Machine ID
To get a unique Machine ID, use these commands. PC: Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Cryptography -Name “MachineGuid” MAC: ioreg -d2 -c IOPlatformExpertDevice | awk -F\” ‘/IOPlatformUUID/{print $(NF-1)}’
Category Archives: Security
AD: BitLocker Recovery Key
Many laptops ship with BitLocker enabled by default. Without the key, there is no possible way to access the data in the event that the PC fails. To Backup this key run this in PowerShell: manage-bde -protectors -get C: The Key is stored in AD and can be viewed with his: $objComputer = Get-ADComputer LAP001 $Bitlocker_Object = Get-ADObject… Read More »
WordPress Hack
Hackers first try and access the users database at: /wp-json/wp/v2/users/. If successful you next see repeated attempts to log on to the site, reflected in hits on /wp-login.php & /xmlrpc.php. This is what a WordPress brute force attack looks like: As you can see these hits come from all over the world:
Remote Connections
These PowerShell scripts list the remote IPs connecting on 443 , while filtering out local IPs and devices on ATT (107.77)
Carrier Network IPs
Cellular providers use specific IP ranges that can be filtered.
AnyConnect Password
The Cisco Any Connect Client does not allow you to save a password on the client. This code when saved as a .vbs file will let you get around this. Be warned that the client’s password is saved in clear text in the file. I hide the file in Drivers and create a shortcut to it with the… Read More »
SMG Queue – 450 4.4.1
If you are seeing the following error, on messages in the Symantec Messaging Gateway queue: 450 4.4.1 [internal] Connection Timed Out These messages are being interrupted during transmission. This leads to the sender receiving a delayed delivery notice. This is caused by something in the message being rejected by the Cisco router during inspection of the traffic. To… Read More »
VPN Interface MIA
If the Cisco VPN launches, but no window appears delete this file: C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.ini
Home Ed. in a Domain
You can connect a Windows home edition PC to a domain as follows: Change the PCs workgroup to the domain name (pre-Windows 2000) Change the local username and password to exactly match a domain account. The PC should now have full access to Outlook, network shares and printers without entering credentials.
Symantec Features
This post details the features of each product we deploy: https://support.symantec.com/en_US/article.INFO3162.html
Brightmail Antispoofing
There has been a rise in the number of instances of email addresses being spoofed. A new technique of masking the sender address by adding a “direct reply to” address, has increased the likelihood that a user will be fooled. The real sender address can only be detected when the user hits reply, at which point the new… Read More »
Reverse DNS
Reverse DNS or rDNS is one of the older methods used to verify an email was sent from the domain. It is a record created by the ISP and not the DNS records associated with the domain. It should be setup anytime an ISP is added or changed. Each ISP has their own way of setting these up… Read More »
Convert .pfx to .pem
Download and install OpenSSL then run the following: openssl pkcs12 -in “certificate.pfx” -out “certificate.pem” -nodes
Scan to Email
Find the Scanners IP For a local scanner find the LAN IP of the Scanner For a remote office: Find the external WAN IP of the office via www.aboutmyip.com Go To: Exchange admin center>MailFlow> receive connectors Find the connector that works on port 25 and go to scoping Add the IP From step 1 to the section:“Receive mail… Read More »
Ajera Passwords
The next update of Ajera 8.10 will require more advanced passwords. The requirements: Minimum of 8 characters An upper and lower case letter A number A special character
Amazon and the cloud!!!!
Do not blacklist *@amazonses.com as companies such as Expensify and Adobe have begun using them as a mail provider. At the same time DO NOT whitelist as it is a notorious source junk.
Disable Aggressive Mode on Cisco ASA
Configuration > Remote Access VPN > Network (Client) Access > IKE Parameters > Check the box where it says “Disable inbound aggressive mode connections (IKEv1 only)
Workgroup & Outlook
It is possible to totally eliminate the outlook log on requirement when a user is on a workgroup PC. 1) set the workgroup name to match the pre2k log on domain that hosts the exchange server. 2) Set the user name on the users local account to match the user name in AD. These settings cause Outlook to… Read More »
Verify SSL Certs
Qualys SSL Server Test I tested a site with a DigiCert SHA2 Extended Validation Server CA and only received a “C” rating. See the links below SSL3 notes, RC4 in TLS notes
Delayed/Rejected Emails
Apparently some mail servers/spam appliances are using a Cisco service that monitors email and web traffic. http://www.senderbase.org/ punch in your IP and find out what they think of you…. I have yet to figure out what to do about things like a “Neutral” rating which apparently will get you bounced. (Please add any info if you find it)… Read More »