a wandersick's Tech Notes

This introductory article is about Infrastructure-as-Code (IaC) and a major player of which, Ansible , its concepts — control node, managed host, inventory, playbook and modules — along with a quick example using an ansible command to remediate configuration drift of managed computers, so that a specified service on them is running in its desired state. Infrastructure-as-Code DevOps is not a Goal, but a never-ending process of continual improvement. —  Jez Humble It is the era of DevOps, where development (Dev) and operation (Ops) are converged and streamlined for the benefit of the business. On the infrastructure side, it is also desired that managing hosts (mostly servers and workstations) be done in a modern way to fit in the DevOps mindset where everything is defined as code to allow for agility which enables continual improvement. Comes Infrastructure-as-Code automation engines, available as command-line tools which can be leveraged for infrastructure compliance remediation. Such ...

I came across this top session, 45 Life Hacks in 45 Minutes, from Microsoft Ignite 2018 which I consider to be a gem to Windows enthusiasts. It is packed with useful Windows techniques, many of which are advanced while practical. This blog post merely summarizes the interesting tips from the session as an entry point – to experience the amazingness of the live demos, please go watch the recorded session on YouTube and look for other works by Sami Laiho from whom I learned a lot. 1. Exit Explorer Windows 10/2016 Right-click taskbar > Exit Explorer Windows 8/2012 Press Alt+F4 to bring up shutdown dialog. Next, while holding Ctrl+Shift+Alt, click Cancel 2. Violate a Group Policy which e.g. only allows running IE, but not Command Prompt or others In Task Manager > Run New Task It always open a Command Prompt 3. Redo old commands from history without typing again F7 hotkey History of Command Prompt or PowerShell 4. Tab auto completi...

A quick Windows batch CLI tool to change or randomize network adapter MAC address for security, or to work around usage limit of public Wi-Fi hotspots, either auto or manually. The command – chmac – changes MAC address in an easy-to-use interactive console alongside CLI parameters Named after getmac and chmod,  chmac  is a command-line-interface (CLI) tool for Windows that changes or randomizes MAC addresses of specified network adapters, e.g. for a client device to reuse public Wi-Fi hotspot that has exceeded usage limit for the day (e.g. hotel, restaurants), or to enhance security. An easy-to-use interactive console is available, alongside command-line parameters, e.g. for scheduling jobs with Task Scheduler. ChMac also has built-in support for recurrence.  Go to Download Also on Chocolatey:  choco install chmac  / winget:  winget install chmac For a quick start, refer to Examples section below; for screenshots, refer to Sc...

CIS, Center for Internet Security, publishes prescriptive system hardening documents which provide guidance for establishing a secure system configuration on platforms such as Windows. Usually, their Windows hardening documents are over a hundred pages long and would take a long time to perform hardening manually by one person. Thankfully, there is an Infrastructure-as-Code configuration management approach, e.g. the one introduced below leveraging Chef and Inspec, to achieve automation of the hardening process and validating the results. Figure 1. Content of harden_winrm.rb, with references from CIS sections as an example of Chef recipes. (This one is from MattTunny/windows_hardening GitHub repository) Instead of demonstrating the power of infrastructure-as-code fully, this quick post only aims at introducing the concept by leveraging Chef hardening recipes found on the Internet, showing the steps to perform Windows hardening on a single local machine quickly, which may suit o...

Are you a security-aware person? Have you got a USB thumb drive or external hard drive you wish to use that does not have any built-in encryption features? You could turn it into one that does, with the cross-platform open-source alternative to BitLocker – TrueCrypt, succeeded by VeraCrypt – but it is not as easy or intuitive to unlock or use as a purchased encrypted external storage solution in the market, because of its feature-rich nature; unlocking is done via an advanced user interface that is more meant for the technically inclined. Solution – vCrypt2Go and tCrypt2Go, Lock-and-Unlock Utilities, to Simplify and Speed Up Drive Unlocking Named after VeraCrypt and 'BitLocker To Go', vCrypt2Go – a set of open-source and cross-platform lock-and-unlock utilities on top of VeraCrypt enabling users to DIY their own encrypted portable storage which is simple to use as a purchased solution in the market – simplifies the user experience of VeraCrypt Portable on removable media/e...

This is an article for enthusiasts detailing the technical design of tCrypt2Go for TrueCrypt (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified). (This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go ) Topics Covered in this Article Container for Thumb Drive (Removable Media) vs Partition for External Hard Disk (Fixed Disk) Choosing a File System for the Encrypted Partition Pros and Cons of Each File System (NTFS, exFAT and FAT32) The Unlocking Flowchart Commands for Locking and Unlocking 1. Container for Thumb Drive (Removable Media) vs Partition for External Hard Disk (Fixed Disk) In the high level, there are two modes from which a user can choose to encrypt their portable drives: Encrypted Partition Mode (Entire Partition Encrypted) for a Hard Drive Setup Encrypted File Container Mode (a Virtual Encrypted Disk within a File) for a Thumb Drive Setup or a Hard Drive Setup Below...

Warning : This guide is for system administrators or experienced enthusiasts. It may involve a steep learning curve if you are a novice, and risk breaking systems or losing data if the involved low-level system tools (such as diskpart) are not used carefully. There is no guarantee. One way to avoid risk is to engage professionals to perform the process on one of the freelancing platforms . This is an article for users illustrating how to encrypt a portable hard disk ( click here if you have a thumb drive or memory card instead ) as a partition for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified). (This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go ) List of Steps Creating 2 Partitions and Copy TrueCrypt/VeraCrypt Files to the Partition Labelled UNPROTECTED Eliminating Free Space on UNPROTECTED Partition (Preventing User...

Warning : This guide is for system administrators or experienced enthusiasts. It may involve a steep learning curve if you are a novice, and risk breaking systems or losing data if the involved low-level system tools (such as diskpart) are not used carefully. There is no guarantee. One way to avoid risk is to engage professionals to perform the process on one of the freelancing platforms . This is an article for users illustrating how to encrypt a USB thumb drive or memory card ( click here if you have a portable hard disk instead ) as a container (virtual disk file) for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified). (This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go ) List of Steps Formatting Thumb Drive and Copy TrueCrypt Files Creating a 10 MB Dummy File as Buffer (Optional) Creating Encrypted Container with Tr...

This is an article for users illustrating how to unlock and lock drives encrypted for use with tCrypt2Go for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified) on PC and Mac. (This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go ) Topics Covered in this Article Unlocking and Locking Encrypted Drives with tCrypt2Go – Admin User Guide – PC Unlocking and Locking Encrypted Drives with tCrypt2Go – Admin User Guide – Mac Unlocking and Locking Encrypted Drives with tCrypt2Go – Standard User Guide – PC Unlocking and Locking Encrypted Drives with tCrypt2Go – Standard User Guide – Mac

This is an article illustrating how to add miscellaneous enhancements or troubleshoot common issues with tCrypt2Go for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified). (This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go )  Topics Covered in this Article Formatting Encrypted Partition as exFAT in Command Prompt for Cross-Platform Support (i.e. Write Support in Mac OS X) – exFAT and TrueCrypt Only Granting Non-Admin Mac Users TrueCrypt/VeraCrypt Right (by Editing /etc/sudoer) – Mac-Only Avoiding User Account Control (UAC) Prompts Suppressing "Format Disk" Prompt with Diskpart

This is a quick guide on how to resolve an occasional problem that could happen to neglected Sophos UTM firewall with default settings, where updates are automatically downloaded to device, filling up storage after some time. An email alert similar to the below is sent to administrator when it happens: From: Firewall Notification System [[email protected]] Sent: 18 June 2016 11:58 PM To: Administrator [[email protected]] Subject: [SOPHOS][INFO-150] Root partition is filling up - please check Root partition is filling up - please check. Current usage: 86% -- System Uptime      : 362 days 1 hour 2 minutes System Load        : 0.05 System Version     : Sophos UTM 9.210-20 Please refer to the manual for detailed instructions. To solve it, one way is to SSH into Sophos UTM firewall using root login Remove content under Sophos update directory (Main f...

Recently, the ransomware Locky has been gaining local media attention. As I was asked for advice by a friend who is a junior working in the field, I have come up with these 3 things for him to deal with general ransomware in enterprises where infection was reported, such as #3 File recovery , which suggests an approach of restoring shadow copies deleted by malware using Recuva and then recovering the files from shadow copies, since backup may not always be available. Identifying how many users’ PCs are infected Disinfecting malware from PCs File recovery Read on for the details in each of the steps. Image courtesy of Jamie