Archive

Author Archive

A word about WMI DateTime format conversions in powershell

May 25, 2016 Leave a comment

A word.

I was working on this for too much time trying to use DateTime::Parse() and DateTime::ParseExact() within the expression. But… duh… just use string formatting…

Get-WmiObject win32_operatingsystem | select @{LABEL='LastBootUpTime';EXPRESSION={($_.ConverttoDateTime($_.lastbootuptime)).tostring('MM-dd-yyyy hh:mm:ss')}}

New page: Shavlik Protect: An actual quick start guide.

March 30, 2016 Leave a comment

I’ve created a new page under Technology Solutions that will assist people with rolling our Shavlik Protect in actually under an hour (or whatever they say in their marketing).

Shavlik Protect: An actual quick start guide.

Change the default size of CABs that WSUS will accept to be published

March 10, 2016 Leave a comment

I came across an issue when using our third party patch management system (that integrates into WSUS) that an update could not be published to WSUS because it exceeded 384MB.

Searching the web, I located several posts, but arrived on this one which contains a quick powershell script that increases the maximum size of the CAB file that can be published.

I’ve not messed with reflection too much, but I do think this would be useful specifically for WSUS management classes that aren’t revealed through the regular cmdlets.

Don’t get-mousejacked

March 4, 2016 Leave a comment

[UPDATED: April 14th, 2016:

Good news everyone! MSFT has released an optional update that resolves this issue:

]

This morning, my boy Bruce Schneier posted about Bastille’s February 23rd published attacks on various wireless mouse/keyboard dongles.

I’ve written a quick Powershell script to get a full inventory of affected computers (deal with the output yourself).

Worth noting that this is clearly novel, but, as of this time, MSFT hasn’t released a patch, which is weird given that Bastille disclosed the vulnerabilities to them November 24th, 2015. The recommended solution (from Bastille) is to move to a wired keyboard. Nice! But aren’t those vulnerable as well?! Is Tom Cruise crawling in my ceiling tiles?!!1

Here are the details and links to attack code: https://www.bastille.net/affected-devices

Setting Gmail as your default mailto handler

December 19, 2015 Leave a comment

1) Configure firefox to use gmail for mailto links.
Options> Applications> mailto> use Gmail

2) Delete all other mailto options and set URL Protocol to nothing under: HKEY_CURRENT_USER\SOFTWARE\Classes\mailto

3) Add firefox as a handler: HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations\ reg_sz: mailto = “FirefoxURL”

4) Delete all options in: HKCU\Software\Microsoft\Windows\Shell\Associations\URLAssociations\MAILTO\Userchoice

5) open a mailto link and set Firefox.

If you don’t set the mailto Application in firefox, it’s default is set to firefox, which will make firefox load firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox loading firefox GOTO loading firefox

Security software for personal PC

November 25, 2015 Leave a comment

I’ve been meaning to create a quick list of personal PC security software for some time, but haven’t gotten around to it. well…

RG0BS1U
  • Some antivirus… Windows defender is okay, but not great.
  • Immunet: this “cloud based antivirus” is the free version of Cisco/Sourcefire AMP for Endpoints and will provide you with access to TALOS intelligence on file integrity. [note that immunet is sourcefire… sourcefire is TALOS… TALOS is Cisco… Cisco is in bed with the US Government.]
  • EMET: Yes. This probably won’t cause too much trouble.
  • Glasswire: Easy to use network awareness.
  • Sysmon: Well, if you’re in the position of “supporting” your family/friend’s PCs, then you might want to be wise to malware infections. You can get crafty here.
  • Papertrail/LogEntries/SumoLogic/Loggly with nxlog: if you want to get real crazy, real quick, configure cloud-based event logging with alerting, as long as you can provide them with a work Email address. Papertrail supports alerting via Email and integration into other platforms (like librato, slack, zapier, stathat, pagerduty… anything that supports webhooks (which excludes IFTTT)) for free out-of-the-box.

That’s it for now. I guess I’ll expand when I come across other things.

Native powershell support for VSS snapshot mounting

October 30, 2015 Leave a comment

This link contains two functions that allow you to mount then dismount VSS snapshots in powershell. I’ve copied them a gist as I have a healthy fear.

Follow

Get every new post delivered to your Inbox.

Join 56 other followers

%d bloggers like this: