Download files from website via Powershell

By | August 11, 2023

A simple method I like to use when I want to quickly run a powershell script to download a file from a webserver. I use this when endpoints are not on an internal network so a network share is not always available, but since I am usually remotely calling the powershell script, Internet access is established.

The commandlet I use is Invoke-RestMethod. I provide the source url for the file on a webserver to download and the destination, and I’m done. Extremely simple and extremely effective. There are so many ways to do this, but this is the method I personally use the most.

The below example is what I have used to download the CleanZoom utility from Zoom that will remove any installed versions of Zoom on an endpoint, save the file in a temporary directory and then execute the utility.

Scareware is not dead

By | June 19, 2023

An email was forwarded to me that came from a security MSP trying to stir up business with someone at the company I work at. Their quasi-scareware email was funny, but a horrible way for us to take seriously. Only thing missing was a sentence asking for bitcoin.

I remember several years ago, companies were scanning their web server logs and doing DNS look-ups to find out what companies visited their website. Then the Spam and cold call of sales would begin. That tactic finally died off……mostly. The below email was not sent to our company from a DNS look-up scrape (I know, as our external IP’s at work can barely can tell you what state we are in), it was pure spam. Probably someone going through Linkedin and such finding contacts.

If you send an email that begins like this, we cannot take you seriously.

Ah, remembering the good ole days, when the scareware looked like an actual alert:

Aloha!

By | April 14, 2023

Not a good week for NCR Aloha POS hosted solutions. They have been dealing with a BlackCat ransomware attack as reported by articles at:

BleepingComputer – NCR suffers Aloha POS outage after BlackCat ransomware attack.

DataBreaches.net – A short-lived BlackCat listing suggests NCR’s customers’ networks were accessed

Securityweek.com – Payments Giant NCR Hit by Ransomware

CPO Magazine – Financial Services Firm NCR Hit by Ransomware Attack, Disrupting Aloha and Back Office Products

CybersecurityDive – NCR restores more services following ransomware attack

The below screenshot was taken from https://status.aloha.ncr.com

Install a DHCP Server

By | March 6, 2023

There are times when you need to run your own DHCP server. For me, this was needed to add to my laptop so I can program IP security cameras with my USB Ethernet adapter attached. The software that typically comes with security cameras is total crap with a bad Chinese translation layered on top and is usually for Windows only. It is just easier to connect the cameras to a DHCP network and login than use some clunky badly written Windows-based application. Here is how I installed and configured a DHCP server for my laptop.

Open a shell prompt and execute the command: sudo apt install isc-dhcp-server.

sudo apt install isc-dhcp-server.

Now, I run ip a to list all the network adapters and names. I found my USB adapter easily.

Use, “ip a”, to list the network adapters and info.

Open the /etc/default/isc-dhcp-server config file and add the interface name of the USB adapter. This defines the network adapter that will be dishing out DHCP IP addresses.

/etc/default/isc-dhcp-server config file.

Now we set an IP range for the DHCP server. I usually keep this really small between 10 and 20 IP addresses for convenience. I usually set the starting IP address one octet higher than the IP I set on the USB adapter. Below, you can see I entered, “192.168.10.1” as the IP address of my USB network adapter, then the DHCP range I set at .2 through .10. Set the subnet mask and since this does not need DNS, I just enter a bogus address of the laptop for domain-name-servers.

Set the network adapter info and IP range here.

Restart the DHCP server service.

Now I connect the IP POE camera to an injector which then connects to my USB adapter.

Laptop with USB network adapter, POE injector, and camera connected.

I use Angry IP Scanner to search and find the camera.

Enter the IP range in Angry IP and tell it to scan.

I now navigate to the IP address found and am able to sign in and configure the IP camera.

Camera responding at IP addressed issued from the DHCP server.

After configuration, live image working.

Successfully configured camera.

Firefox telemetry

By | February 20, 2023

Was looking at my Adguard for home server dashboard and I noticed the blocked links for Mozilla Firefox is sending telemetry data. I did some looking and Firefox data is mainly to help it make a better product but some products go too far. Either way, I want to disable it.

Adguard blocking Firefox telemetry

Firefox doesn’t hide that they are doing this, and posted an article on how to disable it HERE. Basically, go to Settings / Privacy & Security, and scroll down until you see, “Firefox Data Collection and Use” section. Uncheck the option that says, “Allow Firefox to send technical and interaction data to Mozilla”.

Uncheck the option that says, “Allow Firefox to send technical and interaction data to Mozilla”.

After you uncheck the option, you will see the below message. All good now.

Good.

Phishing emails

By | November 8, 2022

It is amazing how phishing emails are becoming more sophisticated. We have recently added a product called SlashNext to help protect our environment from phishing emails. It has been doing a fantastic job of catching emails that passed every other detection method. Below are six samples of the emails captured and blocked from going to the recipients.

SlashNext uses a method of analyzing the links within an email (Or website if you have browser protection also). Thus, this provides protection that most anti-spam and email protection systems, miss.

O365 prompting for an alternative email address

By | October 31, 2022

Recently, O365 started prompting users in my organization during sign-in to add an alternative (Authentication verification) email address. This is not an option we turned on, nor is it an option I wanted to be enabled. If the user needs help resetting their password or having issues signing in, our policy is for them to contact our helpdesk.

Alternative email / Authentication email prompt I never asked for.

To remove this, you will need to go into your admin portal. Then go into Azure Active Directory, then USERS, then REGISTRATION. Change the option, “Require user to register when signing in“, to NO.

Select NO for this option.

Now your users will no longer get prompted to enter an alternative email address for authentication verification. Our policy is that the IT department should be contacted.

Idiots using RAID0

By | October 20, 2022

About once a month I read a post somewhere that some poor schmuck is using or wanting to use RAID0 for spanning two drives together or thinking their SSD’s going to get better performance.

If you are one of those idiots, we cannot be friends. I cannot deal with that amount of stupidity.

RAID0 was originally designed to split data across multiple mechanical drives for improved performance with scientific calculations with older computers and storage. It was always known as volatile (Like 20 years ago). Now days, there is absolutely no reason to use it.

A Few Favorite Applications

By | August 19, 2022

Here is a very short list of a few of my favorite applications and utilities that I seem to install on almost all Linux workstations I use (And some servers). I could really grow and evolve this article into its own section one day. One note, I typically will always look for a flatpak version (Especially for Evolution), and use that before looking for a native install. Just my preference as flatpaks are usually updated quite often.

What IP – Neat utility used mostly on my laptop when I am at remote sites to quickly find the external and local IP, or a virtual interface’s. Great for verifying VPN connections and finding other devices on your LAN.

Flameshot – Quick screenshot utility with several nice options. Unfortunately, nothing beats Snag-it on windows for an ultimate screenshot utility, but Flameshot does a better job than most others that are supported on Linux. A must-have for any Linux desktop.

Flameshot in action.

Angry IP Scanner – Cross platform IP and basic port scanner. I use this mainly on my laptop to scan either for IP cameras or remote locations I am working in to identify network devices. Excellent tool, and not overbuden with features. Also cool feature to click on anything with a port and it can launch typical method to access (ie, web browser for port 80 and 443).

Angry IP Scanner

Grsync – GUI for rsync. Easier than using cli at times. I use rsync quite a bit to sync directories and files across network shares from my local machine or flash drives. Grsync is a GUI for the rsync utility that just makes it easier to use especially if you use any of the arguments such as always checksum.

Grsync gui.

Midnight Commander – A great file manager during shell access. If you remember the old Norton Commander for DOS, this is the Linux version. I use this to quickly navigate a filesystem, copy, move, and edit files and more.

Midnight commander dual pane file manager.

Evolution – Gnome’s outlook type PIM client. Is compatible with O365. There is just really no replacement to the original Outlook client used in Windows. The web version is pretty good, but sometimes nothing beats using an actual client. Evolution has come a long way and now has support for O365 support.

Evolution

Catfish File Search – GUI file search utility. I always struggle when I use the CLI for find. I never remember the arguments fast enough to be quick, so catfish helps me out.

Catfish

Remmina – Remote client for RDP, VNC, SSH, etc. A nice program to organize all the remote machines you access regardless of protocol. SSH, RDP, VNC and more supported.

Remmina

Updating the terminal shell

Fancy bash prompt is a script along with the powerline font to install on your machine to provide highlighting terminal inputs.

Neofetch is a system information app that almost everyone with a Linux system has. I added this to run every time I open a shell by adding the neofetch command to my bashrc file.

The last two lines of my .bashrc file.

The result:

Neofetch and Fancy Basch Script running every time I open a terminal window.

Installing OpenConnect

By | May 20, 2022

I’ve been using Cisco’s AnyConnect client to connect my Pop!_OS workstation to my work VPN. The AnyConnect client is ok, but I want to use the network manager built into my workstation. To do this, I needed to install OpenConnect. To do this, open a terminal and run the following command:

sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome

Then go into Settings / Network, and add a VPN connection. Select OpenConnect.

From this window you can provide your VPN connection a custom name, and enter the gateway of the Cisco VPN server you are trying to connect to. Then click Add.

Once added, I click click the slide to enable the connection to test. I am prompted for my VPN username and password. This is good.

VPN Connection can also be accessed directly from the taskbar.