How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows

This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components.

Disabled SMBv1 server and client via Group Policy is the best option!

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

Top 25 Active Directory Security Best Practices

A comprehensive list of the top 25 Active Directory Security Tips and best practices. Securing domain admins, local administrators, audit policies, monitoring AD for compromise, password policies, vulnerability scanning and more.

See https://activedirectorypro.com/active-directory-security-best-practices/

Here are the 25 that he lists:
  1. Clean up the Domain Admins Group
  2. Use at Least Two Accounts (Regular and Admin Account)
  3. Secure The Domain Administrator account
  4. Disable the Local Administrator Account (on all computers)
  5. Use Local Administrator Password Solution (LAPS)
  6. Use a Secure Admin Workstation (SAW)
  7. Enable Audit policy Settings with Group Policy
  8. Monitor Active Directory Events for Signs of Compromise
  9. Password Complexity Sucks (Use Passphrases Instead)
  10. Use Descriptive Security Group Names
  11. Cleanup Old Active Directory User & Computer Accounts
  12. Do NOT Install Additional Software or Roles on Domain Controllers
  13. Continues Patch Management & Vulnerability Scanning
  14. Use DNS Services to Block Malicious Domains
  15. Run Critical Infrastructure on latest Windows Operating System
  16. Use Two Factor Authentication for Remote Access
  17. Monitor DHCP Logs for Connected Devices
  18. Monitor DNS Logs for Security Threats
  19. Use Latest ADFS and Azure Security Features
  20. Use Office 365 Secure Score
  21. Plan for Compromise ( Have a recovery plan)
  22. Document Delegation to Active Directory
  23. Lock Down Service Accounts
  24. Disable SMBv1
  25. Use Security Baselines and Benchmarks

mkcert – local certs

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. Perfect for local test systems and local internal servers only!

https://github.com/FiloSottile/mkcert

Installation:
https://github.com/FiloSottile/mkcert#installation

First Create CA:
mkcert -install

Create cert for example:
mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1

Zstandard compression

Zstandard, or zstd as short version, is a fast lossless compression algorithm, targeting real-time compression scenarios at zlib-level and better compression ratios. It’s backed by a very fast entropy stage, provided by Huff0 and FSE library.

The project is provided as an open-source dual BSD and GPLv2 licensed C library, and a command line utility producing and decoding .zst.gz.xz and .lz4 files. Should your project require another programming language, a list of known ports and bindings is provided on Zstandard homepage.

Installation is from repos:
sudo apt install zstd

Reference: https://facebook.github.io/zstd/

bootiso

Create a USB bootable device from an ISO image easily and securely.

Don’t want to messup the system with dd command? Create a bootable USB from an ISO in one line [see it in action].

Works seamlessly with hybrid and non-hybrid ISOs (SYSLINUX or UEFI compliant) such as any linux ISO, Windows ISO or rescue live-cds like UltimateBootCD. You don’t have to tweak anything: bootiso inspects the ISO file and chooses the best method to make your USB bootable.

Synopsis

bootiso [<options>...] <file.iso>
bootiso <action> [<options>...] <file.iso>
bootiso <action> [<options>...]

The default action [install-auto] as per first synopsis is to install an ISO file to a USB device in automatic mode. In such mode, bootiso will analyze the ISO file and select the best course of actions to maximize the odds your USB stick be proven bootable (see automatic mode behavior).
Other <options> and <actions> are listed in this bellow section.

Examples

To have a quick feedback, [probe] around to check bootiso capabilities with given ISO file and list USB drives candidates [watch video]:

bootiso -p myfile.iso

Quick install

curl -L https://git.io/bootiso -O
chmod +x bootiso

Reference: https://github.com/jsamr/bootiso

tcpdump101.com – generate tcpdump commands

tcpdump101.com is a great site that you can use to generate tcpdump commands, you enter the parameters it’s asks for and it will generate the command for you. It’s handy if you are not running tcpdump commands very often and then have to either look up the help/man pages or Google for the command switches you want. It also has output for Cisco and Checkpoint firewalls.

From there site they say… tcpdump101.com has been designed to help people capture packets on different devices to assist with network troubleshooting, service troubleshooting and even passive red team activities. There is an assumption that the user has a basic understanding of what they want to capture – As much as this is a tool to help people, the user has to use their own logic since every situation is different. That being said, I strongly suggest that if you’re just starting out with packet captures to grab a copy of Virtual Box and play around with Linux and tcpdump. Although tcpdump may not be what you ultimately use, it will give you an excellent understanding of what you’ll see, even with other products and vendors.

As a safety measure (if at all possible) make sure to set a capture limit on your PCaps. If you make a mistake building your filters, you may end up captuing a lot of traffic. Although the odds are slim, there is a chance that your PCap could fill the NIC buffer and start dropping packets. The worst-case scenario is that it runs out of memory while you’re logged in remotely. With today’s hardware, it most likely won’t happen however you should always expect the best and plan for the worst.

 

 

 

 

Reference: tcpdump101.com

Xenserver does not reclaim space after deleting VDI or Snapshot

In most cases removing old snapshots and then initiating a scan of the SR has resolved this for me.

vhd-util scan -f -m “VHD-*” -l “VG_XenStorage-<uuid_of_SR>” –p

References:

https://sysadmino.wordpress.com/2014/03/03/xenserver-does-not-reclaim-space-after-deleting-vdi-or-snapshot/

https://techblog.jeppson.org/2015/02/reclaim-lost-space-xenserver-6-5/

 

PDFsam – OpenSource PDF Utility

PDFsam https://pdfsam.org/ is a free and open source desktop application to split, merge, extract pages, rotate and mix PDF files.

There are 3 products, PDFsam Basic, PDFsam Enhanced and PDFsam Visual:

PDFsam Basic

  • Merge
    Merge PDF files, select the pages, merge bookmarks and interactive forms
  • Split
    Split a PDF file at given page numbers, at given bookmarks level or in files of a given size
  • Extract from PDF
    Extract pages from PDF files
  • Rotate
    Rotate PDF files, every page or just the selected pages
  • Mix
    Merge PDF files together taking pages alternatively from one and the other. The perfect tool if you have a single-sided scanner

PDFsam Enhanced

  • Edit
    Modify the PDF content without the need to export it or copy to another format
  • Insert
    Insert pages or hyperlinks and update page numbers once you are done
  • Convert
    Convert PDF files to a number of popular formats like doc, docx, xls, xlsx and many others
  • Review
    Collaborate with your peers by adding notes, highlighting text and drawing on your document with the pencil
  • Forms
    Create fillable forms from scratch or pre designed, import and export data, add actions to print the document, send it by email and other
  • Security
    Protect PDF files with 256 bits AES encryption, set permissions on them and add a digital signature
  • OCR
    An Optical Character Recognition module to extract text from images

PDFsam Visual

  • Combine and Reorder
    Visually reorder pages, move them, rotate them or combine PDF files dragging and dropping pages from multiple documents
  • Split by text
    Split PDF files at pages where text in a selected area changes
  • Crop
    Crop PDF files by drawing the rectangular area you want to keep
  • Split
    Split PDF files visually selecting pages to split at, or split at given bookmarks level or in files of a given size
  • Protect and Unprotect
    Add permissions and encrypt PDF files using AES 256bits or 128bits. Decrypt PDF files supplying a password and create an unprotected version
  • Extract
    Visually select the pages you want to extract from a PDF file
  • More
    Mix PDF files, Rotate PDF files, Merge PDF files…

 

Google Chrome: Clear or flush the DNS cache

Google Chrome browser has inbuilt caching server to improve performance. You can quickly clean out or flush out DNS entries manually on Google Chrome:

Open a new tab.
Type the url in the search box: chrome://net-internals/#dns
Hit the “Clear host cache” button.

 

 

 

 

 

 

 

 

Flush out socket pools
Open a new tab and type the following in search box:
chrome://net-internals/#sockets