Wednesday, December 1, 2021

NCurses Disk Usage

NCurses Disk Usage or ncdu is a disk analyzer for Linux.  The application can be installed via the command below:

sudo apt install ncdu

To scan the entire system, use the command below

sudo ncdu -x \


https://dev.yorhel.nl/ncdu

https://www.networkworld.com/article/3644415/looking-at-linux-disk-usage-with-the-ncdu-command.html

https://www.networkworld.com/article/3693090/using-ncdu-to-view-your-disk-usage-while-grasping-those-tib-gib-mib-and-kib-file-sizes.html#tk.rss_all

https://www.both.org/?p=4639


Right-click functionality with a Touchpad within Linux Mint not working

When installing Linux Mint on a laptop, the right-click functionality was not working by default with the built-in Touchpad.  To resolve this issue, access the Mouse setup and access the Touchpad tab.  Disable the default parameters of the two-finger and three-finger emulation.




ClamAV

ClamAV is an open source anti-virus engine.  To install the main application and a GUI interface within Linux Mint, use the following commands:

sudo apt install clamav

sudo apt install clamtk

To update signatures via a terminal session, use the following commands:

sudo service clamav-freshclam stop
sudo freshclam
sudo service clamav-freshclam start

To scan a directory via a terminal session, use the following command:

clamscan -r -i directory_name


https://www.networkworld.com/article/3652690/using-clamav-to-detect-and-remove-viruses-on-linux.html

nomacs

nomacs is an open source image viewer application.  Versions are available for both Windows and Linux.  The feature set is similar to Irfanview.

https://nomacs.org



Swap space within Linux

To display the current swap space within Linux, several commands can return this information.  Below are a few examples.

swapon --show

free -m


https://www.networkworld.com/article/3632886/managing-and-monitoring-swap-space-on-linux.html

Cryptomator

Cryptomator is an utility to encrypt data before transferring the information to a cloud storage solution.

https://cryptomator.org

Windows Explorer add-on named Files

A Windows Explorer add-on named Files is available via the Microsoft Store.

https://files.community/

Hardentools

Hardentools is a collection of utilities designed to disable a number of "features" exposed by Windows.

https://github.com/securitywithoutborders/hardentools


Monday, November 1, 2021

One potential fix for Linux Mint wireless performance

If wireless performance is poor within Linux Mint, one potential source could be power management for the adapter.  Use the following command to determine if power management is currently enabled:

iwconfig


If enabled, use the following command and modify "3" to a "2".

sudo nano /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf


To avoid a reboot, use the following commands.

sudo iwconfig wlp107s0 power off

sudo systemctl restart network-manager.service

MBR2GPT

MBR2GPT is an utility that converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the /allowFullOS option.

https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt

O&O ShutUp10++

O&O ShutUp10++ is a new version of the original utility with support for Windows 11.

https://www.oo-software.com/en/shutup10

Install Windows 11 on a non-supported device

To install Windows 11 on a non-supported device or within a virtual machine, use the following Registry entry.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup. Right-click the Setup folder and create a new key called LabConfig.

Right-click the LabConfig folder and create one new DWORD value named BypassTPMCheck and another named BypassSecureBootCheck.

Set both values to 1.

https://arstechnica.com/gadgets/2021/10/how-to-upgrade-to-windows-11-whether-your-pc-is-supported-or-not/

https://support.microsoft.com/en-us/windows/ways-to-install-windows-11-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e

NTFSTool

NTFSTool is a forensic tool focused on NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on master file table, BitLocker encrypted volume, and EFS encrypted files.

https://github.com/thewhiteninja/ntfstool

Disable Guest Browsing within ChromeOS

To disable Guest access within ChromeOS,

Settings -> Security and Privacy -> Manage Other People -> disable Enable Guest Browsing


Another feature under this area is "Restrict sign-in to the following users", which can limit which Google accounts can log in.



How to disable ads within the address bar within Firefox

Starting with version 93, Firefox is including ads by default within the address bar.  To disable this feature, access Settings -> Privacy & Security -> Address Bar - Firefox Suggest.  Turn off the contextual suggestions option.



Cleanup.pictures web site

The Cleanup.pictures web site offers a free basic option to remove an object from an existing image.

https://cleanup.pictures/

Friday, October 1, 2021

PowerShell script to check for Windows 11 compatibility

Microsoft has created a PowerShell script to check for Windows 11 compatibility.

https://aka.ms/HWReadinessScript

https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866

QLOG

QLOG is an open-source Windows Security Log utility similar to Sysmon.

https://github.com/threathunters-io/QLOG


Offensive Wifi Toolkit (owt)

Offensive Wifi Toolkit (owt) compiles tools for wi-fi auditing in a Unix bash script.

https://github.com/clu3bot/owt

EdgeDeflector

Windows 11 makes it harder to modify web browser defaults in comparison to Windows 10.  One option to make these changes is to use a third-party utility such as EdgeDeflector.  This free app allows another browser besides Edge to be used for default activities such as searching from the Start menu.

https://www.ctrl.blog/entry/edgedeflector-default-browser.html

packetsifterTool

packetsifterTool is an utility to assist in reviewing a .PCAP file for certain traffic.  An example would be performing hash lookups via the VirusTotal API of exported objects found via SMB/HTTP.

https://github.com/packetsifter/packetsifterTool

List of lightweight Linux distros

Below is a list of Linux distros that are light on hardware resources.

https://antixlinux.com/

https://www.linuxliteos.com/

https://lubuntu.me/

https://puppylinux.com/

https://www.bunsenlabs.org/

http://tinycorelinux.net/


vSphere Alert Center

The vSphere Alert Center is a fling that displays alarm notifications without the use of the normal vSphere client.

https://flings.vmware.com/vsphere-alert-center

https://4sysops.com/archives/vsphere-alert-center-get-alerts-from-multiple-vcenter-servers-with-a-free-tool/


Monday, September 6, 2021

The nmcli command within Linux

The nmcli command is standard with most Linux distos.

The command below returns general information:

nmcli general status


The command below returns any network profiles such as Wi-Fi networks:

nmcli connection show

The command below displays information on network devices/adapters:

nmcli device status

https://www.cloudsavvyit.com/12989/how-to-manage-linux-network-connections-from-the-command-line/



Nmtui

Nmtui (Network Manager Text User Interface) is a terminal application which allows an user to manage his or her Wi-Fi connections on Linux distributions that use NetworkManager.

https://www.cloudsavvyit.com/13866/how-to-manage-linux-wi-fi-networks-with-nmtui/



NUMA Observer

NUMA Observer is a VMware fling that scans a VM inventory and identifies VMs with overlapping core/NUMA affinities, and then can generate alerts.

https://flings.vmware.com/numa-observer


PCjs

PCjs is a web site that has several DOS emulator entries that will execute within a web browser.  The site also has other operating systems such as Windows 3.1 and Windows 95.

https://www.pcjs.org/

ThisIsWin11

ThisIsWin11 is an open source utility to allow the modification of Windows 11.  Certain applications can be uninstalled and certain features disabled.

https://github.com/builtbybel/ThisIsWin11/


Registry Explorer

Registry Explorer is an utility application to replace the existing Registry Editor within Windows.

https://github.com/zodiacon/RegExp

https://www.bleepingcomputer.com/news/microsoft/registry-explorer-is-the-registry-editor-every-windows-user-needs/

Powercfg sleepstudy report

To generate a sleepstudy report within Windows 10, launch an elevated command prompt and use the following command:

powercfg /sleepstudy /duration 10

A .HTML file will be created as output.

Sunday, August 1, 2021

Disable keyring prompt within Linux

Within Linux, a prompt concerning a keyring password may appear when launching Google Chrome or Chromium if the system is to configured to auto login.  To remove this prompt, delete the files present under the following path:

~/.local/share/keyrings

A command example would be:

rm -v ~/.local/share/keyrings/*.keyring

Re-launch Chrome and when prompted for a password, leave the value blank and click the Continue and then again, which is agreeing to unsafe storage.



SX - Network Scanner

SX is a network scanner.  One of the project goals is to be faster than nmap.

https://www.kitploit.com/2021/07/sx-fast-modern-easy-to-use-network.html

https://github.com/v-byte-cpu/sx


GPOZaurr PowerShell Module

The GPOZaurr PowerShell module that analyzes Group Policy and creates reports with the findings.

https://evotec.xyz/the-only-command-you-will-ever-need-to-understand-and-fix-your-group-policies-gpo/

https://github.com/EvotecIT/GPOZaurr 

TN5250j

TN5250j is a 5250 terminal emulator for the IBM i platform written in Java.

http://tn5250j.org/

LogExpert

LogExpert is a Windows tail program.

https://github.com/zarunbal/LogExpert


AnyBurn

AnyBurn is a free CD/DVD burning application for Windows.  A portable version is available to download.  It also has the option of editing an existing .ISO file.

http://www.anyburn.com/


Nsudo

Nsudo is an utility for Windows to allow applications to execute as SYSTEM or Trusted Installer.

https://github.com/M2Team/NSudo/

https://nsudo.m2team.org/en-us/


Thursday, July 1, 2021

Temporarily disable extensions within Google Chrome

To temporarily disable all extensions within Google Chrome, use the command line switch of --disable-extensions.  So the entire path on a Windows client would be via Windows key + R:

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-extensions

WhyNotWin11 Utility

The WhyNotWin11 utility is similar to Microsoft's PC Health application, but it offers additional details as to why the computer in question can or cannot support Windows 11.  It is free and the source code is available.

https://github.com/rcmaehl/WhyNotWin11/releases

https://www.bleepingcomputer.com/news/microsoft/whynotwin11-is-a-better-replacement-for-windows-11s-pc-health-check/



Windows 11 system requirement check utility

The link below is to a health utility to determine if a computer has the hardware requirements for Windows 11.

Older computer models may not include the requirements of UEFI, Secure Boot, and TPM 2.0 enabled.

https://aka.ms/GetPCHealthCheckApp

https://www.howtogeek.com/737021/how-to-check-if-your-windows-10-pc-can-run-windows-11/






Virtual Machine Compute Optimizer (VMCO)

The Virtual Machine Compute Optimizer (VMCO) is a VMware Fling that enables the capture of information about the hosts and VMs running in a vSphere environment. It generates a report on the VMs and states if the VMs are optimized.

https://flings.vmware.com/virtual-machine-compute-optimizer

https://4sysops.com/archives/vmware-virtual-machine-compute-optimizer-free-tool/


PWA Screen Recorder

Below is a link to a PWA screen recorder.

https://screenrecorderweb.app/

File Converter

File Converter is a free utility for Windows to convert certain file formats to others.

https://file-converter.org/

Tuesday, June 1, 2021

ChromeOS commands within crosh

ChromeOS has a Unix-like shell named crosh.  This shell can be accessed by the keyboard combination of Control + Alt + T.  Below are a few examples of available commands.

top -> Unix-like top command to show process details

network_diag -> Create a text file with network details

tracepath -> Trace route command

https://beebom.com/chrome-os-commands-run-crosh/

Script to create fake VM entries within Windows

The script at the link below creates fake entries and services within Windows to offer the allusion that the OS in question is running within a virtual machine.  Some malware attempt to check to determine if a VM is being used, so in theory it may not execute.

https://github.com/NavyTitanium/Fake-Sandbox-Artifacts

  

Windows10Debloater

Windows10Debloater is a PowerShell script to debloat Windows 10, to remove Windows pre-installed unnecessary applications, stop some telemetry functions, to disable unnecessary scheduled tasks, etc.

https://github.com/Sycnex/Windows10Debloater


FLoC checking web site

The EFF has a web site to check if Google's FLoC (Federated Learning of Cohorts) technology is present within a browser.

https://amifloced.org/

EdgeDeflector

EdgeDeflector is a helper application that intercepts URIs that force-open web links in Microsoft Edge and redirects it to the system’s default web browser.

https://github.com/da2x/EdgeDeflector/

Digital Signage applications

Below are some digital signage applications that are free.

https://pisignage.com/

https://www.digitalsignage.com/

https://www.opensignage.com/en

https://www.concerto-signage.org/ 

Saturday, May 1, 2021

Diagnostics app within ChromeOS

Starting with ChromeOS version 90, a new Diagnostics app was introduced.  To launch it, perform a search for "diagnostics".  Another method would be under About ChromeOS under Settings.  The Diagnostics app is broken up into three sections: Battery, CPU, and Memory.



Enable Function keys within ChromeOS

To enable the top keys within ChromeOS to be used as normal Function keys, access Settings -> Device -> Keyboard.  Toggle on the "Treat Top-Row Keys as Function Keys" option.



Nethogs command within Linux

The nethogs command groups bandwidth usage by process.  To install, use the command:

sudo apt install nethogs

To run the command, use:

sudo nethogs


https://www.geeksforgeeks.org/linux-monitoring-network-traffic-with-nethogs/


PowerShell one-liner to check Wi-Fi signal strength

To determine the strength of an existing Wi-Fi signal via PowerShell, use the following command.

(netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''



Gsudo

Gsudo is a sudo equivalent for Windows.

https://github.com/gerardog/gsudo

F-Droid

F-Droid is an app store for Android that focuses on open-source applications.

https://www.androidpolice.com/2021/04/10/f-droid-the-definitive-un-play-store/

https://f-droid.org/ 

Nzyme

 Nzyme is a WiFi Intrusion Detection System.

https://www.nzyme.org/

https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/

SnapDrop

Snapdrop is a open source application to transfer files between several platforms.

https://snapdrop.net/

https://www.howtogeek.com/721950/how-to-easily-transfer-files-between-linux-windows-mac-android-and-iphone/ 

Thursday, April 1, 2021

Check for boot errors within Linux

If the Linux distro in question uses systemd, the following command should display any errors found within the last boot.

sudo journalctl -b -p err


To create a list of boot sessions, use the following command:

sudo journalctl --list-boots



Hardinfo application for Linux

The Hardinfo application for Linux is a graphic device manager.  To install the application, use the following command:

sudo apt install hardinfo

To launch the application, use the command:

hardinfo

https://www.howtogeek.com/716646/how-to-get-a-graphical-device-manager-for-linux/





lsblk command with Linux

The lsblk command within Linux offers a view of block devices such as hard drives or USB drives.

https://www.howtoforge.com/linux-lsblk-command/



Exchange Health PowerShell script

A PowerShell script is available that will check the health of a local Exchange service.

https://github.com/dpaulson45/HealthChecker

https://aka.ms/ExchangeHealthChecker

Power Automate Desktop for Windows 10

Power Automate Desktop for Windows 10 is a free low-code robotic process automation (RPA) offering.

https://flow.microsoft.com/en-us/blog/automate-tasks-with-power-automate-desktop-for-windows-10-no-additional-cost/

https://flow.microsoft.com/en-us/desktop/

https://4sysops.com/archives/record-actions-and-create-workflows-with-power-automate-for-desktop-pad/

https://4sysops.com/archives/create-active-directory-users-with-power-automate-for-desktop/


PowerSharpPack

PowerSharpPack is a project to include several existing C# projects within PowerShell.

https://www.kitploit.com/2021/03/powersharppack-many-usefull-offensive.html

https://github.com/snovvcrash/PowerSharpPack

SimpleScreenRecorder

SimpleScreenRecorder (SSR) is an utility which lets you record your Linux desktop.

https://www.cloudsavvyit.com/9578/screen-recording-in-linux-with-simplescreenrecorder/

https://github.com/MaartenBaert/ssr


Monday, March 1, 2021

PowerShell command to check a local disk for errors

Below is a PowerShell command to check a local disk for errors.

Get-PhysicalDisk | Where-Object {$_.HealthStatus  -ne ‘Healthy’}



iSH

 iSH is a Linux shell for iOS.

https://www.cloudsavvyit.com/9787/how-to-run-a-linux-shell-on-ios/

https://github.com/ish-app/ish


Nishang

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.

https://github.com/samratashok/nishang

List of applications to clone a hard drive

Below is a list of applications that can clone a hard drive.

https://www.macrium.com/reflectfree

https://www.ubackup.com/free-backup-software.html

https://www.easeus.com/backup-software/tb-free.html

https://www.miray-software.com/download/hdclone.html

https://clonezilla.org/ 

Niagara Launcher

Niagara Launcher is an Android launcher replacement.  It is designed to work with one hand.

https://play.google.com/store/apps/details?id=bitpit.launcher&hl=en_US&gl=US

https://www.theverge.com/2021/2/4/22266910/niagara-android-launcher-minamalist-one-hand-commute


Monday, February 1, 2021

lslogins command within Linux

The lslogins command returns details for user accounts.  The command will display information on all accounts including service accounts by default.  To only view user accounts, use the -u switch.


To view details for a particular user account, use the user name.


Use the switch -uf to view failed logins.


Use the -ua switch to view password expiration details.









Convert to CSV web site

The following web site offers several options to convert data to and from the .CSV format.

http://convertcsv.com/

Duf

Duf is a disk usage utility.  It is available for multiple platforms.

https://github.com/muesli/duf



Text File Splitter

Text File Splitter is a free Windows utility that allows you to split a large text or log file into multiple, smaller files.

http://textfilesplitter.org/

ZMap

ZMap is a fast single packet network scanner designed for Internet-wide network surveys.

https://github.com/zmap/zmap

INetSim

INetSim is a software suite for simulating common internet services in a lab environment.

https://www.inetsim.org/

CodeSandbox

 CodeSandbox is an online coding environment that has a free trier.

https://codesandbox.io/

Recover an object from Active Directory Recycle Bin

To recover an object or user account that was deleted from Active Directory (if the AD Recycle Bin has been enabled), use the command below to view the contents of the items that have been deleted.

Get-ADObject -filter 'isDeleted -eq $true -and name -ne "Deleted Objects"' -includeDeletedObjects

Found the object in question and make note of the GUID parameter.

Deleted           : True
DistinguishedName : CN=Test Account\0ADEL:a769525b-0ac1-40c6-9cb5-9cdd8d221435
                    ,CN=Deleted Objects,DC=test,DC=local
Name              : Test Account
                    DEL:a769525b-0ac1-40c6-9cb5-9cdd8d221435
ObjectClass       : user
ObjectGUID        : a769525b-0ac1-40c6-9cb5-9cdd8d221435

Use the command below with the GUID value.

Restore-ADObject -Identity 'a769525b-0ac1-40c6-9cb5-9cdd8d221435'

https://stealthbits.com/blog/active-directory-object-recovery-recycle-bin/

Friday, January 1, 2021

Command line option to open the old System control panel app within Windows 10

With Windows 10 version 20H2 in the fall of 2020, Microsoft removed access to the old System app within the Control Panel.  One method to view the old app is to execute the following command:

explorer.exe shell:::{BB06C0E4-D293-4f75-8A90-CB05B6477EEE}

Sysmon template files and resources

Below are links to a few different resources for Sysmon template files.

https://github.com/SwiftOnSecurity/sysmon-config

https://github.com/olafhartong/sysmon-modular

https://github.com/f8al/sysmon-config

https://github.com/randomuserid/Tylium/blob/master/Windows/sysmon-att%26ck.xml

https://github.com/wubbaroo/sysmon/blob/master/sysmon_config.xml

https://github.com/Neo23x0/sysmon-config

Below is a link to a guide for Sysmon.

https://github.com/trustedsec/SysmonCommunityGuide/releases

Below are the links to the deployment of Sysmon.

https://github.com/jokezone/Update-Sysmon

https://www.syspanda.com/index.php/2017/02/28/deploying-sysmon-through-gpo/

Below is a resource for the log entries that are created.

https://www.blackhillsinfosec.com/a-sysmon-event-id-breakdown/

Below is a cheat sheet page.

https://github.com/olafhartong/sysmon-cheatsheet

Newer versions can block certain file types.

https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-can-now-block-malicious-exes-from-being-created/


Wi-Fi QR Code generator

The following web site allows the creation of a QR code for entering new Wi-Fi parameters with Android and iOS.

https://qifi.org/

Diagrams.net

Diagrams.net is a web site that has an on-line diagram option, as well as local application downloads for platforms such as Windows and Linux.

https://www.diagrams.net/

Parsec

Parsec is a remote access application that is intended for gaming.

https://parsecgaming.com

Restic

Restic is a backup application that supports Linux, Windows, and macOS.  It supports several different destinations option such as SFTP.

https://github.com/restic/restic

https://restic.readthedocs.io/en/latest/

https://www.cloudsavvyit.com/9418/how-to-use-the-restic-backup-program-on-linux/

What2Log

What2Log is a web site that has information on logging parameters for different platforms.

http://what2log.com/


Remoku

Remoku is a web site to allow remote access to a Roku device.

http://remokutv.com