Random Tech/IT Thread

[Zguy28]

Evaluating the complete costs of running email on-premise for a large international company and writing a business case to move to Office 365 is none too easy...

[Renegade7]

2 minutes ago, bobandweave said:

 

Never saw this thread before. You probably figured it out already but if you can't use Get-ADcomputer then type in

 

import-module activedirectory

 

First and then it will work for you. 

Ya, don't work there anymore but want to say I tried that after spending some time looking for people with same problem. 

 

I really think it's because the DCs are too old, kept seeing articles that even importing that module to your local computer doesn't matter if the DCs don't allow AD queries vis powershell.  You ever seen the no ADWS thing before? 

 

I both DCs in that domain were 2008, not 2008r2 (started with r2), and I wanted to avoid login to the DCs via RDP to run powershell locally. WinRF wasn't enabled on DCs, and didnt get permission to do it, so login via powershell to DCs, import that module, and run commands may have worked, but not an option before I left.

2 minutes ago, Zguy28 said:

Evaluating the complete costs of running email on-premise for a large international company and writing a business case to move to Office 365 is none too easy...

No but seems to be in thing right now.  Third time I've witnessed a full migration, this will be first from gmail. You gonna keep an on-premise exchange server?  I was walking in same time they were decommissioning it, so didn't get chance to see how they worked together.

[bobandweave]

22 minutes ago, Renegade7 said:

Ya, don't work there anymore but want to say I tried that after spending some time looking for people with same problem. 

 

I really think it's because the DCs are too old, kept seeing articles that even importing that module to your local computer doesn't matter if the DCs don't allow AD queries vis powershell.  You ever seen the no ADWS thing before? 

 

Depending on your OS as long as its Server 2008 R2 or newer your DC should have that. If it's an older OS or not at least to R2 then you would see that because it wasn't released until R2

 

Curious...writing scripts? Reason I ask is confused as to why you wouldn't want to go the RDP route? Glad it worked out. I will be keeping an eye on this thread to help whenever I can if I can

Edited August 16, 2018 by bobandweave

[Zguy28]

24 minutes ago, Renegade7 said:

Ya, don't work there anymore but want to say I tried that after spending some time looking for people with same problem. 

 

I really think it's because the DCs are too old, kept seeing articles that even importing that module to your local computer doesn't matter if the DCs don't allow AD queries vis powershell.  You ever seen the no ADWS thing before? 

 

I both DCs in that domain were 2008, not 2008r2 (started with r2), and I wanted to avoid login to the DCs via RDP to run powershell locally. WinRF wasn't enabled on DCs, and didnt get permission to do it, so login via powershell to DCs, import that module, and run commands may have worked, but not an option before I left.

No but seems to be in thing right now.  Third time I've witnessed a full migration, this will be first from gmail. You gonna keep an on-premise exchange server?  I was walking in same time they were decommissioning it, so didn't get chance to see how they worked together.

We currently have 5 separate AD/Exchange 2010 org's. Looking to go hybrid on one and consolidate the other 4 into one 2016 org in a resource forest (they can't use commercial tenant and would have to go Fedramp w/ GCC High plan).

Edited August 16, 2018 by Zguy28

[Renegade7]

3 minutes ago, bobandweave said:

 

Curious...writing scripts? Reason I ask is confused as to why you wouldn't want to go the RDP route? Glad it worked out. I will be keeping an eye on this thread to help whenever I can if I can

 

Thanks man, appreciate that.  Scripts are faster, and in regards to repeatable tasks, I'd rather script it now when I can.  If anything for efficency and practice. 

 

We had a script that could connect to a remote desktop and list all the software installed to make up for not having software to look for it or limiting permissions enough to prevent Rouge software despite having an approved software list (that I made from scratch and getting approval to add to it for people).

 

Another one was one I made that search a specific list of IPs for web servers with SAML software to search the identical configuration file they all had for a configuration line that was about to be deprecated and would break sso functionality if we left it after a certain date.  Had too much to do to rdp into each and find that.

[The Evil Genius]

36 minutes ago, Renegade7 said:

@The Evil Genius what's signal strength on your current cable modem / router?  You talked to ISP about latest model available?  Cable providers are notorious for not reaching out about this for regular upgrades and people paying for a speed their equipment can't handle.  If you havent, start there.  

 

How far are we talking PS4 from cable modem (this is a modem / wireless router as well, right?).  Is that backroom walls made of concrete?  What kind of WiFi signal are you getting on your cell phone or laptop?  Same issue?

 

I'm asking you these questions first because one, ISPs brag about range of their wireless cable modems now, so save some money and call them on it.  And two, if you sitting in a concert block, that's not gonna help you either.  I use ethernet where ever I can, even if I have to make my own cables.

 

We actually bought an ARRIS - SURFboard AC1600 Dual-Band Router with 8 x 4 DOCSIS 3.0 Cable Modem about 5 weeks ago because we were tired of paying Comcast $10+  to rent their cable modem. The downside is weve seem to have lost a lot of signal strength/speed in doing so. The man cave is downstairs and is the only room on that floor (other than the garage and crawlspace). The router/modem is upstairs (guesstimate 60-70 feet?) And right now I'm only getting a spotty 5-15 Mbps on the wifi signal downstairs (via an app on my phone)...plus the signal drops a lot. 

 

I'm at a loss as to what to do. Can't really return the modem since it's past it return period..but even so, I'd hate to eat the cost and get another brand as we're are getting a decent 100+ Mbps upstairs (cable internet plan is for up to 250 Mbps). Although we used to get closer to 180mbps upstairs when we rented the modem/router. 

 

That's why I was asking about MoCa or  Powerline options. 

[Renegade7]

11 minutes ago, Zguy28 said:

We currently have 5 separate AD/Exchange 2010 org's. Looking to go hybrid on one and consolidate the other 4 into one 2016 org in a resource forest (they can't use commercial tenant and would have to go Fedramp).

 

That actually sounds really cool : )  sounds like you solo planning it out, though, that sucks.  You mentioned FedRAMP, are there are FIPS docs to help guide to with that?  

 

Job asking me to get FedRAMP certified, have choice between easy aas CEH or OSCP (which I prefer) and they'll offering me side gigs.  I feel like I'm making this choice harder then it needs to be, they told me they won't be asking me to make exploits from scratch, but it want to learn how to do that better with python 

[bobandweave]

2 minutes ago, Renegade7 said:

 

Thanks man, appreciate that.  Scripts are faster, and in regards to repeatable tasks, I'd rather script it now when I can.  If anything for efficency and practice. 

 

Absolutely 

 

 

2 minutes ago, Renegade7 said:

 

We had a script that could connect to a remote desktop and list all the software installed to make up for not having software to look for it or limiting permissions enough to prevent Rouge software despite having an approved software list (that I made from scratch and getting approval to add to it for people).

 

Ever heard of NEWT? That’s what I use for cases like that. Scans a network of 1000 machines in 15 minutes and gives you all kinds of information like software installed, DAT file dates, hardware configuration, and so much more all exportable and the software is pretty cheap and powerful with a one time cost.

 

I realize this defeats the purpose of not using software to do this type of job but the capabilities and the quickness of this program make me want to mention it to you. Youtube it, it’s made by Komodo Labs and simple to use. Might be helpful

 

 

 

 

[Renegade7]

18 minutes ago, The Evil Genius said:

 

I'm at a loss as to what to do. Can't really return the modem since it's past it return period..but even so, I'd hate to eat the cost and get another brand as we're are getting a decent 100+ Mbps upstairs (cable internet plan is for up to 250 Mbps). Although we used to get closer to 180mbps upstairs when we rented the modem/router. 

 

That's why I was asking about MoCa or  Powerline options. 

 

Lost last post due to stupid timeout, so I'll try to keep this short:

 

I feel you, 5-15 is brutal.  But for clarification, was it working before just fine with comcast modem?

 

If it was and it was me, I'd put that new router on ebay or Craigslist to try to get something back, call comcast to ask what their best moder is right now, then buy your own with equal or greater signal strength.

 

I don't like your new router, not with a drop like that, if I had choice between going back to something close to what was working before versus trying to save keeping the new one...I don't want to see you back here talking about the powerline extenders weren't good enough.

 

This is on my assumption that yall were fine with the comcast modem, jus wanted to save some coin by owning your own.

[HOF44]

I never have bought a cable modem and router combo.  I look for the best cable modem reviews, then the best wireless router reviews.  Then by each separately.  Much more likely to be a compromise in one or the other if it's a package deal.  I currently have an SB6183 and an Airport Extreme in a 3 level fairly large house and it covers pretty well.

Edited August 16, 2018 by HOF44

[The Evil Genius]

Yeah I was getting 20-50 Mbps WiFi downstairs with the previous rented modem. Sucks that I chose...poorly. 

 

?

[Renegade7]

19 minutes ago, HOF44 said:

I never have bought a cable modem and router combo. 

 

Ya, my apartment and townhouse weren't big enough to need something more then what Cox offered.  If I was in a house, I'd go same router as I'm comfortable configuring and separating the two.  Used to have a netgear firewall in my apartment, but I was jus practicing fitting it in there and still being able to connect to internet

[HOF44]

52 minutes ago, The Evil Genius said:

 

 

I'm at a loss as to what to do. Can't really return the modem since it's past it return period..but even so, I'd hate to eat the cost and get another brand as we're are getting a decent 100+ Mbps upstairs (cable internet plan is for up to 250 Mbps). Although we used to get closer to 180mbps upstairs when we rented the modem/router. 

 

That's why I was asking about MoCa or  Powerline options. 

Being dual band have you make sure that both the 5.0 and 2.4 bands are active? The 2.4 band generally gives you better long distance speed.  So make sure you are on that one and also that you try both to see which is better.  

[Renegade7]

2 minutes ago, The Evil Genius said:

Yeah I was getting 20-50 Mbps WiFi downstairs with the previous rented modem. Sucks that I chose...poorly. 

 

?

Meh, jus let it be lesson you don't have to learn twice, we all been there : )

 

That was right track, but check specs going forward

[PokerPacker]

Yet another speculative execution exploit on Intel processors.  https://www.phoronix.com/scan.php?page=news_item&px=L1-Terminal-Fault

[Springfield]

@The Evil Genius

 

I have a MoCA Network in my house for my Tivo system.  Verizon routers set up a MoCA network by default, so if you have Verizon then you’re a step ahead.  If not, then you’ll need a router that can create that.  Then you’ll need cable to whatever areas you want.  I also believe that you’ll need a MoCA converter/filter as well.  IMO it’s almost easier to hardware cat 6 if cable isn’t already there.

 

What about a WiFi repeater?  Those are rather inexpensive.

[Renegade7]

58 minutes ago, PokerPacker said:

Yet another speculative execution exploit on Intel processors.  https://www.phoronix.com/scan.php?page=news_item&px=L1-Terminal-Fault

Jesus, what is that like 3 in a row now? 

[PokerPacker]

17 minutes ago, Renegade7 said:

Jesus, what is that like 3 in a row now? 

Meltdown and Spectre were kind of a 1-2 punch, though AMD was also susceptible to some of the Spectre variants.  But Meltdown and L1 Terminal Fault seem to be much more serious than Spectre and the mitigations seem more costly.

[Renegade7]

Just now, PokerPacker said:

Meltdown and Spectre were kind of a 1-2 punch, though AMD was also susceptible to some of the Spectre variants.  But Meltdown and L1 Terminal Fault seem to be much more serious than Spectre and the mitigations seem more costly.

Ya, I was on my way out while we're waiting for patches to come out for all the different processors we had just with Meltdown and Spectre, Azure and Linode didn't waste no time, shutting down our servers overnight without our permission despite some of the patches causing performance issues.  Then another one we were like, damn, now this?  I guess the only good thing about this is you have to exploit the box for access first then run one of these, its not a remote exploit by itself.  Local access is a different story.

 

I don't think we're ready for production quantum processors, but I'm going to have to keep my ear to the ground to how they plan to redesign how we do processors in the meantime.  Obviously where we are isn't good enough.

[bobandweave]

16 hours ago, PokerPacker said:

Meltdown and Spectre were kind of a 1-2 punch, though AMD was also susceptible to some of the Spectre variants.  But Meltdown and L1 Terminal Fault seem to be much more serious than Spectre and the mitigations seem more costly.

 

Meltdown and Spectre also were released in January. I guess it took the assholes time to morph this into the next generation. Hopefully they learned some lessons that will help them with this one. Looks nasty

[PokerPacker]

On 8/17/2018 at 1:53 PM, bobandweave said:

 

Meltdown and Spectre also were released in January. I guess it took the assholes time to morph this into the next generation. Hopefully they learned some lessons that will help them with this one. Looks nasty

I wouldn't say it morphed for the next generation.  Meltdown and Spectre are still around (the hardware design process is long; they can't just fix fundamental problems in the CPU design in a few months and get it out to production), this is just a separate exploit of similar nature that has been sitting around waiting to be found (assuming the NSA or whomever hasn't been sitting on it as a day-zero).

[Zguy28]

Part of a message I got from a corporate lawyer today. Due to the President cutting some deal with ZTE. This could be a serious financial burden for some companies.

 

Quote

 

Congress included a provision in the 2019 National Defense Authorization Act, which the President has signed into law.  Under that provision (Section 889 of the Act), two years from now, all Federal agencies will be prohibited from contracting with any entity that uses telecommunications or video surveillance equipment or services from the following Chinese companies:

 

Huawei Technologies Company

ZTE Corporation (or any of their subsidiaries or affiliates)

Hytera Communications Corporation

Hangzhou Hikvision Digital Technology Company

Dahua Technology Company (or any of their subsidiaries or affiliates)

 

 

[Zguy28]

https://krebsonsecurity.com/2018/08/indian-bank-hit-in-13-5m-cyberheist-after-fbi-atm-cashout-warning/

Quote

 

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.

 

The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.

The FBI warned it had intelligence indicating that criminals had breached an unknown payment provider’s network with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.

 

 

[Riggo-toni]

[Renegade7]

On 8/20/2018 at 8:35 AM, Zguy28 said:

Part of a message I got from a corporate lawyer today. Due to the President cutting some deal with ZTE. This could be a serious financial burden for some companies.

 

 

Whoa, and I tight the kaspersky ban was big, hot damn. On surface I approve, but now wonder about reaction China will have towards companies like cisco (since nsa had that zero day tool that got out)