especially highlights the lack of oversight or consent that has occurred in this domestic spying process. It has been awhile since I had a heady topic on InfoSec here @ Funtime. That should do some justice. I have been having fun watching content be removed from my Facebook pages, with very occasional #FreeAnons info being blocked or removed on the Twitter. I'll add them to my profile details (On my Profile Bio page). We can be all social network spam bots. :ninjawub: However. FuntimeBliss forever. So long as I can pay the bill. I :pirate: private email.

Security & SXSW data

Wed, 12 Mar 2014 00:36:33 +0000

While my local posts have been light on the security front, I have been doing a bit of the data aggregation of content on social networks and a bit of testing of my own. Recent subjects here cover removed content on these networks and spring boards into becoming the new propaganda mechanism to replace the television. #JustinBieber, so on and so forth. I got to explain what a hashtag is to my grandparents yesterday, that was quite funny. Speaking of the subject, do not forget that Windows XP end of life support is coming quite soon. April 8th 2014 to be exact. I have deployed some 2012 Server installs. Granted I had to regHack 2008 compatibility back in quite a bit, largely because Windows 8 removed the config options, but the registry remains intact. Core services tend to operate as in 2008 / 2003, for the most part. Anyhow, Enjoy some Snowden and Assange talks. You are likely aware of the global surveillance happening, that has been for a decade or so by GCHQ and NSA. These talks from 2014-03-08 will encapsulate the current state of these. Keep on keeping on friends. :) (Julian Assange @ SXSW) (Edward Snowden @ SXSW) These are remote videos, because both are in exile.

DNS Router Malware

Tue, 04 Mar 2014 21:32:45 +0000

Check your DNS servers, because many vendors have exploited flaws that allow the routers to be changed to new DNS servers. Man In the Middle, yeah an alternate DNS server will certainly allow this type of attack. 300,000+ Routers Hijacked

Card Prox RFID Fun

Sat, 01 Mar 2014 05:41:46 +0000

Hey. I may have worked in the badge industry, so this video I came into about Prox and RFID card cloning and ID collection is pretty enjoyable to me. Card Formats for building access, and many other cards like Credit Cards are into this stuff. Quite silly because the old technology is in fact quite active, as of a few years ago when I was working that environment. Facility Codes, Badge Numbers and Card Formats. Such common terms we used. Especially when migrating an old system to your software platform of access control. I did not do this talk, it is really good and hits on many terms and topics. Highly recommended if you are into the subject.

Linux - GRUB Changing Boot order

Fri, 17 Jan 2014 00:44:43 +0000

The methods for modifying your default system start have changed quite a bit over the last few years. I will add more details to this thread as I experiment, and this will be my main source, for it is written up very well and loaded with info! https://top-hat-sec.com/forum/index.php?topic=3813.0 - Actually, I just edited the "set default="0"" parameter to define the default option. Zero index, so count the menuentry item you want 1st, then subtract one from it and change the param. Spoiler edition / TL;DR [*]open your grub.cfg, but do not edit that file (command) gksu leafpad /boot/grub/grub.cfg [*]search for menuentry in this listing. Find the OS choices you want. [*]open 40_custom and add the menuentry items in the sequence you wish to have your boot order (command) gksu leafpad /etc/grub.d/40_custom [*]After pasting in the proper and desired 'menuentry' items, save the file. [*]Backup grub.cfg to a sub-folder and remove it from /boot/grub/ folder. [*]Also backup into a sub-folder 30_os-prober & 10_linux (then remove from main folder) which can be found in: /etc/grub.d/ [*](command) update-grub [*]Reboot and see if it worked gksu may be redundant as root, but it is a good practice to be in, for other distros as a regular user level account. The guide also covers custom splash screens and stuff. Fun, but I have some other things to finish up on first :)

Acer Tablet Icona A500

Wed, 25 Dec 2013 21:12:29 +0000

Project to resolve a hard lock screen issue. Quite a few people are also seeing this issue over the last year. Work in progress. http://community.acer.com/t5/Android-Tablets/Iconia-A500-frozen-at-Acer-logo-boot-screen/td-p/7171/page/4http://community.acer.com/t5/Android-Tablets/Iconia-A500-frozen-at-Acer-logo-boot-screen/td-p/7171/page/4 http://community.acer.com/t5/Android-Tablets/Iconia-A500-frozen-at-Acer-logo-boot-screen/m-p/107683

How to Hacking

Mon, 04 Nov 2013 15:18:58 +0000

I shared a brief opinion on how to get into hacking and it got a few favorable replies. Sharing because it's more a state of mind and lifestyle choice, than reading a guide and following steps. This will not have you making animated GIF viruses or logging into remote systems, but it's a legit method for learning more about things and having fun in the process. Luckily I've been of the quoted mindset since before I can remember. I'll thank Atari and Nintendo. Those games were damn hard to play when you are in single digits of your life :wub: If one of your thoughts or ideas for something fails to work, you may find that technique help on some other later project. Think and explore. Of course you can also read guides and videos, just be sure to put your own spin on it and think about why what worked, and what else might also.

RAID0 SSD configs (and post RAID benchmarks)

Thu, 19 Sep 2013 17:37:59 +0000

Howdy and Yo. This thread is about my experience with RAID0 and my current plans to break my array and just run from a single drive. Reading around my hardware threads since I built my current rig, you'd see I started with 2x 90GB Corsair Force GT drives and also have a single Samsung 840 Pro SSD. My main reason for breaking the array combos up with: a. One of the drives is giving a 'S.M.A.R.T. Event (0)' but it is still currently functional. b. Cannot see my RAID array in Linux via the Intel SSD controller on my motherboard. c. Updating Firmware and having TRIM support on RAID0 arrays doesn't really work well. This seems to be the case across the OEMs, not just with Corsair & SandForce chipsets. Instead of trying to port my current OS install, I'm just backing up user data and reinstalling fresh. Biggest time sync will be re-downloading Steam and other games. :p On the upside, I will be looking to pop the non-error 90GB SDD into my PS3. I hope to make GTA V real happy like. :D (SSD installed in PS3) Only 1 second quicker initial game load up. XMB is much faster however. PC wise I would say I hardly notice a difference back on one SSD, instead of RAID0. I noticed slightly more "hourglass" time on a reboot after logging in, but I was also installing a ton of Windows updates after the fresh OS install. Adding the previous SMART event and other trade offs from running an array over a 2nd drive, I say one is fine for my purposes and having better feature and fail-over support. PC applications do load slower enough to see an hourglass. Firefox is my most visible (and only actual one I noticed) case of this. Besides that I say GIMP loads exactly as fast. YMMV, but this Samsung 840 Pro is otherwise mostly equal to the Corsair Force GT's in RAID0. ATTO Benchmarks for each SSD in single drive mode. Additional info can be found in my SSD vs Benchmark thread from April. I am lazy, so the C: photo is the Samsung, G: is the Corsair Force GT single drive.

Windows 8 and 8.1

Wed, 18 Sep 2013 22:19:19 +0000

I'm working on a Windows 8 PC for someone and was curious when the Windows 8.1 update is expected out. That will be http://www.techradar.com/us/news/software/operating-systems/windows-blue-update-to-build-on-and-improve-windows-8-1131737]October 17th, around 4am PST.[/url] I'm not a huge Windows 8 fan by any means, but since the OEM market isn't giving anyone a choice in the matter anymore, not much I can do about that. Gotta learn new stuff to stay relevant. Part of my ethos in effect. :)

Job Bunt

Wed, 28 Aug 2013 12:35:05 +0000

I am staying in my local region, but am entertaining new job offers. More likely, I'm just going to be my own business. I tend to have a higher dedication to functionality than most people I encounter in the industry, IRL. I will contract out and highly prefer not loosing tons of money on gas and travel. I skill out pretty fierce and tend to deliver on end products. I do lots of hardware, support, deployments and some data parsing. Cleaning those record sets that make most DBAs cringe, thus I clean it for porting. Dorkin for life. Sent my applications out. Looking to put in some real work, not bluffing all day in a cubicle. [Pardon the hardware spam. Sub-feed to my forum feed domain]

Partition Recovery

Sun, 18 Aug 2013 14:24:28 +0000

I recall this question coming up before but never could find the old thread, so here's a new one. The situation is one of your HDDs gives you the dreaded 'unallocated partition' display in Disk Management, as you were wondering why you had no partitions display for that drive. You likely have a corrupted boot table, but fear not (yet). You might be able to run TestDisk to fix that partition table and get back into your prior files, completely intact. Read the wiki carefully before running the program, since partition writes are something you don't want to do on the wrong drive and paying attention may pay off nicely for you. It would appear you need to run this program sequence for each partition to be restored. To be safe, I recovered the 1st partition and am migrating my data, before restoring whatever is on the smaller 2nd partition. Happy Data recon and partition recovery. :wub: edit: As for the 2nd partition, my issue actually comes from reporting that the end and start of the 2nd partition intersect one another. Mighty glad I backed up the 1st data partition before getting data from the second one. To recover the 2nd partition, I used the browse option in TestDisk ('P' to view files I think it was). When viewing the file structure, you can select the folder and copy it to another disk on your rig. Be warned, the file browsing folder recovery is a very slow process. Just under a 1000 files around 80GB, took probably 6+ hours to copy by this method. Despite being slow, all files did copy from the sub-partition successfully. That old drive needs a repartition, of only 1 for that drive. :p

Microcell / Femtocell 3G Booster

Wed, 24 Jul 2013 14:41:47 +0000

Over the last couple years cell coverage in my area has dropped off to very erratic and poor quality. After a few calls to the cell lords (AT&T in my case), I was able to obtain a Microcell / Femtocell to boost the cellular signal. These devices work by connecting to your internet and using it to boost and connect to 3G service, as a mini cellular tower. Range is probably about 80 ft? My driveway gets spotty coverage while the interior of the house is completely covered, from my testing and memory. The reason the device was requested, is because I'd see SMS be delayed by several hours and a few dead spots in my house. This device has been active at the pad for somewhere over a year. Fast forward to current and I have the issue of this device not playing nicely with my ZyXel USG 20. Even after putting the device on the DMZ, mapping specific then ALL ports access to this device, it still trips out maintaining a connection. When using a Cisco / Linksys Router I had no issues, but there is far less traffic filtering going on with that device. Just to CYA, I mapped my DMZ LAN to 192.168.0.x, as was the subnet on the Linksys. Still no dice. Currently, my only confirmed fix appears to be hooking the modem up directly to the Mcell. Obviously I'm not too keen on my firewall needing to push all traffic through the Mcell. Having matched the port mapping requests on the YT page for support, I still look for a resolution without gimping my network configuration. . I do have yet to confirm my MTU setting, IPSEC Pass-Through is enabled and Block Fragmented Packets is Disabled. Have to confirm my device calls these the same acronyms. Edited to note, I have pulled this device off my network completely. It was spiking my connection down to 2Mbs / 0.5Mbs levels. Eating about 80% of my bandwidth. Dealing with 1 to 2 bars and occasional dead spots instead. Especially since your phone provider counts Mcell data as mobile use, despite it all funneling off your personal broadband connection.

ZyXel USG-20 firewall

Fri, 19 Jul 2013 02:55:12 +0000

Wanted to get a thread going for this device, as J0k3r suggested this device and I recently got one for home. Our banter started in this thread. Since I'm a self taught network dude, it took me a bit to map my VLANs happily and to get wifi back up with my old router as basically a Access Point Switch. Device worked great out of the box. My questions came up when trying to open some ports. After talking to ZyXel tech support, I found out how to properly add a NAT rule to accompany my Firewall rule. Once I bound the NAT properly, I was rocking. Device is diesel. I'm testing wifi side on my mobile, so I'll retouch this thread on a keyboard. Highly recommend this device. Seeing how many funky packets get shot down from sending to my network, has surely been interesting. :) I know benchmarks for my WAN aren't super relevant, but hey, here they are. Desktop be like: Mobile be like:

Autodesk support

Wed, 19 Jun 2013 19:08:48 +0000

I searched but didn't see a dedicated thread, yet made. Welcome because I've found some silly things in supporting Autodesk / Autocad environments over the last year+. Today's issue was relating to an error 29001 and 500.21 error coming from IIS. My Server OS is Windows 2012 x64 and software in question is Autodesk Vault Basic 2013. Below is the dialog box verbage I was given. Let me also state that the installer for 2013 Vault will bark about the IIS version before it starts to install. To move past this, just stop IIS, recheck requirements in the installer and it should now pass. Click Next / Continue once the pre-install check is clear, then Start IIS back up. IIS 8.0 is not properly read by this installer, so it assumes it's a conflicting web service. Once proceeding beyond the requirements check, I got the error 29001 as quoted above. Searched the internets, but found most info related to an older installer or another operating system. All in all, no dice. Per frustration, I tried the Vault Basic 2014 installer and only had an error about ASP test failing... hmm. So, to fix this up, you'll want to Add Roles and Features to your Server 2012 install. Under Web Server, you'll want: [*]ASP.NET 3.5 [*]ASP.NET 4.5 installed. Selecting these will also add some prerequisite packages, you want to do this too. Doing this enabled the 2014 installer to pass the pre-install check without issue, so I thought why not try the 2013 install again? Worked this time for me. Fantastic! Other steps I took, based off previous issues was to modify the IIS Application Pool. Disabling 32 bit mode was a thing I had to do previously for Vault 2013 installs, so I applied the same to this install. Merry Autodesking and Good Luck!

Summer (in)Security 2013

Thu, 13 Jun 2013 12:41:27 +0000

I return from Holiday and am catching up on security news. I'll update this thread as the day and season proceeds. Stay Frosty. :shank: Microsoft hijacks domains in attempted botnet takedown. The problem here, is how disruptive this effort was and the security researchers it screwed in the process. NSA is Balls Deep in 100% Verizon call monitoring and far beyond. Image attached is from EFF article. Shit is out of any sort of logic or reasonable action, by our Gov't Overlords. Thank you Mr Snowden, for peeling away the veneer of privacy bluffs. In the UK, A Bank lost 74 laptops, over 6000 accounts and 20000 user records. Asset Manage, much? Guess not. Personal experience: Apple sessions can be hijacked. Unless a friend's kid grabbed my phone and somehow guessed my iTunes password, I saw a 'Blackjack' program downloaded to my phone while on Holiday. I deleted it to see some mandarin text show for the program description. I was unable to report the program as a security exploit. So all is not flawless in the land of Apple, as the same for Android devices. Like kernel flagging level exploits In a sudo-humorous result of the NSA sniffing, Cloud Storage is just about as insecure (business especially) as we feared. So I guess the EU wants to behead 'Hackers'? How else can you increase the penalties? Back on the global auditing of the internet by the US, I'd advise joining Mozilla and friends in signing the petition against the NSA auditing.

Windows Server 2012

Tue, 28 May 2013 15:35:26 +0000

I avoided Windows 2012 due to the same crap moves as Windows 8, but I'll be damned as there are some 2012 servers in house now. Seriously. Using a server without a start menu and needing to do the top right corner thing for tiles, is a complete pain in the (counter-intuitive) ass. On top of the basic failures there, Exchange 2013 is pretty much a hot piece of shit. Exchange 2013 is like 'Admin interface? Oh you mean login to a webpage for a sudo-office 365 experience'. Needless to say, I'm not a fan. I support change when it makes sense, but when you are making shit harder to navigate for the sake of a new release, fuck you. That's my love letter to Microsoft on the 2012 - 2013 releases. Stop smoking meth and making shittier programs. It's not cool.

Corsair ForceGT RAID0 vs Samsung 840 Pro

Thu, 11 Apr 2013 16:38:43 +0000

Welcome to another 'nontraditional' look at benchmarking drives. My scope in this testing was to see what SSD configuration benefited the most from running on SATA3 / 6.0Gb/s and SATA2 / 3.0Gb/s ports. I'll put a link in my Signature with PC specs, but I'm still rocking the ASUS P8Z68-V PRO/GEN3. My means for testing between SATA3 and SATA2 speeds is due to my motherboard only having 2x Intel SATA3 ports. Why not use the Marvell PCIe SATA 6Gb/s controller? because it sucks. You are welcome to try it over the Intel ports, but I came to the same result as most, as it is bolded. The Intel SATA2 ports will perform better. As you will see below, really the only benefit the 2x Corsair drives gain on SATA3 ports, is a bit higher throughput. Benching across utilities and trying real-world load tests, the difference was moot, imo. This resulted in my leaving the RAID0 drives on SATA2 ports, while putting the Samsung 840 Pro 256 GB onto a SATA3 port. The Samsung and it's newer tech just got far more benefits from doing so. Please also keep in mind I got the Corsair drives little over a year ago, while the Samsung is about 2 weeks old to me. I'd also like to add this info about the benchmarks to follow, as it explains how each benchmark does, or at least used to work. Thank HW Secrets (Corsair Force GT vs Force 3 review) Back to the cut of my jib for this thread. SSD Specs: Corsair Force GT: SandForce SF-2200 SSD controller Memory: Micron 29F64G08CBAAB NAND Samsung 840 Pro: Samsung MDX SSD controller Memory: 21nm MLC NAND I'm uploading benchmarks for your review, but the slim of it is that the Corsair drives suffer no real loss in performance short of sustained writes. In my experience the IOPS involved with Read and Write operations make far more of a benefit in respect to sustained data rates. Thus why I have decided to keep my RAID0 Corsair drives on SATA2 ports, while keeping the Samsung on a SATA3 port. Namely, because the enhancements of the Samsung 256GB drive are beating the Corsair 90GB x2 setup of my RAID0. SSDs also benefit from the larger memory sizes, so that's part of the scenario here as well. When the Samsung was put onto a SATA2 port, it saw large drops across the board. It won priority for my limited Intel SATA3 ports. Turns out I missed a few 1 to 1 screen caps to match for ATTO, but the drop off should still be apparent in the other programs, as I was seeing 50% drop off on both drives with ATTO.

Java updates

Tue, 09 Apr 2013 12:46:31 +0000

I wanted to share my encounters with Java 7 update 17, aka version 1.17. It may have been a previous version, but the 17 update looks to silently remove any JRE6 folder paths from your machine. Run some web-based queries or sites and you'll find the details of what's missing hiding in the broken functionality. Sharing for anyone who sees previously working java applications die out. Square one is to check for what Java version is installed and when it was so. I updated to 7v17 on Friday, so I had a few hours of tracing out my mistake. :o Remove latest version and reinstall a compliant 6.xx build and you are back in business. I would still Disable Java in the Web browser when and wherever possible. You can do this via Control Panel | Java | Security Tab, on your windows based machines.

Antec Nine Hundred Two V3

Thu, 04 Apr 2013 12:26:22 +0000

As someone who had a 7 year old case prior, the Antec Nine Hundred Two V3 is pretty much amazing. Better yet, it appears I got it for a good deal @ $99 locally brand new on a clearance deal. My old case is an Antec P180 that has served me pretty well. It's likely to become a server case at this point. While the new case is a little smaller in external dimensions, the features and accessibility of the 902v3 are overall way more accessible and easier to work with. I am the biggest fan of: Open backplate behind motherboard CPU mount. 3.5" bays removable from front of case, via thumb screws. Plenty of included fans and great airflow design. Front buttons and USB + Sound connections on top front of tower. Plenty of device mounting options. Blue LED fans with integrated rheostats for included fans. Side panel with window and 120mm fan mount. USB 3.0 front headers In the event you have been rocking an old case, I'd recommend checking out the newer options. I built a new rig for one of my friends and this enlightened me to check out an upgrade on my case.

EVGA UV Plus+ Pimp Machine

Thu, 21 Mar 2013 18:23:25 +0000

Link to the sex machine Just had one of these delivered and the little bastard is awesome. If you have a display to spare, and no available outputs for it, this fucker has your number. And it works really, really well. It's running a 1080 panel on my rig atm with minimal cpu usage over usb 2. It even handles shit like youtube fairly well though I'd never use it for that. The USB cable it requires kinda sucks (finicky connection). But fuck that, for as long as it's connected it will rock your world. Dunno about nix support yet. Could get the most out of it with a tiling window manager but man this thing is pimp regardless.

BSOD on Laptops after late Feb update

Tue, 19 Mar 2013 12:48:18 +0000

Working my way through an issue with a laptop that started BSOD rebooting after install of Windows Update KB2670838. Apparently hybrid video solutions (Intel on CPU video and ATI/Nvidia GPU) on laptops are a common on some laptops release in the last few years. If you can stay booted long enough, try removing the update in Programs and Features under Installed Updates. This should work in Safe Mode too, but if you have to remove Intel HD or ATI drivers, you will not be able to in safe mode, due to their installer methods. Fair warning if any laptops start acting up, especially in droves. Time frame is roughly the end of February 2013 when this update started being pushed out by updates. EDIT: I think a another person I know is experiencing this. Having them just try the update removal, because I think the other person's PC is also reacting to a USB DisplayPort docking station.

Video Card Compare

Tue, 29 Jan 2013 16:20:21 +0000

If you are curious on a quick and handy means to compare video cards, to get an idea of how much performance per dollar you can afford, I recommend peeping Bench (compare of 570 GTX vs 660 TI). You can also compare CPU, SSD, along with some mobile devices and laptops. AMD and nVidia cards are listed. Bench is handy for getting a rough idea of performance from their benchmark record sets. I would also confirm what you obtain from there, to check additional benchmarks to confirm any suspicions on performance. This will help you decide if the performance gains are worth some extra loot or not. In the linked case, we are talking about ~$70 bucks for the listed performance gains (and raw decoding performance drops) on the 660 TI model cards. Thanks to this tool, you can get an idea of how to invest that extra loot. Be it in the GPU or otherwise. Considering I have a few requests for new builds for friends, I'll be throwing them said links to help make a call on that front.

Object Flicker on latest nVidia drivers

Thu, 24 Jan 2013 13:37:09 +0000

Let me start by saying this is my observation with using the 310.xx series (310.70 and 310.90 as of this post date) of nVidia drivers on my 570 GTX. The issue that I address (and have seen in earlier drivers) relates to textures being displayed with quality issues, relating to specific objects. My video card model is MSI N570GTX Twin Frozr II, running default clocks and reaching a full load (in-game) of 65 C. I share this, since some of these issues sound similar to old school video overclocking issues. I do have my CPU overclocked to 4300 MHz. This is on default voltage with only modifier being changed. I did however confirm the issues still occur at stock CPU frequencies. By reading that, you could guess this is pretty enigmatic to confirm... until drivers 310.xx came along. Reading the summary release notes on the download page, you will see the % performance increases for some newer games. I have come to my own conclusion that this comes at the cost of disabling, less commonly components to boost the overall FPS output in certain games. My control for tying this to the 310 series of drivers is thanks to the Final Fantasy XIV Benchmark. (FTB Download Link) The telling indicator is at the end of the 1st custscene, where it puts the camera behind the standing character model. You want to look at the goldish-yellow bottle on the table. If you see it flickering, check to see if you are on 310 series drivers. I was able to downgrade drivers back to 306.97 and the flicker has gone away. I will try to do a fraps rip to give a visual on this issue. Far Cry 3 seemed to also suffer from a little of this, and what was prompted me to roll back my video driver to 306.96. The signs I was seeing here were some odd object pop-in, that looked like mis-rendered objects, that shortly afterward corrected themselves. Another fairly recent game that also has similar issues, is Deus Ex: Human Revolution. The HR issue tended to show up with awning like models. What I would see is kind of like a broken reflection on the texture. Only came up in certain areas on specific objects. Anyone else able to reproduce or at least confirm some of these theories is welcome to share feedback. I'll try to gather more information, as I've gathered enough info to semi-intelligently track these issues. Video rip by phone of flicker, as I mention in next post that Fraps video rip doesn't capture flicker.

Task Scheduler skips scheduled jobs

Wed, 19 Dec 2012 14:30:58 +0000

Allow me to try and save you some time. I've had an issue where Task Scheduler on Windows machines will run a scheduled task fine if you manually Run it, but any Next Run Time scheduled items will be skipped and unlogged by Windows. The Task History would also log nothing for the skipped 'Last Run Time' process. Trying to find info on this issue was largely unhelpful. What I had were jobs that failed to execute as defined by schedule and/or triggers, but a right-click Run for said tasks was fine. It turns out my issue was related to a Task with a Pending Status. I tracked said process down in the following tree: Task Scheduler Library Windows Live SOXE Task name: Extractor Definitions Update Task I ended up having to disable this task, as trying to end it, left it in a Pending state. Upon disabling this I got ~21 'Application1' named windows erroring out, that looked like my cmd tasks scheduled into oblivion. Closing these error tasks, I jumped back to my main Task list. To my delight, the custom and desired tasks returned to running on their correct, automatic schedules. Hopefully this helps you in any instance where Scheduled Tasks do not run, on a Windows box. TLDR; Check entire TaskScheduler for any Status = Pending tasks. Try to end them, if that doesn't work, disable said task. Mystery fail jobs should return to auto-executing.

New Internet Speeds

Sat, 06 Oct 2012 05:20:14 +0000

w00t Line is actually a 75/35mbps but i cant seem to find a speed test to show me the full speed except for verizon's.