I have created a script that allows silent deployment of the newest AIM client using powershell remoting.
Excel sheet navigation got you thinking “did I buy a fuckin’ Mac?”
HKEY_Current_User\Software\Microsoft\Office\16.0\Common\Graphics Name: DisableAnimations Type: REG_DWORD Data: 1 (hexadecimal)
Drove me f’in nuts.
Check out a great write-up on how `docker` functions that I was referred to by some random dude in the #docker channel on freenode. nschoe is very helpful.
Pardon the stupid title of the post for SEO.
In regards to this weeks water cooler exploit, CVE-2017-3823, I have essentially ported a Tripwire definition to produce a report for Cisco WebEx versions on a bunch of PCs pretty efficiently.
This utilizes the admin share versus using powershell remoting, but the logic should be able to be easily changed.
Please take a look at the github gist.
I was installing a Sense unit into my breaker panel and was repeatedly breaking the master power (yes, I probably should have unplugged sensitive equipment). It turned out that the file system on my new SG-2220 pfSense appliance from NetGate wasn’t a huge fan and the system would enter a kernel panic upon boot.
I grabbed a USB cable with a mini-b plug and used puTTY, 115200 baud, 8-N-1, as directed in the user manual, then performed the following steps to backup the config (which includes the certificates!), and then fix the file system:
#https://www.netgate.com/docs/sg-2220/connect-to-console.html #at pfsense boot time, boot into single user mode #plug in a usb stick #https://forums.freebsd.org/threads/4501/ mount -t msdosfs -o large /dev/ad6s1 /mnt #https://turbofuture.com/computers/How-to-Backup-and-Restore-Configurations-in-pfSense #http://hints.macworld.com/article.php?story=20100212171620210 #https://forum.pfsense.org/index.php?topic=40696.0 cp -npRv "/cf/conf" "/mnt/cf_conf/" # unmount usb cd umount /mnt #https://www.cyberciti.biz/faq/howto-freebsd-remount-partition/ #https://redmine.pfsense.org/issues/5592 fsck / #select y for all the things fsck / #select y for all the things fsck / #select y for all the things fsck / #select y for all the things mount -o rw / #https://doc.pfsense.org/index.php/Forcing_a_Filesystem_Check touch /root/force_fsck reboot
Here is a secure “cipher stack” that can be used with the SSL configuration on an Ironport that defeats logjam, SWEET32 and some other evil stuff:
Here is the list of HIGH strength ciphers on the ESA:
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
Here are the result of ssl-enum-cipher after inputting the previous cipher stack:
CMD c:\>nmap --script ssl-enum-ciphers server.mcserveface.com -p 443 Starting Nmap 7.00 ( https://nmap.org ) at 2016-12-08 09:39 Eastern Standard Time Nmap scan report for server.mcserveface.com (10.10.10.10) Host is up (0.0020s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | DEFLATE | NULL | cipher preference: client |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 2.41 seconds
I could probably make the cipher stack selection more efficient, but the above works.
I had some trouble figuring out a name. I (and probably a ton of other people) use cerberus for my firewall. I’ve used janus for my argus/flow boxes… Anyway…
I recently purchased my first house, and wanted to do a bunch of crazy home automation. Through research I found several pieces of software that essentially turn a PC into a hub. I’ll be covering my development of this system in several posts, and likely be compiling it into a project.
What will I call my system? El Capitan. Yes, I know that there’s an OSX version with the same codename, but the name comes from the nickname of a manager/cook at a deli that was near my and my wife’s old office, where we met near Rock Center.
Here’s a short plan of things I plan to integrate:
- Mopidy + Korus (almost have this completely functional with three Korus V400 and a Syncronice DX Mini receivers, and three USB batons (for zoning) and a single Akiko 3.5 mm transmitters): support for Pandora and Google music, with iOS web app and Android native app.
- considering Zoneminder, but I think our low-voltage guy talked me into getting a dedicated NVR.
- Home-assistant, with the UZB z-wave stick (wish I bought a Aeotec stick).
- Zwave motion sensors
- Two-way door communication… even if it’s through google voice.
- zwave garage door opener
- lighting controls (looks like my electrician made the decision for me and gave me some Lutron Caseta switches with Pico remotes, no problem with a Smart Bridge Pro (which provides control via telnet)
- blind/curtain controls
- a Honeywell zwave thermostat.
- I have a 3rd gen iPad, and an older Galaxy Tab which I’d like to provide interfaces (maybe have one sit in the kitchen, the other in the living room, and we can use our phones in our rooms, or something)
I bought an HP Elitedesk 800 desktop mini and tossed in an older SSD I had in a 2008 Macbook Pro. I then loaded Fedora Server, and began building Mopidy. Since I pay for Google Music (my consolation after pirating music for 15 years), I figured that this would be the perfect way to stream whatever we wanted to listen to at any time. I was able to get Mopidy going this morning to stream out of the USB baton to the single Korus V400 that we have going now. I did discover that the USB baton is functional although not listed as working with *nix. I reached out to Eleven Engineering to see if there is a way to control the volume levels of the receivers, as they do in the Android and iOS apps, with *nix.
Before I had tested this, I had purchased an “Akiko” from skaastore.com. This is a USB powered 3.5mm to SKAA adapter… SKAA being the licensable wireless standard with 40ms latency and 60-100 foot range (this differs by transmitter). The Akiko set me back $80. A single Korus V400 set me back $60 and comes with a lightning, a 30-pin and a usb baton. I currently have a Bluetooth-to-RCA adapter hooked up to our main system, and will likely use this for a sort of “universal” Korus/SKAA interconnect until I find another use.