Checking Systems for Meltdown & Spectre Vulnerabilities

On Wednesday, January 3rd 2018 Google Project Zero and Intel Security announced Spectre (CVE-2017-5715) & Meltdown (CVE-2017-5754). They affect all Operating Systems running on most industry processors regardless if it's physical or virtual. If you want more information about the vulnerabilities and how they can be exploited be sure to review the links in the reference section at the end of this blog post.

Microsoft Security Response Center released a handy Powershell module tool called SpeculationControl that you can use to verify if any of your Windows systems are vulnerable to these exploits.

If you have Powershell 5.x (which you should) then you can easily install the Powershell module just as you would any other module.

Install-Module -Name SpeculationControl
The module only has a single command in it called Get-SpeculationControlSettings. When you run this command it will verify and provide an easy to read summary for you that is color coded and even provides suggestions…

How to Generate a CSR without IIS or OpenSSL in Windows

Sometimes you need a public certificate for an application such as a Web Application Proxy, ADFS, or some other application. Most of the time certificates are created for web servers so the most popularly known way to generate a CSR is through IIS or OpenSSL. However, you may not have an IIS server available and don't want to go through the headache of installing IIS or OpenSSL just to generate a CSR to get your certificate. Thankfully, you don't need either to generate a CSR. You actually can do this a number of ways.
Option 1 - 3rd Party Utility You have a couple simple to use options that you can use to generate a CSR quickly and easily. The first is you can use a free utility offered by DigiCert. This utility can do a lot more than just generate a CSR and you can use it with any Certificate Service. The benefit of this tool is it's all GUI based so very easy to use for Jr Sysadmins.
Option 2 - MMC Open the Certificates snap-in in MMC and select the Computer Account. Th…

What is GatherNetworkInfo.vbs?

Ever since Windows 7, Microsoft has installed a vbs script in the %systemroot%\System32 directory called GatherNetworkInfo.vbs. This script makes quick work when you need to gather information about a system and the network it's attached to. Because it's a default part of Windows, signed by Microsoft, and in the system path it's a tool you always know is there. However, as with any tool, it can be handy to both Sysadmin and Red Teamer, or abused by attackers needing a quick way to learn more about your network.
What does it gather? When researching a feature in Windows you typically can find a Microsoft Docs, Technet article, or even an MVP blog post about it. However, in this case, I couldn't find anything. I did, however, find a blog post back in 2011 by Alex Verboon discussing this script. He referenced this 2010 Sans Whitepaper (PDF Link) that briefly discussed this script on page 9 and summarized what it does down to this:

The script’s voluminous output would be qu…

Passwords - Managing the Chaos

Passwords are something that we all have and cannot avoid if we have a digital life. Every device we own and work with asks for one such as our laptops, phones, and tablets. Nearly every website we visit demands we create one. At work, you have, not only your computer, but business applications, network devices, and a myriad of other systems/applications that require passwords. Passwords are the virtual keys we need to unlock and secure everything we own and use in our virtual lives. We need them.

Unfortunately, it's also because of their widespread use we hate them. The average person has nearly 30 logins to keep track of. I have over 50 that I use and that doesn't include what I have at work. Because of this growth, many have gotten sloppy and use the same password over and over for multiple services. Many times they will use simple dictionary based words or names of children, birthdates, or other things that are easy for attackers to find and research from their victim'…

Getting Started with Learning Linux

This article also posted in the Spiceworks Community.

Introduction Linux is constantly growing in popularity. Anymore, its almost a requirement in IT to know at least something about Linux or BSD. Even the most Microsoft Windows centric company has at least 1 Linux box, either as a network appliance or hardware made for a specific roll. Even if your job roll has nothing to do with Linux, having a basic understanding will help you in your IT career.

This how-to is built for the first time user of Linux. Following this guide will help you make the right decisions to get you started in the right direction. Be sure to check the reference links at the bottom of this how-to article for more information.

Home Lab
If you have not already done so, build yourself a home lab. This lab will be the basis to help you get started. The nice part about having a home lab is you can do whatever you want and you don't have to worry about damaging anything in a production environment.

Don't get hun…

Linux Foundation 2012

Awesome video about Linux adoption over the past year.

How-to: Fix a Drive Suffering from an Identity Crisis

This is a short how-to I wrote on spiceworks on how to fix a drive that forgot what size it is.

Using ntfsclone to Image Clients

Here is a how-to I wrote on Spiceworks on how to use ntfsclone to image Windows based systems:

The Sysprep How-To

Here is a how-to I wrote on Spiceworks about Sysprep:

How to Configure Trusted Sites in Internet Explorer via Group Policy

Microsoft didn't exactly make configuring Trusted Sites in Group Policy (GPO) a straight forward thing. Thankfully this simple how-to will get you off the ground getting Trusted Sites configured quickly and easily.

First either create a GPO and link it to the desired OU or edit an existing where you have the computer(s) located in Active Directory you want to have this setting.

NOTE: the fewer GPO's you have the better. Try to always keep GPO's stacked on top of eachother and don't duplicate settings. This will help cut down on configuration issues and the time it takes for a user to login.

Now in the GPO you're editing go to Computer Configuration –> Administrative Tools –> Windows Components –> Internet Explorer –> Internet Control Panel –> Security Page and then double click to the zone assignment list in the right pane.

Next you want to Enable then click on the "Show..." button.

Now all you need to do is add all your URL's you want …

How to upgrade Fedora without downloading a new CD image

Upgrading Fedora from one version to the next is very simple just follow these steps:

1. Make sure you backup all your data, just to be safe.

2. Make sure your system is up to date:
#yum update
3. Just in case, make sure you running the latest version of RPM and yum:
#yum update rpm
#yum update yum
4. Install the preupgrade package:
#yum install preupgrade
5. Run the preupgrade command:

OpenDNS & Dynamic IP Update

In my last blog post I showed you how to configure your Linux No-IP dynamic DNS update. In this post we are going to take DNS a bit further and show you how to make your internet surfing not only faster, but safer.

OpenDNS is a free (or if you wish pay) service that gives you more control over your family's internet access. Their are several how-tos on the site for how to use it and set it up. Go ahead and setup a free account and it will immediately direct you to step by step documentation for setting up your home network to use it. Several benefits of why you should use OpenDNS include (but not limited to) faster speed since they cache sites, access controls to limit what sites you don't want to access, and history to see what and where your going on the internet.

After you setup your account you will need to setup your dynamic IP updater so your access rules and history is applied even if your IP address changes. To do this you first need to install ddclient:
# yum install d…