geekmungus.co.uk

Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

July 26, 2021November 5, 2022Tristan SelfLeave a Comment

Microsoft have published a vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 which allows an attacker to use the NTLM authentications to begin an attack chain to make an unauthenticated NTLM connection that is then relayed to allow a connection to the Active Directory Certificate Services (ADCS), this assuming the auto-enrollment is enabled means that an attacker can make a request […]

More...

What’s the Difference Between UPC and APC (LC) Connector?

July 17, 2021November 5, 2022Tristan SelfLeave a Comment

A single-mode or multi-mode duplex fibre optic patch cable a simple enough item, commonly you’ll find these with an LC connector on the end. What are the types? The default type is typically a UPC (Ultra Physical Contact) type connector, if you were to ask a supplier for a fibre patch cable this is normally […]

More...

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

July 14, 2021November 5, 2022Tristan SelfLeave a Comment

OpenManage Enterprise version 3.4 allows automatic discovery of servers that have iDRAC firmware version 4.00.00.00 or later. The appliance can be configured to allow these servers to automatically locate the console by querying the DNS and initiate their discovery. The instructions (and this) give the use of the TUI or manual creation for Dell Openmanage […]

More...

VMware Datastore Naming

July 10, 2021November 5, 2022Tristan SelfLeave a Comment

How do you name your VMware datastores? Its an interesting question, how much information do you want to convey? Do you want to give a system administrator some idea of the data protection provided by the underlying storage perhaps? Or some idea of the location? There’s lots to think about, but also simplicity can be […]

More...

Robocopy to Copy Files with Permissions and Ownership

July 9, 2021November 5, 2022Tristan Self

If you need to copy files from one storage location to another Robocopy is a great tool, but like every great tool it comes with loads of options. In this scenario I was needing to copy a directory structure (and all the files) from one location to another but preserving all the permissions, ownership and […]

More...

Putty.exe – “Couldn’t agree a key exchange algorithm”

July 6, 2021November 5, 2022Tristan Self

I had this issue today, on a host that had recently had a software upgrade. Problem: A host to which I was connecting with SSH gave this error: “Couldn’t agree a key exchange algorithm (available: Curve25519-sha256@libssh.org, ECDH-sha2-nistp521, ECDH-sha2-nistp384, ECDH-sha2-nistp256)”. Solution: In my case I updated to a later release of Putty.exe and the issue was resolved. […]

More...

Leaky Print Spooler Vulnerability (CVE-2021-1675)

July 1, 2021November 5, 2022Tristan Self

So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]

More...

Can’t vMOTION Powered Off Virtual Machine

June 28, 2021November 5, 2022Tristan Self

I had an issue where I could not vMOTION a powered off Virtual Machine. This virtual machine was quite large 1.2TB in total of disks attached. The VM was powered off and needed to be moved to some archive storage all on VMFS. When attempting to move it would start moving and after around 50 […]

More...

Storing Credentials for Scripts Outside of Version Control (Environment Variables Example)

September 5, 2020November 5, 2022Tristan SelfLeave a Comment

So you have a Python script (for example), and you need to store some access credentials for an API it accesses (for example), now you could put the username and password in the script. There’s lots of reasons not to do this however, a key one being that if you are using a version control […]

More...

Using check_http to Monitor Cloudflare Websites

August 14, 2020November 5, 2022Tristan SelfLeave a Comment

If you try to monitor a cloudflare fronted website with NagiosXI check_http you may get this: After much fiddling found that if you formulate the check string as: You’ll get a result like this, which is what we want! You need to use this: Enable SSL/TLS hostname extension support (SNI) The SNI is Server Name […]

More...

Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

What’s the Difference Between UPC and APC (LC) Connector?

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

VMware Datastore Naming

Robocopy to Copy Files with Permissions and Ownership

Putty.exe – “Couldn’t agree a key exchange algorithm”

Leaky Print Spooler Vulnerability (CVE-2021-1675)

Can’t vMOTION Powered Off Virtual Machine

Storing Credentials for Scripts Outside of Version Control (Environment Variables Example)

Using check_http to Monitor Cloudflare Websites

Extreme Networks – RADIUS Netlogin Error about Missing VLAN

Enabling Multicast on Edge Network used for Multicast via Extreme Networks Fabric (Stretched VLAN)

Show Available AWS Aurora MySQL Database Engines