GUID String to Octect String

If you need to perform LDAP query against Active Directory with objectGUID as the filter, you need to convert the string representation of that GUID to octetstring.

For example, if the objectGUID string value is: ffe17244-4c77-48e7-9db7-69578be7e232
You need to convert it to: \44\72\e1\ff\77\4c\e7\48\9d\b7\69\57\8b\e7\e2\32

so then you can provide the LDAP filter with:
(objectGUID=\44\72\e1\ff\77\4c\e7\48\9d\b7\69\57\8b\e7\e2\32)

To do this by C#, use the following function:

        private string convertStringGuidToOctectString(string guid)
        {
            Guid g = Guid.Parse(guid);
            Byte[] gba = g.ToByteArray();

            string result = "";
            foreach (Byte b in gba)
            {
                result = result + @"\" + b.ToString("x2");
            }

            return result;
        }

Good luck!

Let's Encrypt and Sophos XG Firewall

I am publishing my web server behind the Sophos XG firewall. I need SSL certificate that is free and trusted by most of internet browsers. The answer is Let's Encrypt.

I use this site to help integrate with Let's Encrypt : http://zerossl.com

Steps
#1 Generate CSR from the XG firewall and download the CSR and the private key
#2 Navigate to zerossl.com and paste the CSR content
#3 Follow the instruction to validate your domain - I did DNS option by inserting TXT value
#4 Once validation is successful, the signed public key is ready to be downloaded
#5 Upload the signed key to XG firewall along with the private key that was downloaded on step #1
#6 (optional) if XG firewall does not trust Let's Encrypt CA, add this to the Trusted CA

Done!!

Another .NET app I wrote to help the project to compare the performance between different web proxies

This app helps me to see the respond time that each proxy responds to a request to a particular URL address. You can specify the header, how many request do you want to perform, so that you can create the "worm" graph. It is quite fun to see this running infinitely.

The picture above shows 2 proxies being compared to hit google.com.au with IE header and 10 iteration to produce the performance graph.

Officially SABSA Chartered Security Architect - Foundation (SCF)

Finally got my exam result today and pass both F1 and F2 modules of SABSA Foundation exam, happy day!

Proxy PAC Tester

I wrote this .NET program to parse the PAC file and test its exception. This provides the GUI, rather than using google unsupported CLI code.

It supports direct fetch from the URL or static PAC file.

Ubuntu CIFS Mount to Windows

To support SMB2 mount from Ubuntu to Windows, edit the fstab file and include this:

//windows.domain.local/share/folder /mount/point cifs credentials=/root/.credentials,vers=2.0,iocharset=utf8,sec=ntlm,dir_mode=0770,uid=33,gid=33 0 0

VCP6-NV Today

Yay!! Passed 2V0-641 exam day. Officially VCP6-NV Today. NSX NSX NSX :)

Acclaim

Bitbucket Installation

I have a need to create code repository locally. I don't want to use code repo in the cloud. Bitbucket is the winner!

#1 - Install Ubuntu 16.10
Download from ubuntu.com, get the latest ISO file, boot and install.
During the installation wizard, make sure PostgreSQL is selected and installed.

#2 - Configure PostgreSQL
Login to ubuntu as the standard user

> sudo -u postgres psql postgres

\password mynewpassword
\q

>

#3 - Create PostgreSQL Database and Role

> sudo -u postgres
CREATE ROLE bitbucketuser WITH LOGIN PASSWORD 'mypassword' VALID UNTIL 'infinity';

CREATE DATABASE bitbucket WITH ENCODING='UTF8' OWNER=bitbucketuser CONNECTION LIMIT=-1;

\q

>

#4 - Install Bitbucket
Download the bitbucket installer from atlassian.com
Change the file permission to execute +x
Run it

#5 - Configure Bitbucket
During the configuration wizard, when asked for database, specify localhost, bitbucket as the database, bitbuckeruser and the user and 'mypassword' as the password

Office 365 & Squid

I had an issue today. My Outlook does not want to connect to office 365 when I setup IE to use SQUID for the proxy. Apparently some of the O365 URLs are resolving up to 25 IP Addresses and depending on the location, some of the connection might get rejected.

By default SQUID only tries the first 10 connections. To change this, edit the squid.conf and add:

forward_max_tries 25

save, restart SQUID instance. Enjoy

Proxy Enforcer

I developed this little utility while doing proxy migration project. This utility helps me to enforce the Windows proxy settings to IE.

You can add Proxy by clicking the "Add Proxy" button, which gives you the same configuration like Windows

Once your proxy setting is added to the list, highlight the proxy and click "Select Proxy" to enforce the selected proxy to your IE. The program will run on the TaskBar. 

Ubuntu File Finders

To find the Disk Usage:

#> sudo du -sx /* 2> /dev/null | sort -n

To deep dive

#> sudo du -sx /var/* 2> /dev/null | sort -n

To find files bigger than something

#> sudo find / -size +10M -ls

Windows 2012 R2 - File Backup

I need to backup my files running on Windows 2012 R2 to external drive. I also need this to be done in a regular basis and send me an email after the job done with the report.

First, I create a batch file, called backup.bat, with the content

@echo off
robocopy H:\Home V:\Home /MIR /R:1 /W:1 /LOG:V:\Home.txt
robocopy K:\Documents V:\Documents /MIR /R:1 /W:1 /LOG:V:\Documents.txt
copy /b V:\Documents.txt +V:\Home.txt V:\Backup.txt

The last line is joining the 2 log files into a single file, backup.txt

Schedule this daily with the Windows Scheduler, having an actions:

Start a Program: cmd.exe
Add arguments: /c D:\scripts\backup.bat

That bit is done for backup job.

Now, the email bit. I create a powershell script, called email.ps1, with the content:

 function sendMail{

     Write-Host "Sending Email"

     #SMTP server name

     $smtpServer = "smtprelay.domain.local"

     #Creating a Mail object

     $msg = new-object Net.Mail.MailMessage

     #Creating SMTP server object

     $smtp = new-object Net.Mail.SmtpClient($smtpServer)

     #Email structure 

     $msg.From = "backup@mydomain.id.au"

     $msg.ReplyTo = "backup@mydomain.id.au"

     $msg.To.Add("me@mydomain.id.au")

     $msg.subject = "Backup Email - Daily"

     $msg.body = "Backup Email - Daily"

     $attachment = New-Object System.Net.Mail.Attachment("V:\Backup.txt", 'text/plain')

     $msg.Attachments.Add($attachment)

     #Sending email 

     $smtp.Send($msg)

  

}

#Calling function

sendMail 

The email powershell script attach the backup.txt file and send it away

On the same schedule job created earlier, add a second action:

Start a Program: powershell

Add arguments: D:\scripts\email.ps1

Done. Second action will be executed after the 1st action is running and it will grab the log and attach it to the email.

Westpac CISO Award

I got the CISO Award!! It was a surprise for me who just started with Westpac Security team for 8 months.

Finally CISSP!

Today I sat for 4.5 hour CISSP exam and got it done!

OwnCloud Manual Upgrade

I adopted the below methods from upgrading Wordpress manually and tweak the process for manually upgrading OwnCloud:

Backup
Navigate to your OwnCloud location and run the following to backup your OwnCloud.

rsync -a owncloud/ owncloud.backup/

Download Latest OwnCloud 

wget https://download.owncloud.org/community/owncloud-9.1.1.tar.bz2

replace the link with the latest bz2 file.

Extract the Package

bzip2 -d owncloud-9.1.1.tar.bz2
tar xvf owncloud-9.1.1.tar

this creates "owncloud" directory

Copy the Updated Files

rsync -rtv new_path_version/owncloud/ old_path_version/owncloud/

this syncs any file that has been changed from the new location/version to the old location

Navigate to The Site

Load the site and it will ask you to upgrade the database. Don't do it over the UI, do it manually

Database Upgrade Manually

run the following command from the "owncloud" directory

To test the database upgrade:

sudo -u www-data php occ upgrade --dry-run -v

To execute the database upgrade:

sudo -u www-data php occ upgrade -v

Dynamic DNS for Ubuntu

I am using opendns.com to protect my network at home. My IP isn't static, so I need a way to update opendns.com with my IP if that changes.

I am running ubuntu, so let's start with installing ddclient

sudo apt-get install ddclient

and then edit ddclient.conf

sudo vi /etc/ddclient.conf

I use the following config

use=web, web=myip.dnsomatic.com
ssl=yes
server=updates.opendns.com
protocol=dyndns2
login=<open-dns-username>
password=<open-dns-password>
<open-dns-label>

Ubuntu Apt-Get Proxy

To have Ubuntu apt-get connection proxies via your proxy, do the following

sudo vi /etc/apt/apt.conf

Add the following line:

Acquire::http::Proxy "http://yourproxy.tld:port";

save and fire away

PowerShell - Mount BitLocker Encrypted VHD

If you have .VHD BitLocker encrypted files and would like to mount it using PowerShell:

$ss = Read-Host "Enter BitLocker Password:" -AsSecureString

Mount-VHD <path-to-VHD>\Example.VHD

#Check your disk manager which drive letter the volume is assigned to the VHD

Unlock-BitLocker -MountPoint <drive letter> -Password $ss

Windows 2012 R2 ISO to USB

Need to rebuild my drop-dead Windows 2012 R2 server.
There is no way to burn the 5.4GB ISO to my single layer 4.7GB DVD media.

So the only way is to USB boot it, here is how.

Format your USB drive - FAT32 ONLY. Make sure it is format with Master Boot Record scheme.
Plug in to your machine

Download your Windows 2012 R2 ISO file

Download Windows 7 USB/DVD Download Tool here

Install Windows 7 USB/DVD Download Tool

Run it and select your ISO and target your USB

Done

.NET Executing Assembly Location

During coding, if you want to reference another file, such as configuration file, text file or XML file that is located on the same location where your binary/library is you can use the following:''

string location = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);

Have fun coding :)