Friday, December 07, 2018

Westpac Super.Tech Q4 Individual Award Winner

And to close the year 2018, I have been nominated and won the Q4 Individual Award! 

It has been a long and challenging year for me :)

Saturday, November 03, 2018


Passed CISM exam today, yay!!

Friday, September 21, 2018

Cleaning Up CSC Folders

C:\Windows\CSC folder is the offline files folder. It has special permissions. Without the correct permission, you won't be able to delete anything in it

To delete the content of C:\Windows\CSC, you need to modify its permissions

> cd c:\Windows
> takeown /f CSC /r /a /d y
> icacls CSC /grant Administrators:F

Then you can navigate to the folder and start deleting files

Wednesday, August 01, 2018

Publish TeamCity via Sophos XG Firewall

I am running TeamCity product at home for my development work and would like to publish the site via my Sophos XG Firewall. TeamCity runs on the internal domain namespace and to publish it to the Internet, you need to configure it so that it recognises the external domain namespace.

I don't want to make any change on the TeamCity, and luckily Sophos can do it !

Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!

Tuesday, July 31, 2018

Westpac Super.Tech Q3 Team Award Winner

My project team has been nominated and won the Q3 Team Award! 

I am very proud to be part of the team that made one of the most complicated and long-running global projects completed successfully.

Thursday, June 14, 2018

OpenSSL to Retrieve Certificate

It is very easy to retrieve TLS/SSL certificate bound to a web server. You can use any Internet browser to navigate to the site and then you can view the certificate.

How do you get a certificate details from a non-HTTP endpoints? like LDAP for example.
Fortunately, you can use OpenSSL to retrieve the certificate

> openssl s_client -connect address-of-the-endpoint:636


Thursday, May 10, 2018

SSH Login Notification with SSMTP

I have my box to send email notification for every successful SSH login in the past here.
It requires sendmail to be installed, which is too much I think just to send email out from the box.

I found a lighter way to do it, using ssmtp package:

edit/create the file:
> sudo vi /etc/ssh/sshrc

DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`

echo "To: laurence.lau@domain.tld" > /tmp/mail.content
echo "From: Beaver <beaver@domain.tld>" >> /tmp/mail.content
echo "Subject: SSH Login Succcessful" >> /tmp/mail.content
echo "" >> /tmp/mail.content
echo "$DATE, user $USER just logged in from $IP ($REVERSE)" >> /tmp/mail.content
ssmtp laurence.lau@domain.tld < /tmp/mail.content &

edit the file:
> sudo vi /etc/ssmtp/ssmtp.conf


Thursday, April 19, 2018

PowerShell RunAs

To execute PowerShell to Run As a different credential:

> $cred = Get-Credential
> Start-Process powershell.exe -Credential $cred -NoNewWindow -ArgumentList "-noprofile -command &{Start-Process -FilePath C:\blah\prog.exe}"

Friday, March 16, 2018

PowerShell SecureString

PowerShell is often used to access data from systems or apps that require authentication. Authentication requires username and password. you don't want to store the password in the PowerShell script itself.

The better way is to store the password as SecureString in a configuration file and use that to access the data / app.

To generate the configuration file:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\Securestring.txt

To consume the configuration file:

> $pass = Get-Content C:\Securestring.txt | ConvertTo-SecureString

To convert it as credential object:

$cred= New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$pass

Wednesday, February 14, 2018

Windows 2016 Core Domain Controllers

Upgrading my Domain Controllers from 2012 R2 to 2016. I have decided to run the servers without Desktop Experience to save resources.

Once installed, run the "sconfig" utility from the CMD to setup the server name, IP address, DNS and gateway, then reboot

To add AD Domain Services feature:

Add-WindowsFeature AD-Domain-Services

To install AD Forest::

Install-ADDSForest -CreateDnsDelegation:$false
-DatabasePath C:\Windows\NTDS
-DomainMode WinThreshold
-DomainName domain.tld
-DomainNetbiosName NETBIOSDOMAIN
-ForestMode WinThreshold
-LogPath C:\Windows\NTDS
-SysvolPath C:\Windows\SYSVOL

ForestMode = WinThreshold = for Windows 2016

To add AD Domain Controller to the existing domain:

Install-ADDSDomainController -CreateDnsDelegation:$false 
-DatabasePath C:\Windows\NTDS
-DomainName domain.tld
-LogPath C:\Windows\NTDS
-SysvolPath C:\Windows\SYSVOL
-Credential (Get-Credential)

Saturday, January 13, 2018

AWS Certified Solutions Architect - Associate

New year, 2018! New challenges!!

Passed the exam and now I am officially AWS Certified Solutions Architect - Associate. Next is Professional #StayTune