Use summary indexing for increased reporting efficiency - Splunk Documentation
suggestion: https://davidveuve.com/tech/how-i-use-summary-indexes-in-splunk/
Use summary indexing to efficiently report on large volumes of data. With summary indexing, you set up a frequently-running search that extracts the precise information you want. Each time this search is run, its results are saved into a summary index that you designate. You can then run searches and reports on this significantly smaller (and thus seemingly "faster") summary index.
splunk  index  report  summaryindex 
3 days ago
Data-tracking Chrome flaw triggered by viewing PDFs – Naked Security
Researchers have spotted an unusual ‘trackware’ attack triggered by viewing a PDF inside the Chrome browser.

Security company EdgeSpot said it noticed suspicious PDFs, which seem to have been circulating since 2017, sending HTTP POST traffic to the tracking site readnotify.com.

The behaviour only happened when a user viewed a PDF using desktop Google Chrome – when opened in Adobe Reader the PDF’s behaviour returned to normal.

Data sent included the user’s IP address, the Chrome and OS versions, and the full path of the PDF on their computer.
cybersecurity  chrome  pdf  vulnerability 
4 days ago
Saved by my router
But, the Event Log of the router offered a HUGE hint at the problem.

It showed the DHCP server in the router assigning an IP address to the problematic computer over and over again.
router  networking  internet  dhcp 
4 days ago
Eero Routers - RouterSecurity.org
Now that Amazon is buying eero, consider this haunting article from Bloomberg about Amazon privacy concerns: Your Smart Light Can Tell Amazon and Google When You Go to Bed by Matt Day, February 12, 2019. The article has nothing to do with eero, it's all Amazon (and a bit Google). Both want to know not only that you are watching TV, but also the channel. Some IoT vendors are fighting back. Quoting from the article:
router  iot  privacy  amazon 
4 days ago
Splunk Dev For All | Splunkbase
working snippets of content to make it easier to use SplunkJS, Splunk Python, and related capabilities such as some of the internals of Splunk. This app contains 30+ pre-packaged working code samples that you can put together to turn your Splunk dashboards into real applications with great user experience, more interactivity, and a richer feel
splunk  app  development 
4 days ago
xkcd: PGP
How to use PGP to verify that an email is authentic:
Look for this text at the top... if it's there, the email is probably fine.
pgp  humor  gpg  email 
6 days ago
Append Custom Rows to Lookup Table - Question | Splunk Answers
| inputlookup things.csv | append [ | stats count | eval thing=4 | eval color="purple" | eval weight=4.4 ] | stats count by thing color weight | fields - count | output lookup things.csv

After running that search, the CSV looks like this:

splunk  lookup  reference 
7 days ago
Atlas Packs — Photography Backpack Review - YouTube
adventure = full back side open w/o straps
cleaner access to padded slots to get gear as well
atlas  backpack  review 
9 days ago
Lowepro Whistler Vs Powder Rugged Backpacks Comparison | ePHOTOzine
Whistler Cons:
On the heavy side at almost 3kg empty
Not much inner space for personal items

Powder Cons:
Feels a little top heavy, less comfort
The top compartment can be fiddly to open
lowepro  whistler  powder  backpack  shopping  review 
9 days ago
Extracting BitLocker keys from a TPM
By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board. This post demonstrates the attack against an HP laptop logic board using a TPM1.2 chip and a Surface Pro 3 using a TPM2.0 chip. From bus wiring through to volume decryption. Source code included.

TLDR: You can sniff BitLocker keys in the default config, from either a TPM1.2 or TPM2.0 device, using a dirt cheap FPGA (~$40NZD) and now publicly available code, or with a sufficiently fancy logic analyzer. After sniffing, you can decrypt the drive. Don’t want to be vulnerable to this? Enable additional pre-boot authentication.
bitlocker  security  tpm  encryption  crypto 
11 days ago
WTB: 8x10 Astia (I know it is fruitless, but)
Astia 100F is warm (but not yellow) and not so saturated. Provia is fairly neutral in colour balance with standard saturation. Oh how I miss Astia!
astia  provia  reference 
21 days ago
Schneider 165mm f8 Super Angulon multicoated in Copal #3 $800 priced to sell tonight!
Dhuiting Dhuiting is offline
Join Date
Jul 2016
Schneider 165mm f8 Super Angulon multicoated in Copal #3 $800 priced to sell tonight!
165mm  schneider  largeformat  lens  shopping 
22 days ago
IQ180 vs 8X10 - Luminous Landscape
Markus Zuber, September, 2011
esolutionwise it is obvious that the IQ180 shows a higher resolution. Higher scan resolution would not have brought in more details. The details seen here (at 100 %) can also be seen using a strong loupe – and we can already see the grain

When comparing the Alpa/Schneider-lenses to the Schneider Kreuznach (SK)-lenses on the Phase camera, there is a visible difference in favour of the Alpa-lenses. However both the 60 and the 120 mm are longer lenses.
8x10  largeformat  comparison  filmvsdigital 
22 days ago
Center Filters For Large Format Lenses
1  Schneider, Rodenstock and Heliopan
center filters
To find out which CFs might do for my lenses I made a list of Schneider and Rodenstock wide angle lenses and CFs. Schneider and Rodenstock agree that lenses which cover 100° to 105° should use + 1.5 center filters. They also agree that lenses which cover more than 110° need + 2. They disagree about 110° lenses. Schneider recommends + 1.5 for them, Rodenstock recommends + 2. The table below (table 1) summarizes what I found and puts Fujinon and Nikon wide angle lenses in the Schneider/Rodenstock context.
centerfilter  largeformat  4x5  schneider  rodenstock  nikkor  reference  lenses 
22 days ago
Mount Everest, the Reconnaissance, 1921 by Howard-Bury, Mallory, and Wollaston - Free Ebook

Not technically a photo book but has some great photos of the team and environment taken with Kodak cameras. Good read. That goes into the equipment used, natural history, and geography. I would be interested in seeing how the cameras and film did at the higher elevation.
mountaineering  everest  ebook  book  reference 
22 days ago
Take a classic road trip on America's longest highway | MNN - Mother Nature Network
An aura of history and romance surrounds famous highways like Route 66. Modernization, as well as the pursuit of convenience and safety, have led to more four- or eight-lane highways crisscrossing the nation, like I-90, I-35 or I-94. Finite stretches of state and county roads may still have that timeless two-lanes-cutting-through-the-countryside appeal, but road trips that follow the cross-country highways of yesteryear mostly take place in people’s imagination, not on the blacktop.

However, there is one historic highway where it is still possible to get in touch with the glory days of the American road trip. U.S. Route 20 covers 3,365 miles from Boston, Massachusetts, to Newport, Oregon. It is currently the longest highway in the country. For most of its length, Route 20 runs roughly parallel to I-90, which connects Boston and Seattle (a distance of 3,100 miles).
highway  history  travel  automobile  seattle 
27 days ago
Palo Alto Networks has transformed itself with more than $1 billion in acquisitions - MarketWatch
Palo Alto PANW, -0.30%  announced last week it is acquiring Demisto for $560 million, its fifth acquisition of the past 12 months. Demisto is a so-called SOAR — or security orchestration, automation and response — company that uses machine learning to aid in automating cybersecurity functions.

Palo Alto announced it was buying cloud-threat defense company RedLock for $173 million in cash in October, a $100 million acquisition of Israel-based endpoint detection and response company Secdo in April, a $300 million acquisition of public-cloud infrastructure security company Evident.io a month before that, and a $105 million deal in February 2018 for LightCyber, a company specializing in so-called “Behavioral Attack Detection solutions” that pick up on attacks that slip past more traditional security controls. In that time, management has gone through drastic changes from a year ago with former Google exec Amit Singh taking over as president in November, and former SoftBank exec Nikesh Arora taking over as chairman and CEO in June.
cybersecurity  paloalto  demisto 
27 days ago
Cracking Cisco ‘Type 5’ Passwords - BreakInSecurity
python brute force example md5 hash - but did not test hash with salt
cisco  password  python 
28 days ago
Security Focus: Analysing 'Account is sensitive and cannot be delegated' for Privileged Accounts – PoSh Chap
'Account is sensitive and cannot be delegated' set, then its credentials can not be reused by a trusted service. This limits the scope of attacks that use delegation, e.g. elevation of privilege activities.

Get-ADUser -Filter {AccountNotDelegated -eq $true}
powershell  activedirectory 
4 weeks ago
PowerShell Remoting Kerberos Double Hop Solved Securely – GoateePFE – Archived
Kerberos double hop for PowerShell remoting can now be solved with one simple cmdlet:

$ServerB = Get-ADComputer -Identity ServerB
$ServerC = Get-ADComputer -Identity ServerC
Set-ADComputer -Identity $ServerC -PrincipalsAllowedToDelegateToAccount $ServerB
# Then on ServerB: KLIST PURGE -LI 0x3e7
The benefits are many:

No PowerShell code modification.
No more SPNs for constrained delegation!
Credentials are not stored on ServerB.
Multiple domains and forests supported across trusts.
Easier setup and administration.
ServerA can now talk to ServerC through ServerB.
powershell  password  credssp  kerberos 
4 weeks ago
[MS-CSSP]: CredSSP - Security Considerations for Implementors | Microsoft Docs
The purpose of the CredSSP Protocol is to delegate a user's clear text password or pin from the CredSSP client to a CredSSP server, and it is important to make certain that the server receiving the credentials does not fall under an attacker's control. Although trust can be facilitated via public key infrastructure (PKI), the Kerberos protocol, or NTLM, this does not mean that the target server is trusted with the user's credentials, and additional policy settings should be considered.
credssp  rdp  powershell  microsoft  reference 
4 weeks ago
Accidental Sabotage: Beware of CredSSP – PowerShell Magazine
To get around this issue, PowerShell provides the CredSSP (Credential Security Support Provider) option. When using CredSSP, PowerShell will perform a “Network Clear-text Logon” instead of a “Network Logon”. Network Clear-text Logon works by sending the user’s clear-text password to the remote server. When using CredSSP, Server A will be sent the user’s clear-text password, and will therefore be able to authenticate to Server B. Double hop works!

general rule is: Don’t put high trust credentials on low trust computers.

you should always try to design your systems to work with single-hop rather than double-hop so that CredSSP isn’t needed.

Microsoft has made changes to Windows Server 2012R2 and Windows 8.1 to eliminate clear-text credentials from being stored in memory. This means that an attacker who runs Mimikatz will no longer see your clear-text credentials. An attacker will still see your NT password hash and your Kerberos TGT, both of which are password equivalent and can be used to authenticate as you over the network.

Additionally, even though your clear-text credential is not saved in memory, it is still sent to the remote server. An attacker can inject malicious code in the Local Security Authority Subsystem Service (LSASS.exe) and intercept your password in transit. So while you may not see your password with Mimikatz anymore, your password can still be recovered by an attacker.
credssp  powershell  password  cybersecurity  mimikatz 
4 weeks ago
Windows PowerShell give password in command Enter-PSSession - Stack Overflow
To popup a prompt for username and password and save the result to a file:

Get-Credential | Export-Clixml "mycredentials.xml"

When you save the credentials to a file this way the password is securely encrypted using the currently logged-on user's login credentials.
powershell  password  xml 
4 weeks ago
Splunk Spotlight - Alerts to Webhook / Slack
We will now need to grab our webhook URL from https://webhook.site. When you load the page you will be provided a unique webhook URL to use:
splunk  tutorial  webhook  alert  slack 
4 weeks ago
Microsoft PowerShell Tutorial & Training Course – Microsoft Virtual Academy
Intermediate | Published: 30 July 2013
Getting Started with Microsoft PowerShell
Instructor(s): Jason Helmick, Jeffrey Snover
powershell  training 
4 weeks ago
PowerShell Gallery | BetterCredentials 4.5
A (compatible) major upgrade for Get-Credential, including support for storing credentials in Windows Credential Manager, and for specifying the full prompts when asking for credentials, etc.
powershell  password 
4 weeks ago
Scripting | PowerShell support for certificate credentials
Summary: It’s not a very well-known feature, but the PSCredential object, and the PowerShell Get-Credential cmdlet, both support certificate credentials (including PIN-protected certificates). In this post, we take a look at how a certificate credential is marshaled inside a PSCredential object, how you can do this marshaling yourself, and how you can retrieve the original certificate from a PSCredential object supplied to you.
powershell  certificate  password  reference 
4 weeks ago
Working with Passwords, Secure Strings and Credentials in Windows PowerShell - TechNet Articles - United States (English) - TechNet Wiki
Best Practices
Where possible do not ask for passwords and try to use integrated Windows authentication.
When it is not possible or when specifying different credentials is useful, cmdlets should accept passwords only in the form of PSCredentials or (if username is not needed) as SecureString, but not plain text.
If you need to ask user for credential, use Get-Credential cmdlet. It uses a standard Windows function to receive password in consistent and secure manner without storing it in memory as clear text.
Credentials should be passed to external system also in most secure way possible, ideally as PSCredentials too.
Password should not be saved to disk, registry or other not protected storage as plain text. Use plaintext representation of SecureString when possible.
powershell  password  reference  cybersecurity 
4 weeks ago
Just Enough Administration (JEA) | Microsoft Docs
Just Enough Administration is a new feature in WMF 5.0 that enables role-based administration through PowerShell remoting. It extends the existing constrained endpoint infrastructure by allowing non-administrators to run specific commands, scripts and executables as an administrator. This enables you to reduce the number of full administrators in your environment and improve your security. JEA works for everything you manage through PowerShell; if you can manage something with PowerShell, JEA can help you do so more securely. For a detailed look at Just Enough Administration, check out the experience guide.
powershell  reference  sysadmin 
4 weeks ago
Windows PowerShell Desired State Configuration Overview | Microsoft Docs
DSC is a management platform in PowerShell that enables you to manage your IT and development infrastructure with configuration as code.
powershell  reference 
4 weeks ago
Getting Started with PowerShell Desired State Configuration (DSC) - Microsoft Virtual Academy
This course is retiring on April 30 2019. To earn your certificate of completion, be sure to finish the course by that date. Microsoft Virtual Academy will be fully retiring later in 2019 to make way for a more unified training experience on Microsoft Learn.
Course information
Are you keeping up with PowerShell Desired State Configuration (DSC)? It's one of the fastest-moving technologies today. But more than that, it literally transforms how IT Implementers deploy and manage on-premises resources and those extended to hybrid and other cloud environments for both Windows and Linux. Get a solid foundation with this course, and build on it with "Advanced PowerShell Desired State Configuration (DSC) and Custom Resources."
powershell  training  microsoft 
4 weeks ago
The DevOps Collective, Inc.
Secrets of PowerShell Remoting
Windows PowerShell Networking Guide
A Unix Person's Guide to PowerShell
pdf  powershell  ebook  devops 
4 weeks ago
Safely using PSCredentials in a Powershell DSC Configuration - Info Support Blog
Powershell 4.0 - Desired State Configuration (DSC)
The Local Configuration Manager (LCM) on the Target machine needs to be told which certificate to use to decrypt the encrypted parts of the .mof files with. This being a part of DSC, the configuration of the LCM itself also happens via a DSC Configuration.
powershell  password  certificate  winrm 
4 weeks ago
PowerShell - Decode System.Security.SecureString to readable password - Stack Overflow
$password = convertto-securestring "TestPassword" -asplaintext -force
$credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain")

$credentials | gm

TypeName: System.Net.NetworkCredential

Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetCredential Method System.Net.NetworkCredential GetCredential(uri uri, str
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
Domain Property string Domain {get;set;}
Password Property string Password {get;set;}
SecurePassword Property securestring SecurePassword {get;set;}
UserName Property string UserName {get;set;}
powershell  password  scripting 
4 weeks ago
Topic: How to use Invoke-Command to pass logged in credentials to the remote execution | PowerShell.org
capture the credentials of the user executing a script and create a PSCredentials object containing that info"

Points: 0
Rank: Member
I see your example used the approach to save some protected data in an XML file.

This approach is similar to other posts I have seen where one could save a user account password as a secure string in an XML file and then read/convert the secure string back into a PSCredentials object just before calling the Invoke-Command.
powershell  password  scripting 
4 weeks ago
Securing your PowerShell Operational Logs – Stuff n Things
powershell operational logs with passwords captured in the script
- anyone can typically view the logs on the system
- workaround is to encrypt the log files for decryption later (not SIEM compatible)
- temp solution: set 'ChannelAccess' registry key for the security descripter of the logs to limit access to only Admins
powershell  logs  cybersecurity  eventlogs  password 
4 weeks ago
Sysmon Security Event Processing in Real Time with KSQL and HELK | Confluent
During a recent talk titled Hunters ATT&CKing with the Right Data, which I presented with my brother Jose Luis Rodriguez at ATT&CKcon, we talked about the importance of documenting and modeling security event logs before developing any data analytics while preparing for a threat hunting engagement. Defining relationships among Windows security event logs such as Sysmon, for example, helped us to appreciate the extra context that two or more events together can provide for a hunt. It caused me to wonder if there was anything that I could do with my project HELK to apply some of the relationships presented in our talk, and enrich the data collected from my endpoints in real time. HELK is a free threat hunting platform built on various components including the Elastic stack, Apache Kafka® and Apache Spark™.
threathunting  sysmon  lateralmovement 
4 weeks ago
A New Wave of the Separ Info-Stealer is Infecting Organizations through “Living off the Land” Attack Methods - Deep Instinct : Deep Instinct
Use Cypherpath for malware sandbox analysis
1) Notified of new malware
2) Goto Hybrid Analysis – dig around a bit until you find a shared sample
a. Download sample
3) Add sample to Cypherpath shared folders
4) Spin up an isolated Windows instance on Cypherpath.
5) Run malware in this isolated vm on Cypherpath
6) Explore artifacts and RE

malware  cybersecurity  sandbox 
4 weeks ago
The perils of using Internet Explorer as your default browser - Microsoft Tech Community - 331732
You see, Internet Explorer is a compatibility solution. We’re not supporting new web standards for it and, while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers. So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web!
internetexplorer  microsoft  browser  web 
5 weeks ago
Connect-WSMan - Powershell cmdlet
The first command uses the Get-Credential cmdlet to get the Administrator credentials and then stores them in the $cred variable. Get-Credential prompts you for a password of username and password through a dialog box or at the command line, depending on system registry settings.

The second command uses the Credential parameter to pass the credentials stored in $cred to Connect-WSMan. Connect-WSMan then connects to the remote system server01 by using the Administrator credentials.
powershell  winrm 
5 weeks ago
FINALLY! A simple shutter count program for (many) EOS cameras -- Canon EOS Digital Cameras in photography-on-the.net forums
You should be nervous and very cautious before running "Canon EOS Camera Info v1.2"'s executable file. A simple internet search on the author’s email (Magic_h2001@yahoo.com) reveals that he is also the author of Magic Password Stealer (Magic_Ps):
http://larryharr.blogspot.com …-magic-ps-final-with.html
Brief information about MPS:
Success Rate : 100%
Creator URL : http://magic.shabgard.org/
Creator's Email : magic_h2001@yahoo.com
Date Created : 2003 - 07 - 31
Last Updated on : 2007 - 12 – 31
How it works?
MPS v1.5 creates a software that hacks the yahoo password. After you create the software, you have to send it to the victim's computer at any condition. After victim opens the file, MPS starts its work. Then when the victim re-login in his yahoo, The password and other information is sent to your email as offline message.
canon  software  shutter 
5 weeks ago
Canon EOS DIGITAL Info download | SourceForge.net

Canon doesn’t have shutter count included on the EXIF information of an image file, as opposed to Nikon and Pentax.
There’s no official Canon based application to find the shutter count for an EOS DSLR.
However, there are a few free tools that may help you to do this. They provide some details about the camera, including product Name, firmware version, battery level, shutter Counter, date/time, and owner/artist/copyright strings. But it does not support this features: Editing the owner/artist/copyright and synchronizing date/time within the local PC's date/time.
For that, I wrote a new utility that includes all these features by integrating those that were missing.
I uses an official Canon SDK (Canon ED-SDK) to retrieve and set all camera information (shutter count is retrieved via an undocumented function).

The Canon Digital Camera SDKs is freely available on this official link: https://www.didp.canon-europa.com.
for more info read the text file "readme.txt" please.

1. Download ZIP portable package and extract it to a folder of your choice. And launch CanonEosDigitalInfo.exe.
2. Connect Camera to USB Port and Turn it ON
3. Click connect, save button, etc
canon  software  shutter 
5 weeks ago
« earlier      
abortion adventure advertising advice apple architecture art article audio automobile awesome backup baltimore beauty blackandwhite blog book books business california camera camping canon catholic chasejarvis china climbing code compsci copyright crypto culture cybersecurity darkroom dc death design development diy dod download editorial edu education election08 email europe events exercise facebook fashion film filmphotography firefox flash flickr food forensics foss free friends fuji gallery gear german germany google gps guns hack hacking hacks hawaii health hiking history home hotel howto humor inspiration international internet interview iphone iran iraq italy java landscape language laptop largeformat law legal lens life lighting lightroom linux magazine map maps maryland md microsoft military mobile model money monterey motorcycle movie mp3 music nature networking news norway npr nude nyc obama omaha outdoors panorama pdf people perl petapixel philosophy photo photographer photography photos photoshop plugin polaroid politics portfolio portrait printing privacy productivity programming psychology quote quotes radio realestate ref reference relationships religion rental research review ronpaul running sailing science search seattle security server service shopping society software splunk ssl strobist studio stuttgart switzerland tech techsupport threathunting tips todo tools toread training trance travel tutorial tv vanlife video vimeo visualization war web web2.0 website wedding wifi windows windoze wireless women wordpress youtube

Copy this bookmark: