The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
[SysAdmin] More like unItanium.
Seidkona
Had an upgradeRegistered User regular
Had an upgradeRegistered User regular
Below is a compilation of links we've found to be helpful for Sys Admins (capitalized because we're important, like a towel):
AntiVirus/AntiMalware Tools:
Networking Tools:
Miscellaneous Tools:
Printer Configuration tools:
Ransomware/Cryptoware information sheet
Stress Relief Tools:
...more to come
last updated 5.25.2017
AntiVirus/AntiMalware Tools:
- Malwarebytes
- Sophos Virus Removal Tool (Sophos product not required; free)
- Online Virus Check Upload a file and it'll check it for you. It also checks URL's which is super handy.
- Trend Micro - Hahahaha. Yeah, just kidding.
Networking Tools:
- Advanced IP Scanner
- Cisco Network Assistant - GUI for Cisco Products
- Royal TS - RDP Management Tool
- Terminals - RDP Management Tool
- Zenmap (Nmap)
- Internet appliance based on a PI to blackhole internet ads on your network.
- User Profile Wizard - used to easily migrate computers from one Domain to another.
Miscellaneous Tools:
- APC Power Estimator - estimates your power needs based on devices, which you can specify
- Dependency Walker - scans modules and builds a hierarchical dependency tree
- Greenshot -- Screenshot + utilies
- HJSplit -- Split/Join files
- Jing - Screenshot + utilities
- Notepad++ -- Enhanced Notepad (e.g., color coding)
- WinDirStat -- File space analysis
- HTAccess Redirect Generator -- Generate Redirects
- Hostsman Manage Multiple Hosts files from one utility.
- PC Decrapifier inventories all the bloatware (HP/Dell Utilities, etc) on a PC based on user-driven feedback and recommendations and removes them sans-uninstallers. Great for cleaning useless shit off out-of-the-box PCs.
- Recuva undelete software that restores deleted files, as well as files on damaged or freshly formatted drives. Paid corporate licensing but free for personal use wink wink nudge nudge.
- NirSoft has utilities to do nearly anything you want to do from sniffing passwords out of FTP/HTTP/SMTP traffic on your network to editing Outlook NK2 Autocomplete files to retrieving your Windows/Office product key to a nice viewer for BSOD minidump files.
- Screen Connect Free Use this to create a free tech support portal for yourself for personal use.
- VM for learning Puppet
- MobaXterm Super handy terminal program. Has local Cygwin shell and can spin up a lot of servers. Get it.
Printer Configuration tools:
Ransomware/Cryptoware information sheet
Stress Relief Tools:
...more to come
last updated 5.25.2017
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
XBL:Phenyhelm - 3DS:Phenyhelm
Seidkona on
+5
This discussion has been closed.
Posts
XBL:Phenyhelm - 3DS:Phenyhelm
there's apis for it
no native powershell nonsense because get fucked powershell that's why
wait what
I was under the impression this was fundamentally incompatible with the NT security model
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
XBL:Phenyhelm - 3DS:Phenyhelm
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
XBL:Phenyhelm - 3DS:Phenyhelm
becuase the install guide isn't clear, and they're arguing over which way to get the coupon app going, and they're doing this during on call hours, and a packet joke.
Did I get them all?
HR is the owner's wife
I've told you before that only users get that wrong
HR told me I can't bring up her marital status.
that's starting powershell with those credentials though
runas lets you actually run things as another user, ie, can be scripted
You can tag the credential parameter onto most cmdlets, it's pretty neat!
and Start-Process with a -credential does what runas.exe does, basically
or you could just call runas.exe inside powershell
But that's not what I meant by impersonate. I meant using your credentials to authenticate and run something as another user (assuming you have the appropriate permissions over that user). Can't you do that in *nix?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Oh. Yeah, I misunderstood.
Yeah, you can do that in *nix.
XBL:Phenyhelm - 3DS:Phenyhelm
https://arstechnica.com/information-technology/2017/05/nhs-ransomware-cyber-attack/?comments=1
Isn't that prime Jeeves duty?
Please, pissing is one of the few things I still have to do for myself around here.
Where's that desk whiskey?
It's dead. Fan error. What do you people do with these things? Throw them around?
XBL:Phenyhelm - 3DS:Phenyhelm
We actually have that here too.
I know I'm me and all, but powershell probably isn't necessary for this?
Like if the batch file will go into c:\pathshortcuts\ and read
you'd still need to like, type "C:\Program Files\Foo\Bar.exe" into your script so it can make the bat
the bulk of the work is typing out the path to the exe innit?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I know our production network has a link into N3 (the NHS network), but I'm 99% sure that it's ACLed to only allow port 443, so it shouldn't be vulnerable to the SMB attack vector that this is reported to be using.
I haven't received any calls yet, so I'm guessing we're safe.
to: manager
hey I'm sending out a laptop for your new hire on monday, double checking should that just go to his home address like in the request?
12p
to: vowels
no don't do that send it to the hotel where we'll be doing training
1p
to: manager
ok where is it
*crickets*
well I guess this guy won't be getting his laptop on monday
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I did
about an hour before the shipping deadline
which we are now past
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Friend of mine once made a whirlygig that added a context menu option 'add to path' that created symlinks in an already-in-path directory.
Just FYI
Turns out the current wave of WannaCrypt was stopped by its own shitty coding. This doesn't save those already victimized but it does stop further spread of this version of the malware. This doesn't mean the author can't release an updated version so obviously make sure your shit is patched.
Microsoft has put up an article listing hardening steps and windows updates you can follow to help prevent infection, including taking the rather significant step of providing support for Windows XP and Server 2003. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
As an amusing aside,
This is a clickable link to my Steam Profile.
This is a clickable link to my Steam Profile.
That being said, this accidental fix doesn't rid the malware from your system. The WannaCry worm still infects machines, it just can't deploy the destructive part of the malware in this current form. There's nothing stopping a copycat worm from doing the same thing with "better" code, so patch your shit.
Interstingly, this is deemed so bad, that Microsoft actually patched Windows XP, Windows Server 2003, and Windows 8.0. All 3 of those are out of support, for 3 years in the case of XP.
For me personally, all of my workstations are patched, my servers..... are getting patched Tuesday (when the medial staff, tractor beam, and photon torpedoes arrive). I have to schedule my downtime for patching servers 3 weeks ahead of time, and once I do, just because of the processes in place, I can't really change them. So I've been planning on doing patches for 3 weeks. Thank god it's not like, 2 more weeks away. I would have found a way to do it sooner if that were the case. But with our workstations all patched and no SMB exposure to the internet, and especially now with this strain of WannaCry being rendered basically inert, I'm only slightly worried, not omgbbq terrified.
Working in the most rural parts of Vermont. That was fun!
https://steamcommunity.com/profiles/76561197970666737/
FYI, the version without that killswitch is already running around in the wild, so while it's a funny story I wouldn't hold onto that as much comfort
I set our patching policies and we now aim for 100% installation within 14 days for any updates to any Microsoft or Adobe product, any web browser, and Java. We don't always make it, but we get close.
We were fully patched against ETERNALABLOO a month ago...
...except for that one fucking 2003 VM that we still have because that team is slowpokes
the "no true scotch man" fallacy.
Yeah, what I want is essentially a command that lets me go "pathinate ./foo.exe". (But have it run from the actual directory, of course.)