2015: The Future is Now

Let’s start looking at the future of the IT Security landscape by reviewing the past. I made some predictions last year for InfoSec Institute. The article started off with a clever disclaimer that all subjects in the IT Security world are new and are still pioneering in their fields, so that anything can happen within a year.

Looking back, though, most of my predictions happened as expected. The ongoing politics around cyberwar and privacy, the increase in organised cybercrime, the increase in the use of encryption and biometrics: it was all there in 2014. What many did not expect last year, however, is how fast the developments would actually take place. This is not only promising for the acceptance of cyber risks and the need to control them; unfortunately it also shows how vulnerable we have actually become to relatively simple attacks.

Share on Tumblr

Recover Public Folders in Office 365/Exchange 2013

One of our clients had a very scary experience today when a whole bunch (15GB+) of Public Folders went missing, gulp!!!

They started off recovering from deleted items using Outlook, but this was painfully slow, luckily enough that gave them enough time to find the following article:

http://blogs.technet.com/b/exchange/archive/2013/08/23/recovering-public-folder-information-in-exchange-2013.aspx

But they weren’t confident enough to fire up Powershell and script the recover so we dived in….

Install and Configure Windows PowerShell

To configure additional options for Office 365 you’ll need to make sure PowerShell is installed and configured as per http://help.outlook.com/en-us/140/cc952756.aspx, Windows 7 has the correct versions installed so just make sure you enable scripts to run by running the following PowerShell command:

Share on Tumblr

Reset Local Security Policy Windows Vista 7 8 XP

This is a very useful command to remove any Security Policies that have been applied to a computer previously on a domain.

When removing a computer from a domain, there can be various settings that get left behind (password complexity requirements, User Rights Assignments etc).

To remove any left over Security Policies on a PC, open a command prompt and run the following command:

Windows XP:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Windows Vista/7:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

This will take a few minutes to reset all the policies back to the Windows defaults.
Restart the Computer.

Share on Tumblr

SpamHaus SBL Checker PHP Script – Takes domain and returns number of assigned SBLs and total blocked IPs.

This is a very nice script written by D. Strout over at VPSBoard.com here. Be sure to leave him some feedback and comments about it. Let us know how you have used it or even modified it for your needs.

Share on Tumblr

CPANEL/WHM: FAILED: cpsrvd on web server

We had a client with OpenVPN setup on a CPanel server and they kept getting these alerts. We decided to do some digging.

The IPTables that they were running for some reason created a route issue.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
 iptables -A FORWARD -j REJECT
 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
 iptables -t nat -A POSTROUTING -j SNAT --to-source SERVER-IP

Here’s the failure in /var/log/chksrvd.log:

Share on Tumblr

TUN/ TAP script for OpenVZ SolusVM

echo "Enter the container ID to activate TUN/TAP on:"
read CTID
vzctl set $CTID --devnodes net/tun:rw --save
vzctl set $CTID --devices c:10:200:rw --save
vzctl set $CTID --capability net_admin:on --save
vzctl exec $CTID mkdir -p /dev/net
vzctl exec $CTID mknod /dev/net/tun c 10 200
vzctl exec $CTID chmod 600 /dev/net/tun
vzctl restart $CTID
Share on Tumblr

Using Powershell and Quest ActiveRoles Management to get User Information from Active Directory

From time to time, either for troubleshooting or information purposes, there exists a need to get certain user information out of Active Directory. Though Microsoft has a bunch of great commands that query AD, I had run into a third-party software that met my need of getting information quickly. Quest  has some great free Powershell scripting tools that help users get certain information out of Active Directory.

At this time, I needed to pull a summary of certain user’s accounts for auditing purposes and decided to script something together that would at a glance display pertinent information.

Share on Tumblr

Remove Windows 8 “Metro” Apps

To remove an application with PowerShell you need to do two actions:

  1. Remove the provisioned package
  2. Remove the “installed” package from the user account.

To remove the provisioned package you use the command Remove-AppxProvisionedPackage (Microsoft) and to remove the installed package you use the command Remove-AppxPackage (Microsoft.

According to Microsoft, the Remove-AppxProvisionedPackage cmdlet removes app packages (.appx) from a Windows image. App packages will not be installed when new user accounts are created. Packages will not be removed from existing user accounts. To remove app packages (.appx) that are not provisioned or to remove a package for a particular user only, use Remove-AppxPackage instead. (link)

Share on Tumblr

Powershell Script – Remove ALL Windows 8.1 Apps and App Store to clean up

Tired of all those annoying Windows Apps that cause security issues and other problems and annoyances?

This script will nicely remove them all for you automatically.

foreach ($ID in $IDs)
{
#check id is in the range
if ($ID -ge 1 -and $ID -le $apps.count)
{
$ID--
#Remove each app
$AppName=$apps[$ID].name
if($PSCmdlet.ShouldProcess("$AppName"))
{
Remove-AppxPackage -Package $apps[$ID] -ErrorAction SilentlyContinue
if (-not(Get-AppxPackage -Name $AppName))
{
Write-host "$AppName has been removed successfully"
}
else
{
Write-Warning "Remove '$AppName ' failed! This app is part of Windows and cannot be uninstalled on a per-user basis."
}
}
}
else
{
$errorMsg = $Messages.WrongID
$errorMsg = $errorMsg -replace "Placeholder01",$ID
$customError = PSCustomErrorRecord `
-ExceptionString $errorMsg `
-ErrorCategory NotSpecified -ErrorID 1 -TargetObject $pscmdlet
$pscmdlet.WriteError($customError)
}
}

Share on Tumblr