Josh Brade Technical Blog

Category: Tips

  • Linux Commands Security Professionals Should Know

    Linux Commands Security Professionals Should Know

    User and Group Management

    • passwd – Changes the password of a user account.
      • Example: sudo passwd username
    • useradd – Creates a new user account.
      • Example: sudo useradd -m newuser
    • userdel – Deletes a user account.
      • Example: sudo userdel username
    • usermod – Modifies a user account, such as changing the username or group.
      • Example: sudo usermod -aG sudo username
    • groupadd – Creates a new group.
      • Example: sudo groupadd newgroup
    • groupdel – Deletes a group.
      • Example: sudo groupdel oldgroup
    • groups – Displays the groups a user is a member of.
      • Example: groups username
    • id – Displays user and group information for a specified user.
      • Example: id username

    Package Manager

    • apt-get – A command-line tool to handle packages on Debian-based systems, used to install, remove, or upgrade packages.
      • Example: sudo apt-get install curl
    • apt – A newer, simpler front-end for the apt-get tool for package management on Debian-based systems.
      • Example: sudo apt update
    • yum – Package management tool for RPM-based Linux distributions (like CentOS, Red Hat), used to install, update, or remove packages.
      • Example: sudo yum install curl
    • dnf – A newer package manager for RPM-based systems, replacing yum in many distributions (like Fedora).
      • Example: sudo dnf install curl
    • rpm – Command-line tool to install, remove, and query RPM packages.
      • Example: sudo rpm -ivh package.rpm
    • dpkg – The low-level package manager for Debian-based systems that installs and manages .deb packages.
      • Example: sudo dpkg -i package.deb
    • snap – A package management system for installing snaps (self-contained applications) across various Linux distributions.
      • Example: sudo snap install vlc
    • zypper – Package manager for openSUSE, used to install, update, and manage packages.
      • Example: sudo zypper install curl

    Network Configuration & Monitoring

    • ifconfig – Displays and configures network interfaces (deprecated in favor of ip).
      • Example: ifconfig eth0
    • ip add – Displays IP addresses of network interfaces (part of the ip tool suite).
      • Example: ip addr show
    • ping – Sends ICMP echo requests to test network connectivity.
      • Example: ping 8.8.8.8
    • netstat – Displays network connections, routing tables, and interface statistics (deprecated in favor of ss).
      • Example: netstat -tuln
    • ss – A utility to investigate sockets and network connections, replacing netstat.
      • Example: ss -tuln
    • traceroute – Traces the route packets take to a network host, showing each hop along the way.
      • Example: traceroute google.com
    • ssh – Securely connects to a remote system using the SSH protocol.
      • Example: ssh user@hostname
    • nc – Netcat, a utility for reading/writing network connections, useful for port scanning, listening, and sending data.
      • Example: nc -zv 192.168.1.1 1-1000

    Process Management

    • ps – Displays a snapshot of current running processes.
      • Example: ps aux
    • top – Displays dynamic real-time information about processes.
      • Example: top
    • kill – Sends a signal to terminate a process by its PID (process ID).
      • Example: kill 1337
    • killall – Sends a signal to terminate processes by name.
      • Example: killall firefox
    • pstree – Displays processes in a tree-like format, showing their hierarchy.
      • Example: pstree
    • htop – Interactive version of top, providing a more user-friendly, color-coded view of processes.
      • Example: htop

    File and Directory Management

    • ls – Lists the contents of a directory.
      • Example: ls -l /home/user
    • pwd – Displays the current working directory.
      • Example: pwd
    • cd – Changes the current directory.
      • Example: cd /home/user/Documents
    • mkdir – Creates a new directory.
      • Example: mkdir newdir
    • mdir – Similar to mkdir, but used for creating directories on remote systems (e.g., with FTP).
      • Example: mdir /mnt/remote/dir
    • touch – Creates an empty file or updates the timestamp of an existing file.
      • Example: touch newfile.txt
    • cp – Copies files or directories.
      • Example: cp file1.txt file2.txt
    • mv – Moves or renames files or directories.
      • Example: mv oldname.txt newname.txt
    • rm – Removes files or directories. There are several options for the rm command as well (ie -force (-f), -recursive (-r), -verbose (-v), -interactive (-i))
      • Example: rm file.txt

    File Viewing and Editing

    • cat – Concatenates and displays file content.
      • Example: cat file.txt
    • less – Displays file content one screen at a time, allowing scrolling backward and forward.
      • Example: less file.txt
    • more – Similar to less, but less feature-rich (only allows forward scrolling).
      • Example: more file.txt
    • nano – A simple, text-based text editor.
      • Example: nano file.txt
    • vim – A powerful text editor with advanced features for editing files.
      • Example: vim file.txt
    • gedit – A graphical text editor for GNOME-based systems.
      • Example: gedit file.txt

    System Information

    • uname – Displays system information, such as the kernel version and architecture.
      • Example: uname -a
    • df – Displays disk space usage for all mounted filesystems.
      • Example: df -h
    • du – Displays disk usage for files and directories.
      • Example: du -sh /home/user
    • free – Displays memory usage, including free and used memory.
      • Example: free -h
    • lscpu – Displays detailed information about the CPU architecture.
      • Example: lscpu
    • lshw – Displays detailed hardware configuration information.
      • Example: sudo lshw -short
    • lsblk – Lists information about block devices (e.g., hard drives and partitions).
      • Example: lsblk

    Permission Commands

    • chmod – Changes the file or directory permissions.
      • Example: chmod u+x file.txt
    • chown – Changes the owner and/or group of a file or directory.
      • Example: sudo chown user:group file.txt
    • chgrp – Changes the group ownership of a file or directory.
      • Example: sudo chgrp admin file.txt
    • umask – Sets default file creation permissions.
      • Example: umask 022
    • setfacl – Sets file access control lists for more granular permission control.
      • Example: setfacl -m u:username:rwx file.txt
    • getfacl – Displays the access control list (ACL) of a file or directory.
      • Example: getfacl file.txt
    • chattr – Changes file attributes for advanced file protection (e.g., immutability).
      • Example: sudo chattr +i file.txt
    • ls -l – Lists files and directories with detailed information, including permissions.
      • Example: ls -l file.txt
    Side note for chmod (Click the Arrow)


    The chmod command changes the file’s permissions for the user, group, and others. Permissions can be set using symbolic mode or numeric mode.

    Symbolic Mode: Uses letters to represent file permissions.

    r (read)

    w (write)

    x (execute)

    Numeric Mode: Uses numbers to represent permissions.

    4 = read (r)

    2 = write (w)

    1 = execute (x)

    Sum of numbers for the user, group, and others.

    In numeric mode, you represent permissions using numbers. Each permission is assigned a number:

    4 = read (r)

    2 = write (w)

    1 = execute (x)

    To calculate the numeric value for each permission group (user, group, others), you add the numbers:

    rwx = 4 + 2 + 1 = 7

    rw- = 4 + 2 = 6

    r– = 4

    -wx = 2 + 1 = 3

    –x = 1

  • A Few Cybersecurity Linux Tools to Explore

    A Few Cybersecurity Linux Tools to Explore

    Information Gathering & Reconnaissance

    1. Nmap: A network scanning tool for identifying hosts, open ports, and services. Commonly used for vulnerability assessments.
      Website: nmap.org
    2. Recon-NG: A reconnaissance framework for gathering and processing OSINT data. Modules can automate recon tasks.
      Website: Recon-NG GitHub
    3. theHarvester: Collects emails, subdomains, and hosts using sources like Google, Bing, and Shodan.
      Website: GitHub
    4. DNSRecon: DNS enumeration tool for zone transfers and DNS record collection (MX, SPF, SRV).
      Website: GitHub
    5. Netdiscover: A network scanning tool to identify active IPs in networks, particularly wireless networks.
      Website: Netdiscover SourceForge
    6. Unicornscan: A high-performance asynchronous port scanner capable of scanning large networks.
      Website: Unicornscan GitHub
    7. Masscan: Ultra-fast port scanner that can scan the entire internet within minutes.
      Website: masscan GitHub
    8. P0f: A passive fingerprinting tool to infer OS, uptime, and device information by analyzing traffic.
      Website: P0f GitHub

    Vulnerability Analysis & Exploitation

    1. Nikto: Web server vulnerability scanner that identifies misconfigurations, outdated software, and potential exploits.
      Website: CIRT.net
    2. OpenVAS: Open-source vulnerability scanner for automated network security assessments.
      Website: openvas.org
    3. Metasploit: A penetration testing framework for exploit development and vulnerability validation.
      Website: Rapid7
    4. jSQL Injection: A Java-based SQL injection exploitation tool.
      Website: GitHub
    5. OWASP ZAP: An intercepting proxy for web app security testing and identifying vulnerabilities.
      Website: OWASP ZAP
    6. Burp Suite: A web vulnerability scanner and exploitation platform with intercepting proxy capabilities.
      Website: PortSwigger
    7. SQL Ninja: An SQL injection tool for exploiting database vulnerabilities.
      Website: GitHub
    8. Sqlmap: An open-source tool for automating the detection and exploitation of SQL injection vulnerabilities.
      Website: sqlmap.org

    Wireless & Network Attacks

    1. Aircrack-ng: A suite of tools for Wi-Fi network security assessment, focusing on cracking WEP and WPA-PSK keys.
      Website: aircrack-ng.org
    2. Kismet: Wireless network detector and packet sniffer, useful for Wi-Fi reconnaissance.
      Website: kismetwireless.net
    3. Reaver: Exploits vulnerabilities in WPS to retrieve WPA/WPA2 passwords.
      Website: Reaver GitHub
    4. Wireshark: A powerful packet analyzer for network troubleshooting and analysis.
      Website: wireshark.org
    5. Ettercap: A suite for network sniffing and man-in-the-middle attacks, particularly for ARP poisoning.
      Website: ettercap GitHub
    6. PixieWPS: A tool to exploit WPS vulnerabilities via offline brute-force attacks.
      Website: PixieWPS GitHub
    7. Wifite: Automates attacks on Wi-Fi networks, including cracking WPA/2 and WEP keys.
      Website: GitHub
    8. Netcat: A versatile networking utility for debugging, backdoors, and transferring files.
      Website: Netcat Guide

    Forensics & Post-Exploitation

    1. Autopsy: A digital forensics platform for analyzing and recovering deleted files, email parsing, and more.
      Website: Autopsy.com
    2. Foremost: A file recovery tool for carving out files from disk images and raw data.
      Website: Foremost GitHub
    3. Mimikatz: A tool for credential dumping and Windows security testing.
      Website: GitHub
    4. PowerShell Empire: A post-exploitation framework leveraging PowerShell for remote access and persistence.
      Website: Empire Project
    5. Shellter: A tool for obfuscating and injecting payloads into Windows executables.
      Website: Shellter GitHub
    6. PowerSploit: A post-exploitation toolkit for executing PowerShell scripts on compromised systems.
      Website: PowerSploit GitHub
    7. Memdump: Captures live memory for forensic analysis.
      Website: GitHub

    Password & Hash Attacks

    1. Hydra: A parallelized login cracker supporting numerous protocols.
      Website: Hydra GitHub
    2. Rainbowcrack: Cracks hashes using precomputed rainbow tables.
      Website: Project
    3. John the Ripper: A fast password cracker supporting many hash types.
      Website: John the Ripper
    4. Crunch: A wordlist generator for brute-force attacks.
      Website: Crunch GitHub
    5. Hashcat: A GPU-accelerated password recovery tool.
      Website: hashcat.net
    6. Medusa: A parallelized, modular brute-forcer for password cracking.
      Website: GitHub
    7. Patator: A brute-forcing tool supporting many protocols and methods.
      Website: GitHub
    8. CeWL: Generates custom wordlists for brute-force attacks based on target website content.
      Website: CeWL GitHub

    Malware Analysis, Vulnerability Research, & Incident Response

    1. Ghidra: Reverse engineering tool for analyzing binaries and decompiling code.
      Website: ghidra-sre.org
    2. Radare2: An open-source framework for binary analysis and reverse engineering.
      Website: radare.org
    3. OllyDbg: A debugger for analyzing and manipulating executables.
      Website: OllyDbg
    4. DynamoRIO: A dynamic binary instrumentation framework.
      Website: dynamorio.org
    5. Cuckoo Sandbox: An automated malware analysis platform.
      Website: cuckoosandbox.org
    6. Volatility: A memory forensics tool for analyzing RAM dumps.
      Website: Volatility Foundation
    7. Binwalk: Firmware analysis tool for Website: Binwalk

  • WINGET – Updating Installed Software on Windows

    WINGET – Updating Installed Software on Windows

    Let’s ensure your installed software stays up-to-date! We’ll use the Windows Package Manager to quickly find and apply any available updates. Follow the steps below to run the necessary commands using an elevated Command Prompt.

    Open Command Prompt as Administrator

    • Search for CMD in the Start Menu.
    • Right-click on Command Prompt and select Run as Administrator.

    List Available Software Updates

    • In the Command Prompt, type the following command:
      • winget upgrade
      • Press Enter.
    • This will display all software on your system with available updates.

    Install All Available Updates

    • To update everything, enter the following command:
      • winget upgrade --all
      • Press Enter
    • This will begin the installation of all updates.
  • Adobe Acrobat Is Scanning Your Documents

    Adobe Acrobat Is Scanning Your Documents

    The generative AI features in Adobe Acrobat are scanning your documents! This could possible lead to sensitive data leakage.

    You can turn this feature off through the windows registry.

    “Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown create a new dword key under feature lockdown, bEnableGentech

    1 will enable the feature, 0 will disable the feature and remove all entry points”

    You can also disable the generative AI features in Adobe Acrobat with PowerShell.

    “New-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown’ -Name “bEnableGentech” -PropertyType DWord -Value 0″

    References:

    https://infosec.exchange/@briankrebs/111965550971762920
    Turning off Adobe's ability to scan all of your organization's documents for generative AI
    byu/rb3po insysadmin
  • Streamlining Windows Image Preparation

    Streamlining Windows Image Preparation

    Streamlining Windows Image Preparation with the Power of PowerShell: An In-depth Look at the Remarkable Windows10Debloater Script

    Windows image preparation can be tedious, requiring the removal of unnecessary apps and settings. The Windows10Debloater script by Sycnex simplifies this process, offering automation, precision, and customization. Here’s how this tool makes image preparation more efficient and effective for IT professionals and tech enthusiasts.

    Why Use Windows10Debloater?

    1. Efficient Debloating:
      Removes unnecessary apps and components to optimize system performance, creating leaner and faster Windows images.
    2. Customizable Options:
      Adjust settings to meet specific needs—whether removing specific apps or adjusting privacy settings.
    3. User-Friendly Interface:
      Offers both a PowerShell script for advanced users and an intuitive GUI for beginners.
    4. Safety Measures:
      Creates system backups with a restoration option, ensuring any changes are reversible.
    5. Scalable Efficiency:
      Ideal for managing multiple machines, saving time while ensuring consistency across devices.

    Key Benefits for IT Professionals

    • Time Savings: Streamlines image preparation with minimal manual effort.
    • Consistency: Enables uniform system setups for large-scale deployments.
    • Reliability: Provides clear documentation and failsafe features for peace of mind.

    Getting Started

    Download Windows10Debloater from its GitHub repository, run the script, and choose between default or customized settings. The documentation is straightforward, making it easy to use regardless of experience level.

    Conclusion

    Windows10Debloater redefines Windows image preparation, blending automation and flexibility to improve efficiency. Whether you’re a tech enthusiast or an IT professional, this tool simplifies the process and ensures consistent, optimized results.

    Source:

    https://github.com/Sycnex/Windows10Debloater

  • Rejoin to Azure Domain Command

    Rejoin to Azure Domain Command

    When you’re dealing with an Azure Domain and you end up needing to rejoin a computer to the domain, things can get a bit tricky, especially if you’ve renamed the PC after it joined the domain. Here’s the deal: sometimes, even after you’ve changed the computer name, the old one still shows up when you look up the user. Not the most convenient thing, right?

    But hey, there’s a couple of cool commands that can save the day in this situation:

    • dsregcmd /forcerecovery: Alright, imagine this command as a superhero move. It’s like doing a leave-and-join combo in one swift action. First, the computer says “I’m outta here” and leaves the Azure Domain. Then, it immediately rejoins with the new name. This makes sure you don’t end up locked out of the domain without any admin access. But, here’s the kicker: you’ll need to sign in again after this. Think of it as a reset button that sorts out the PC name issue while also ensuring you’ve got the right credentials to hop back in.
    • dsregcmd /UpdateDevice: Now, this command is like the quick fix in comparison. Instead of the whole leave-and-join drama, it just does a smart update. It’s like changing the sign on a door to match the new room inside. This command directly tells Azure to freshen up its memory about the PC’s identity and its shiny new name.The coolest part? No need to sign in again with this command. It’s a simple, straightforward way to get the new PC name properly registered in Azure. It’s like telling Azure, “Hey, just a heads-up, we’ve got a new name in town.”

    So there you have it! These commands are your go-to solutions when the PC name isn’t playing nice in your Azure Domain, especially if renaming was involved. The first command, dsregcmd /forcerecovery, is your all-in-one reset button with a leave-and-join twist. The second one, dsregcmd /UpdateDevice, is your quick update without the fuss. Just pick the one that fits your situation best!

  • UNC Path – Still Asking for credentials

    UNC Path – Still Asking for credentials

    I have been working on a project with GED machines at work, and wanted to share my hair-pulling story. Specifically, the machines that students utilize require a mapped drive for establishing a connection to the proctor/administrative machine in the setup.

    During this process, I encountered an unexpected complication. Despite successfully mapping the drive and ensuring that the “remember credentials” option was enabled, the Windows operating system continued to prompt for authentication whenever the application (Delivery Manager) attempted to access the Universal Naming Convention (UNC) path.

    In an attempt to troubleshoot and rectify the issue, I proceeded to incorporate the UNC path and corresponding credentials into the Windows Credential Manager. Despite this effort, the recurring authentication demand persisted.

    The key revelation that ultimately resolved the matter was the realization that utilizing the syntax “AdminMachine\UserName” within the Credential Manager was essential. This seemingly minor adjustment within the Credential Manager proved to be the critical solution. Once this was implemented, the recurring password prompt ceased to show it’s annoying head, effectively resolving the issue.

  • Windows Utility (PowerShell GUI)

    Windows Utility (PowerShell GUI)

    Windows Utility (PowerShell GUI) – By Chris Titus

    This Windows utility seems pretty handy from the testing I have done with it. Go check out Chris’ Website, he has some pretty cool stuff going on https://christitus.com/.

    Here is the GitHub: https://github.com/ChrisTitusTech/winutil

    You can run this Utility Software straight from an Admin PowerShell using:  irm christitus.com/win | iex

    In case you don’t know what these PowerShell commands do (I admit, I was a little shaky on them) here is a breakdown:

    IRM

    The irm command means “Invoke-RestMethod”.

    “The Invoke-RestMethod cmdlet sends HTTP and HTTPS requests to Representational State Transfer (REST) web services that returns richly structured data.” Source

    IEX

    The iex command stands for “Invoke-Expression”.

    “The Invoke-Expression cmdlet evaluates or runs a specified string as a command and returns the results of the expression or command. Without Invoke-Expression , a string submitted at the command line would be returned (echoed) unchanged.”  Source

    What does it do?

    INSTALL

    There are several different options for common installs listed here. The categories of software listed are Browsers, Communications, Development, Document, Games, Pro Tools (Very Useful installs), Microsoft Tools, Multimedia Tools, Utilities. The install area reminds me of ninite.com except with more useful tools for sysadmins.

    The next gem on this tab is the “Upgrade Installs” button. This button will search your currently installed software and check for updates. If there are updates it automatically install them. I ran this and it updated a lot of software for me! Pretty neat!

    TWEAKS

    There are several really good options with the Tweaks tab on the Utility software, most of which I use different PowerShell Scripts to accomplish. Along with all the options there is also a “recommended selections” option that will select the options the Author has deemed to be the best for the system type. Don’t worry about clicking these recommended options, they don’t auto-apply, they just check the options. You still have to manually click the “Run Tweaks” button.

    CONFIG

    The Config tab just a few options, ranging from Windows Features installer to Windows Fixes and also includes Legacy Control Panel options.

    UPDATES

    The Updates tab deals with setting Windows Update options. These update options are limited to “Default OOB (Out of Box)”, Security (Recommended), and Disable all updates.

    Source: One Tool for Everything

    Source: https://christitus.com/one-tool-for-everything/

  • Install Windows 11 Without a Microsoft Account (Local Account)

    Install Windows 11 Without a Microsoft Account (Local Account)

    There are a few different ways to create a local account while installing Windows 11 and I will explain a few (for large enterprise environments you should be using Windows Autopilot). The reason you would want to do this is you don’t want to connect your computer to a Microsoft Account. I personally don’t like having a Microsoft account connected to my computer to use it.

    You will follow Windows 11 install process until you will come to the screen that asks you to add your Microsoft account.

    From here there are three different ways to add a local account:

    Out-of-box experience Bypass

    At the “Add your Microsoft Account” Page you will;

    1. Press Shift+F10
    2. A Command Prompt will appear
    3. Enter this command: OOBE\BYPASSNRO
    4. The computer will restart and the OOBE (out-of-box experience) will start again
    5. Click the “I don’t have internet” option on the “Let’s connect you to a network”
    6. Click the “Continue with limited setup” option.
    7. A screen should appear that says “Who’s going to use this device?”
    8. Enter your Local Username
    9. Select “Next”
    10. Enter your Local Password
    11. Select “Next”

    Releasing IP Address

    At the “Add your Microsoft Account” Page you will;

    1. Press Shift+F10
    2. A Command Prompt will appear
    3. Enter this command: ipconfig /release
    4. Close the Command Prompt window
    5. Click the back arrow (located at the top left of the screen)
    6. A screen should appear that says “Who’s going to use this device?”
    7. Enter your Local Username
    8. Select “Next”
    9. Enter your Local Password
    10. Select “Next”

    Using Fake Email

    At the “Add your Microsoft Account” Page you will;

    1. enter no@notarealdomain.com
    2. Select “Next”
    3. Enter a random password
    4. Select “Sign in”
    5. If this method works you should get to a screen that say “Oops, something went wrong”
    6. Select “Next”
    7. A screen should appear that says “Who’s going to use this device?”
    8. Enter your Local Username
    9. Select “Next”
    10. Enter your Local Password
    11. Select “Next”

    Sources:

    https://pureinfotech.com/bypass-internet-connection-install-windows-11/#:~:text=a%20second%20layout.-,On%20the%20%E2%80%9COops%2C%20you’ve%20lost%20internet%20connection%E2%80%9D,Windows%2011%20and%20press%20Enter.

    https://www.windowscentral.com/how-set-windows-11-without-microsoft-account

    https://www.tomshardware.com/how-to/install-windows-11-without-microsoft-account

  • RustDesk – Open Source Remote Desktop

    RustDesk – Open Source Remote Desktop

    RustDesk is an open source remote desktop software that functions like TeamViewer. You can use it as host-to-client, web-to-client or you can deploy your own open source server instance providing better network and higher security. You can use it on any Operating System as far as I can tell.