Blog Posts

210-255 – Additional Links Pt.1

Breaking Down the China Chopper Web Shell – Part I
https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html

tshark – Dump and analyze network traffic
https://www.wireshark.org/docs/man-pages/tshark.html

netsniff-ng toolkit
http://netsniff-ng.org/

Nmap Cheat Sheet > Service and OS Detection
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

Blog Posts

Cisco FMC Demos

Blog Posts

CCNA Cyber Ops – 210-250 – Helpful Links

Below are links to some resources I used to help myself study and pass the 210-250:

Exam Blueprint:
https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/210-250-secfnd.pdf

Official Cert Guide:
http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-9781587147029?ranMID=24808

Free Trial Version – Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0:
(I did not buy this. I just used the Trial, which is access to only the 1st two lessons. It’s enough to cover the first exam topic – Network Concepts)
https://learningnetworkstore.cisco.com/ccna-cyber-ops/understanding-cisco-cybersecurity-fundamentals-secfnd-v1-0-elt-secfnd-v1-0-020708

Blog Posts

Batch File for Ping

Attached to this post is a simple batch file I created which prompts to you to enter the host you want to ping, timestamps it, sends the output to a text file, opens the text file, and copies the output to your clipboard — all in one sweep.

I created this because I use the ping command a ton and sometimes log the output. Below are the commands. Attached is the .bat. You can keep the destination as “C:\” or make it whatever it needs to be, you can change the # of echo requests (-n)  or add the buffer size (-l) as well.

@echo off
echo Enter IP address below: 
set /p input=""
echo Pinging %input%. Please wait...
echo **Started %date% %time%** > C:\PingOutput.txt
ping %input% -n 6 >> C:\PingOutput.txt
echo: >> C:\PingOutput.txt
echo **Completed %date% %time%** >> C:\PingOutput.txt
start C:\PingOutput.txt
clip < C:\PingOutput.txt
exit

Download PingOutput.bat

If the download doesn’t work just copy the block of commands above > paste it into notepad > Save As > File Name: PingOutput.bat > Save as type: All files.

Blog Posts

Fixing the “Can’t Delete User from Active Directory”

If you get the following error when trying to delete a User from Active Directory:

AD Error

If you know you have sufficient privileges (Domain Administrator, etc.) to delete users in AD, check to see if the Object (user account) is set for “Protect object from accidental deletion” (see below):

object tab

Uncheck the box and hit Apply.

The above image is done via ADUC. The feature is more front and center if you’re using ADAC, as seen below:

adac object deletion box

You should now be able to successfully delete the user account.

Alternatively, you can use Set-ADObject via PowerShell to set “-ProtectedFromAccidentalDeletion:$false”

In this example: Set-ADObject -Identity:”CN=Alshon Jeffery,CN=Users,DC=AP,DC=local” -ProtectFromAccidentalDeletion:$false

Doing this via PowerShell can be helpful especially if you have more than one user you need to set this for.

Blog Posts

Study Plan: Microsoft 74-409 – Server Virtualization w/ Hyper-V & System Center

I thought I’d share my study plan for the Microsoft 74-409: Server Virtualization with Windows Server Hyper-V with System Center.

After recently passing the 70-410 exam, the Hyper-V material was still fresh in my mind so I decided to tackle the 74-409. I haven’t posted my study plan for the 410 yet since many of my free nights were spent labbing/reading, however, I hope to do so very soon.

My ultimate goal is to earn an MCSE in Cloud Platform and Infrastructure (formerly Server Infrastructure). The path I’m taking requires you to pass a total of 4 exams (at least for now). I’m halfway done at this point.

Back to the plan.

I’ll break this down into 3 sections:

  1. List of Materials/Resources Used
  2. Study Process
  3. Personal Notes

— 1. List of Materials/Resources Used —

Text and Lab material:

Video material:

Practice Questions:

— 2. Study Process —

To start, I pretty much used these 3 in lock-step: MVA course, Veeam Guide, and the TechNet Online Lab (SC 2012 R2: Lab 1). All 3 were tabbed in the same window.

Why? Because I was able to read it, watch it, then do it.

1) I started by reading a chapter of the Veeam Guide. Then I used the lab to tinker with the features/components discussed in the text. Then I’d watch the MVA videos that corresponded to the chapter I read and features I labbed. I did this until I completed the Veeam PDF Guide and the MVA video series. All while taking notes into a spreadsheet. Also note the PowerShell cmdlets.

2) Once I got a good overview of Hyper-V and System Center (DPM, VMM, SM, and OM), I supplemented my knowledge with the Pluralsight videos listed in section 1. Although I did not watch every single clip in each series (except for the 70-410 Hyper-V), I watched the ones I thought I needed more help (such as VMM and OM).

3) Then, I went through and drilled down on each exam topic. This is where Romans list helped. I went straight to TechNet for each topic and studied the key features and the requirements. This is critical. You have to know the requirements and capabilities (ie: What’s a Gen 2 VM capable of doing? What’s a Gen 1 VM incapable of doing? What are the differences between Node Majority vs Node and Disk Majority? How about Node and File Share Majority? What’s needed for the cluster to retain quorum? Or, the difference between a Tenant Administrator, Application Administrator, and Fabric Administrator in VMM). You’ll notice that the Orin Thomas’ Veeam Guide parallel’s TechNet articles a lot. He doesn’t go into detail, but he states the key points, which makes his guide a good starting point.

4) Next, I went through all the Measureup practice questions, making sure I understood why I got a question correct and why the incorrect answers were incorrect. Again, I used TechNet articles as support. At the same time, I went through the practice questions from the MVA video series and Veeam Guide.

5) Finally, I spent the final few evenings reviewing my notes from an excel sheet I created, along with the MVA PowerPoints and doing more practice questions.

— 3. Personal Notes —

If you are diligent in your studying and labbing you should do well. I cannot emphasize enough how important it is to get into the environment and play with Hyper-V, Failover Cluster Manager, and System Center.

Some additional tips:

Know where everything is located (ex: where do you create Port Profiles in VMM? Where do create Guest OS Profiles? Where do I click to Enable and/or change the default Library refresh interval? Where do you enable Power Optimization? Where do you go to Validate a server or a cluster? Where do you Enable Replication? Where in FOC Manager do I click to create a Scale-Out File Server?

Also, be sure how all of the SC components tie together. How does OM tie into VMM? How about VMM and SC? What agents need to be deployed and where?

I’ll post my excel note sheet w/ PowerShell cmdlets soon. Hope all of this helps for now.

 

 

Blog Posts

Backing Configs to SolarWinds TFTP Server

I thought I’d do a quick note on how simple it is to back up switch configs to SolarWinds TFTP Server. I ran into a slight issue (I’ll explain later) at the start. But everything ended up working as expected.

SolarWinds TFTP Server is free to download and takes just a couple minutes to run through the installation. Once it’s installed it runs as a service and uses UDP port 69. There’s really not much to configure here. I just left the server root directory as C:\TFTP-Root.

I ran into my issue when I tried doing a test backup for my little Cisco Catalyst 2940. I went into priv EXEC mode > copy run tftp > Address or name of remote host > Destination filename. It failed to copy and timed out. I went ahead and added a new rule in WFAS to allow UDP port 69. Then went back to the CLI and tried again. Everything was successful this time and I saw the event in the activity log on the SW TFTP application and the created config files in the root directory.

Pretty simple. That’s all I need for now.