Author Archive

Message Analyzer

July 15, 2015 Leave a comment

Very cool tool from MSFT to “replace network monitor,” Message Analyzer looks to be a hell of a lot more.

Here is a very interesting article on process tracking, and here is a start up for performing network traces. Not as many protocols as wireshark (yet) for networking but there are a lot.

You can open a very wide array of logs (including pcap, memory dumps, event logs, perfmon logs, even fiddler sessions). You can even produce live charts of live activity.

Definitely a pretty solid log file and live activity viewer or as you could say… message analyzer. *boom*

Obtaining the latest Cleanwipe utility from Symantec

June 29, 2015 Leave a comment

Symantec was fine with giving me Cleanwipe, opening a case even though I didn’t have a valid support contract (as it had expired).

The latest Cleanwipe utility will work on all previous Endpoint Security products and can be obtained:
Login ID: cleanwipeutility
Password: CL3@nw!p3

Quickly and easily implement Powershell remoting via Group Policy

May 27, 2015 Leave a comment

Here is a summary of Brian Scholar’s article on implementing Powershell Remoting via Group Policy.

Computer Configuration\Administrative Templates\Windows Components\Windows Powershell\
Turn on Script Executiuon: Enabled, Execution Policy: Allow all scripts

Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Trusted Hosts: Enabled, TrustedHostsLists: [a subnet wildcard, like 10.10.1.*]

Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Services
Allow remote server management through WinRM: Enabled, IPv4 filter: [subnet range]

Cisco ASA: Upgrade ASDM image the manly way

May 22, 2015 Leave a comment

I’ll be honest. I came from an all Fortigate shop, and the last real hardcore Cisco work I did was on a PIX.

Since it’s been like six years, I figured I’d doc the very simple procedure to upgrade the ASDM image on an ASA.

A highly intelligent folk who quality checked a refurbed ASA 5505 before shipping as a warranty replacement thought… “hey, I’ll upgrade the IOS, but not upgrade the ASDM.” Since I’m hardcore and don’t bother with the ASDM, only CLI, I didn’t worry about it before certifying a config as good before release. Well, god dang it, we need the ASDM! Alas, I found an awesome troubleshooting page on Cisco’s site, and realized that I may have to upgrade the ASDM image. So, here’s how.

1) Get your version information with the following:

sh ver
#Cisco Adaptive Security Appliance Software Version 8.2(5)55
#Device Manager Version 5.2(3) <=== this is not listed as compatible

2) Take a gander at the ASA/ASDM compatibility matrix.

The ASA version I'm running is listed as being compatible with "ASDM 6.3(4) and later. Recommended: 7.4(2)."

3) download the image by searching this annoying site (just use IE, trust me)

3) grab a tftp server app and copy the .bin to the served directory (try tftpd64)

4) copy the image up to the flash

copy tftp flash
#server is:
#source & destination filename is: asdm-742.bin

5) verify the presence of the image

show disk
#.... asdm-742.bin

6) show the existing asdm image

sh run asdm
#asdm image disk0:/asdm-523.bin

6) assign the new image:

asdm image disk0:/asdm-742.bin
wr mem

7) reboot


Find cpan perl modules for CentOS with `yum provides`

April 30, 2015 Leave a comment

If you’re receive these and you know it, clap your hands:

MAILGATE missing dependencies:
        Net::SSL ...MISSING
        LWP::Protocol::https ...MISSING
        Crypt::SSLeay ...MISSING

If you’re receiving these, and you know it, and you really want the modules; if you’re receiving these and you know it, search with yum:

yum whatprovides 'perl(Net::SSLeay)'

Spreadsheets from Microsoft for all security audit event log events

April 28, 2015 Leave a comment

VMware: Can’t shutdown a VM, kill the hypervisor process

April 24, 2015 Leave a comment

If you can’t shutdown a VM, and it won’t poweroff, ssh into your Host and kill the process that hosts the VM:

esxcli vm process list
esxcli vm process kill --type=hard --world-id=[WORLDID]

You can choose types: soft, hard, force.


Tags: , ,

Get every new post delivered to your Inbox.

Join 48 other followers

%d bloggers like this: