Powershell .ToString()
I’m posting this as I spent too much time on figuring out how to convert the current IP of a machine and turn the IP address into an array. I needed this so I can change the last octet to a couple of other values that I would set later in the script. Powershell has an odd way of outputting data into different types such as objects. Objects can be frustrating when you just want a string output, but objects do give you all types of other possible information from the data you are querying.
I mean there is quite a bit of data to choose from, but I just wanted the IP address. So, after digging around, I realized I needed to pass a PSObject .ToString() to my variable which will return the string representation for this object.
Now that I can get the actual string value I need, I can then use split(‘.’) to split the string at each period character to an array. For some reason, getting just the string value on this one stumped me longer than it should have. So, here it is for anyone that ever needs this (Or myself for future reference). Splitting your IP address into an array.
$ipV4 = (Test-Connection -ComputerName (hostname) -Count 1).IPV4Address
$ipArray = ($ipV4.ToString()).Split(".")
Write-Host("IPV4 Output :" + $ipV4)
Write-Host("Octect1 [0] :" + $ipArray[0])
Write-Host("Octect2 [1] :" + $ipArray[1])
Write-Host("Octect3 [2] :" + $ipArray[2])
Write-Host("Octect4 [3] :" + $ipArray[3])Replacing apt with Nala
Nala is an improved front-end for the apt package manager in Ubuntu/Debian Linux. It adds many features and a better visual representation to the activity of the command. A really good article about Nala can be found here at ItsFoss. There are many more features and arguments to nala than the normal apt command offers.
I’ve decided to create an alias to stop me from using the apt command to using nala. To make sure the alias is persistent after every session or login, I needed to add the following alias commands to the bottom of my .bashrc file.
# Added alias for nala to be used instead of apt.
alias apt='\nala'
alias dapt='\apt'
# For aliases to work with sudo:
alias sudo='sudo '
Now save and exit the shell. Enter back into your terminal and when I run sudo apt update, I get nala running instead.
Monthly patching schedule
I am often asked how I perform security and third-party patching for an entire company. Below is the basic outline I am currently using, and this has not varied very much in over 15 years from any other company I have maintained the patching in regard to Windows servers and workstations. First off, I always test patching before roll-out. Period! I never assume every update installs without issue. Patching processes these days are much more reliable than they used to be, but still, testing first, doesn’t hurt and could save you a major headache in the long run.
The reason for testing is to ensure no disruption to any business. For example, if many of the endpoints are located in restaurants and patching the point-of-sale system and other critical machines required for the business to operate, you will want to make sure those endpoints are always available. If those endpoints are not running, that can cause an immediate loss of business to a location(s) financially.
Workstations Automated patching. Daily. No reboot. Low risk to workstation users.
- Microsoft Teams
- Webex
- Zoom
The above is set to run daily at 3:30am. Catch up with missed endpoints set to 24 hours.
Workstations and Servers Automated patching. Daily. No reboot.
- Defender Antivirus – Definition Updates
- Windows Malicious Software Removal Tool* – Update Rollups
Monthly Patching Servers and workstations.
- All updates are manually approved. Reboots allowed.
- Updates deployed to lab/dev/qa system endpoints first. Verify no issues with functionality for 24 hours.
- If no issues from lab endpoint patching. Update to pilot group of live sites for 24 hours. Pilot workstation group includes IT department workstations.
- If no issues from pilot group. Deploy to all workstation endpoints.
- If multiple endpoints at remote sites, do not deploy to all endpoints, break up patching into groups to ensure not all endpoints will be down at same time during patching/reboots.
Server considerations
- Do not deploy to master domain controller first. Apply to a secondary domain controllers, then patch master domain controller on following day.
- Server patching done outside business hours. Must have IT staff monitoring patching to ensure all servers operational after patching.
- Snapshot all VM’s before patching to ensure quick rollback if needed.
The above is my outline for patching an organization regardless of size. I hope this helps when coming up with your own patching cycle. Every patching cycle should be strict and consistent to minimize risk to any organization, but yet flexible to work around business needs.
Reformatting a flash drive formatted as ISO
Typically, when a flash drive is formatted from an ISO image, the flash drive will be formatted as an ISO9660 type and not want to be re-formatted or erased easily. Take a look at Gparted showing a flash drive below with the Linux Mint ISO on it.
When I attempt to delete the Partition in GParted, it is greyed out. If you try to format it, you will also get an error. The proper method is to use a command like:
sudo dd status=progress if=/dev/zero of=/dev/sde bs=4k && sync
The problem is this takes forever to run and zero out the entire flash drive. What I do is probably considered some hillbilly method but it works and works fairly quickly. I only seem to need to use this method when I want to reformat a flash drive shown as an ISO format. I run the shred -v command and let it run for about 10% to 15% (Which takes only a couple of minutes typically). I then hit CTRL C to cancel the operation.
Remove the flash drive and re-insert it. Now go into Gparted and create a partition table and format the flash drive any way you want.
Now I format the flash drive however I want. In this case, I formatted it as a Fat32.
Maybe I’ll post a more proper method later, but the above is down and really dirty but works quickly.
Using Powershell to read registry HKEY_USERS
This is a small example I put together on how to quickly loop through each user SID in HKEY_USERS and find the value that shows what the wallpaper is set to for each user. This little script is a decent reference to use for finding (And with a little modification, setting) registry value(s) in the HKEY_USERS section.
<#
.DESCRIPTION
Example to show how you can go through each user branch in registry
HKEY_USERS and retrieve the wallpaper file path key.
#>
$hkUsers = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('USERS', $env:COMPUTERNAME)
$hkUsersSubkeys = $hkUsers.GetSubKeyNames()
$hkUsersSubkeys | % {
$hkeyuserpath = "$_\Control Panel\Desktop"
$hkeyuserpath = "REGISTRY::HKEY_USERS\$hkeyuserpath"
Write-Host "`nUSER: $_"
$wallpaperfile = (Get-ItemProperty -Path $hkeyuserpath -ErrorAction SilentlyContinue).Wallpaper
Write-Host "WALLPAPER: $wallpaperfile`n`n===================="
}
Download files from website via Powershell
A simple method I like to use when I want to quickly run a powershell script to download a file from a webserver. I use this when endpoints are not on an internal network so a network share is not always available, but since I am usually remotely calling the powershell script, Internet access is established.
The commandlet I use is Invoke-RestMethod. I provide the source url for the file on a webserver to download and the destination, and I’m done. Extremely simple and extremely effective. There are so many ways to do this, but this is the method I personally use the most.
The below example is what I have used to download the CleanZoom utility from Zoom that will remove any installed versions of Zoom on an endpoint, save the file in a temporary directory and then execute the utility.
<# --------------------------------------------------------------------------------
Uninstall all traces of Zoom from an endpoint.
Script downloads the CleanZoom.zip file from Zoom.com and then extracts it and
runs the utility.
----------------------------------------------------------------------------------- #>
$src = 'https://assets.zoom.us/docs/msi-templates/CleanZoom.zip'
$dst = "$env:TEMP\CleanZoom.zip"
Invoke-RestMethod -Uri $src -OutFile $dst
Expand-Archive -Path $dst -DestinationPath $env:TEMP -Force
Start-Process $env:TEMP\CleanZoom.exe -ArgumentList "/s"
Scareware is not dead
An email was forwarded to me that came from a security MSP trying to stir up business with someone at the company I work at. Their quasi-scareware email was funny, but a horrible way for us to take seriously. Only thing missing was a sentence asking for bitcoin.
I remember several years ago, companies were scanning their web server logs and doing DNS look-ups to find out what companies visited their website. Then the Spam and cold call of sales would begin. That tactic finally died off……mostly. The below email was not sent to our company from a DNS look-up scrape (I know, as our external IP’s at work can barely can tell you what state we are in), it was pure spam. Probably someone going through Linkedin and such finding contacts.
Ah, remembering the good ole days, when the scareware looked like an actual alert:
Aloha!
Not a good week for NCR Aloha POS hosted solutions. They have been dealing with a BlackCat ransomware attack as reported by articles at:
BleepingComputer – NCR suffers Aloha POS outage after BlackCat ransomware attack.
Securityweek.com – Payments Giant NCR Hit by Ransomware
CybersecurityDive – NCR restores more services following ransomware attack
The below screenshot was taken from https://status.aloha.ncr.com
Install a DHCP Server
There are times when you need to run your own DHCP server. For me, this was needed to add to my laptop so I can program IP security cameras with my USB Ethernet adapter attached. The software that typically comes with security cameras is total crap with a bad Chinese translation layered on top and is usually for Windows only. It is just easier to connect the cameras to a DHCP network and login than use some clunky badly written Windows-based application. Here is how I installed and configured a DHCP server for my laptop.
Open a shell prompt and execute the command: sudo apt install isc-dhcp-server.
Now, I run ip a to list all the network adapters and names. I found my USB adapter easily.
Open the /etc/default/isc-dhcp-server config file and add the interface name of the USB adapter. This defines the network adapter that will be dishing out DHCP IP addresses.
Now we set an IP range for the DHCP server. I usually keep this really small between 10 and 20 IP addresses for convenience. I usually set the starting IP address one octet higher than the IP I set on the USB adapter. Below, you can see I entered, “192.168.10.1” as the IP address of my USB network adapter, then the DHCP range I set at .2 through .10. Set the subnet mask and since this does not need DNS, I just enter a bogus address of the laptop for domain-name-servers.
Restart the DHCP server service.
Now I connect the IP POE camera to an injector which then connects to my USB adapter.
I use Angry IP Scanner to search and find the camera.
I now navigate to the IP address found and am able to sign in and configure the IP camera.
After configuration, live image working.
