Books & Guides | Binary Trading

Part 2: Tools & Info for Sysadmins - Mega List of Tips, Tools, Books, Blogs & More

(continued from part 1)
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments or suggestions.
u/crispyducks
submitted by crispyducks to sysadmin [link] [comments]

Tools & Info for MSPs #2 - Mega List of Tips, Tools, Books, Blogs & More

(continued from part #1)
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments.
Graham | CEO | EveryCloud
Fyi - I've set up a subreddit /itprotuesday, where we feature / encourage posts of some additional tools, tips etc. throughout the week. Pop over and subscribe if you’re interested.
submitted by crispyducks to msp [link] [comments]

IT Pro Tuesday #64 (part 2) - Mega List of Tips, Tools, Books, Blogs & More

(continued from part 1)
Captura is a flexible tool for capturing your screen, audio, cursor, mouse clicks and keystrokes. Features include mixing audio recorded from microphone and speaker output, command-line interface, and configurable hotkeys. Thanks to jantari for the recommedation.
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments.
Graham | CEO | EveryCloud
submitted by crispyducks to ITProTuesday [link] [comments]

Millionaire In 6 Months Review - MI6M BONUS Millionaire In 6 Months By Anthony Mitchell As Seen On TV Featured On World Time NEWS Best Binary Options Trading Signals Software

Millionaire In 6 Months Review Hey Whats Going On?? In the short review i want to share you with you the facts about Millionaire In 6 Months!
If you came here looking for the Free Bonus!
CLICK HERE NOW to Claim Your EXCLUSIVE BONUS
BONUS: Strategic trading eBook Anthony Mitchell will reveal all his insider trading mechanism secrets to you
What Is The Millionaire In 6 Months?
Millionaire In 6 Months is a binary options trading live signals Platform! The interface is attractive and easy to understand, and care has obviously been taken to make navigating and comprehending trades as straight forward as can be. It basically runs on the premise that an asset's value is either going to rise or fall it gives you a complete overview of the trade, and the information which will advise you on how to go forward with the trade. This is far move convenient than being required to hunt down the trading information you need from numerous different websites. Instead, you'll get all the info you need in one location!
Click Here To Learn More About The New MI6M Software!
Millionaire In 6 Months Review By Anthony Mitchell
Millionaire In 6 Months is a binary options trading live signals Platform! MI6M platform is not an auto trading robot. Millionaire In 6 Months was featured on world time NEWS in 2015. News Editorial was by Emily Anderson MI6M By Anthony Mitchell and beta tester Zilbi Millionaire In 6 Months is a realistic application there's no promises here that traders are going to suddenly be earning millions. No binary options trading software is going to give you easy riches overnight, so instead all it offers is helpful advice so that you can place the trade. Each trade will happen at a certain time period over the course of the day, This will be especially useful to those of you working with limited time. The great thing about the Millionaire In 6 Months application is that there's a particular sum that you can put up for each trade, This means that you can invest whatever you're happy with. Millionaire In 6 Months, we were extremely reluctant to be taken in by the supposed features of MI6M. We were actually put off by what the developers had touted as its benefits. Basically The Millionaire In 6 Months is a simple and easy to use application. All that's needed from you is a few clicks and you'll be investing right away!
Millionaire In 6 Months Binary Trading Software
If you're wanting to get into trading Binary Options or, if you're already trading and your current system isn't working well for you the Millionaire In 6 Months system could help you out. Forex Trading is an industry with huge potential to make profits, and it's constantly growing. Using Millionaire In 6 Months, you can take out a lot of the legwork that's usually involved with trading. The first thing you have to have in order to begin trading in the binary options market is a internet connection this is required in order to let you have access to actual time details on what is happening in the market.
The Millionaire In 6 Months software is very easy to use just click the link below and enter your email address. and you'll be taken to the next page where the ins and outs will be shared with you in detail. Just click the link below so you can get more information
CLICK HERE NOW To Claim Your Special Millionaire In 6 Months BONUS Secret Trading Ebook!
submitted by McmillianManzella97 to McmillianManzella [link] [comments]

Stark Trading System Review -Perfect Method For You

Stark Trading System Review -Perfect Method For You Stark Trading System Review The Bow Legs No More System is a ebook, which can be downloaded instantly in a PDF (e-book) format or viewed online. It is 100 % characteristic and safe consequently it should be possible in the protection of your home. It is demonstrated and extremely reasonable henceforth justified regardless of your thought. Trust this Bow Legs No More survey will help you to settle on an astute choice and stroll with certainty. Stark Trading System Are you looking for a way to get rich fast using binary options? Stark Trading System is a auto quick software is a new trading app. This system is very easy to use and completely automates the binary trading experience. Stark Trading System is new trading system that helps investors when predicting their positions in binary options. It shows you where not to invest if the market is not favorable to become profitable for you which can really save any trader their hard earned investment funding. It is the finest software designed to provide both professional and novice traders.
What Is Stark Trading System The Stark Trading System system offers more than just a software, and some useless membership; it gives you insider tips, and trains you in everything that you will need to know about binary trading. This primary goal of this tool is to watch nearly over the business and search for beneficial trades for its users. The entire set of drilling and points of interest you have to take advantage of programming is clarified when utilizing the product so there’s no compelling reason to worry about that, eminently any beginner simply getting in. Anyone who will take enough time to download The Stark Trading System software and begin trading can make the most profitable investments since the software is boasting a considerable 91% rate of success.
How Does Stark Trading System Works The software watches over the current binary options market 24 hours a day and then stores all the market movements and data to give out advice to which binary options trades will be profitable to invest in. The software is simple enough to navigate that even novice users will be able to make it work for them. The software itself is being offered for free but only on a limited basis. Once you set up your account, you deposit the money you will be using to trade with and the app itself will automatically make the trades that fit into its criteria to generate maximum profits. Learning The Stark Trading System application and making money is straightforward as activating the program and waiting for a signal to tell you exactly what option to place a trade on.
What Do You Learn From Stark Trading System The newly developed Stark Trading System software is a program that assists traders with finding the right binary options to invest in. Using the Stark Trading System software is completely free. You will never be charged a commission or finders fee for how many profitable trades they find you. You can find out more about this particular piece of software online, or by watching introductory videos. When the program finds a trade you can head over right to your options trading broker to make the trade which will be either a call, or a put. Stark Trading System will show all the binary options that are available and open for trading and where they are moving in real time. Positive Points: This program also reduces the complexity for the charts and payout of a certain percentage of the value on the underlying asset. The method of trading being simple is easy to understand. This is a real opportunity for convincing yourself of the power of the tool. Ease of use, plenty of information regarding the steps you need to take in order to take advantage of the system. It is quick money where in you can earn substantially by putting in just 20-25 minutes of your day. The software is very easy to use and there is you have to install to get started. Negative Point: Stark Trading System available in online only.
Conclusion You can actually make some good money by using this system. However, you are not going to become rich in a short amount of time, and you will need to spend a little bit of money before you see any profits. This software include wonderful customer support so don't worry about anything. Many people wonder if it’s possible to even earn anything with binary options and think it usually is all a scam. The truth is that many people all over have great success with binary options if using the most suitable strategies and tools.
==> Click Here To Get Free Instant Access Stark Trading System <==
.
.
.
.
.
.
.
.
.
.
Stark Trading System review reviews software reviews software download login website system malware pro contact tutorial results forum a scam brokers bonus review software scam testimonials virus youtube proof app complaints con does it work real review real reviews emotional facebook is scam is it real in action legit or scam members area not working. service phone number pro version password robot download sign up. software download free trading tutorial video service Review. login sign up. contact results a scam service review software scam testimonials youtube proof app complaints download pro version members area legit or scam bonus testimonials results tutorial.
Claim Your Bonus Now: http://bit.ly/1QPhTsw
Stark Trading System review Claim Your Bonus Now: http://bit.ly/1QPhTsw
Discover How You Can Make Over $200 Within The Next Hour Using Our Secret Free Traffic Hack > Stark Trading System. Stark Trading System Review # According to the creator of this training, Stark Trading System will teach you how to start making $200/day with free traffic
tag :
Stark Trading System Stark Trading System review Stark Trading System bonus Stark Trading System pro Stark Trading System review and bonus Stark Trading System review ehy buy it Stark Trading System review get it now
Claim Your Bonus Today http://bit.ly/1QPhTsw
submitted by goodreview2 to binary2reviews [link] [comments]

[Just Launched] Options Domination Binary Trading - [Amazing System] - True Risk Free Trades! [New for 2015]

Many brokers or services will market something called “risk free” trades in which a certain number of your first trades you can get your money back should the signals they give you prove to be of bad quality. In most cases there are many regulations that require you to keep investing a certain amount before you can withdraw your “risk free” trades. This is the sign of a bad signal provider that probably makes more money selling their signals then they do actually implementing them themselves.
In our case study of the system we won 5 out of 7 of the trades and pocketed $250 in profit which is a 25% return on a small investment. We were very impressed with these results. At that time we could have elected to withdraw our original $1,000 and essentially be playing with the $250 “on the house”. CLICK HERE TO GET YOUR RISK FREE TRADES NOW!
CLICK HERE TO GET YOUR RISK FREE TRADES NOW!
Using their basic system of signals we were able to accumulate over $10,000 in our account in just 30 days! These are better results then we have gotten with other binary signals costing 10 times the amount of what options domination is charging. For a simple $50 a month you get multiple daily signals, keep in mind they don’t send you 1,000’s of signals a day like most services as they are focusing on the quality of the signal and not just sending you a bunch of garbage signals like many of the other companies do.
binary options trading, binary options trading signals, binary options trading strategy, binary options trading system, binary options trading signals review, binary options trading software, binary options trading platform, binary options trading robot, binary options trading signals franco, binary options trading hours, binary options trading + , binary options trading signals, binary options trading strategy, binary options trading system, binary options trading signals review, binary options trading review, binary options trading software, binary options trading platform, binary options trading robot, binary options trading signals franco, binary options trading hours, binary options trading + a, binary options trading alerts, binary options trading affiliate program, binary options trading api, binary options trading australia, binary options trading account, binary options trading articles, binary options trading app, binary options trading advice, binary options trading academy, binary options trading assets, binary options trading + b, binary options trading brokers, binary options trading books, binary options trading bot, binary options trading blog, binary options trading basics, binary options trading best sites, binary options trading + c, binary options trading course, binary options trading calculator, binary options trading charts, binary options trading course online, binary options trading companies, binary options trading companies in usa, binary options trading canada, binary options trading competition, binary options trading contest, binary options trading complaints, binary options trading + d, binary options trading demo account, binary options trading demo, binary options trading definition, binary options trading demo account without deposit, binary options trading dubai, binary options trading does it work, binary options trading demo account uk, binary options trading daily, binary options trading discussion, binary options trading dangers, binary options trading + e, binary options trading etrade, binary options trading education, binary options trading examples, binary options trading explained, binary options trading ebook, binary options trading etoro, binary options trading europe, binary options trading eztrader, binary options trading experience, binary options trading experts, binary options trading + f, binary options trading for beginners, binary options trading forum, binary options trading franco, binary options trading forex, binary options trading for dummies pdf, binary options trading free, binary options trading for dummies, binary options trading free demo, binary options trading for us citizens, binary options trading for usa, binary options trading + g, binary options trading guide, binary options trading game, binary options trading groups, binary options trading guide pdf, binary options trading good or bad, binary options trading glossary, binary options trading graphs, binary options trading gambling, binary options trading gurus, binary options gold trading, binary options trading + h, binary options trading hours, binary options trading help, binary options trading history, binary options trading halal or haram, binary options trading halal, binary options trading how does it work, binary options trading how to, binary options trading hack, binary options hourly trading system, 60 second binary options trading hours, binary options trading + i, binary options trading in the us, binary options trading indicators, binary options trading in the usa, binary options trading illegal, binary options trading in america, binary options trading income secrets, binary options trading in united states, binary options trading is it real, binary options trading in south africa, binary options trading india, binary options trading + j, binary options trading journal, binary options trading jobs, binary options trading + k, binary options trading in kenya, making money with binary options trading starter kit, binary options trading + l, binary options trading low deposit, binary options trading legal us, binary options trading low minimum deposit, binary options trading live signals robot 2014, binary options trading lessons, binary options trading legit, binary options trading license, binary options trading loss, binary options trading legal in canada, binary options trading live charts, binary options trading + m, binary options trading minimum deposit, binary options trading methods, binary options trading mentor, binary options trading meaning, binary options trading millionaires, binary options trading malaysia, binary options trading make money, binary options trading market, binary options trading minimum deposit 100, binary options trading martingale, binary options trading + n, binary options trading nadex, binary options trading news, binary options trading no minimum deposit, binary options trading no deposit bonus, binary options trading nz, binary options trading new zealand, binary options trading nigeria, binary options trading newsletter, binary options trading nifty, binary options trading nairaland, binary options trading + o, binary options trading on weekends, binary options trading online, binary options trading on mt4, binary options trading or gambling, binary options trading opinions, binary options trading oanda, binary options trading - optionbit, binary options trading hours, binary options trading good or bad, binary options trading course online, binary options trading + p, binary options trading platform, binary options trading practice account, binary options trading practice, binary options trading program, binary options trading pdf, binary options trading paypal, binary options trading platform reviews, binary options trading platform comparison, binary options trading plan, binary options trading psychology, binary options trading + q, binary options trading questions, binary options trading + r, binary options trading review, binary options trading robot, binary options trading room, binary options trading robot review, binary options trading real time charts, binary options trading regulations, binary options trading real, binary options trading recommendations, binary options trading + s, binary options trading signals, binary options trading strategy, binary options trading system, binary options trading signals review, binary options trading software, binary options trading signals franco, binary options trading scams, binary options trading sites, binary options trading signals free, binary options trading strategy youtube, binary options trading + t, binary options trading training, binary options trading times, binary options trading tools, binary options trading td ameritrade, binary options trading techniques, binary options trading tips, binary options trading tutorial, binary options trading tutorial pdf, binary options trading tricks, binary options trading the news, binary options trading + u, binary options trading usa, binary options trading united states, binary options trading using paypal, binary options trading uk, binary options trading uae, binary option trading uk reviews, binary options trading youtube, binary options trading system upto 90 accuracy, binary options trading legal us, binary options trading platform uk, binary options trading + v, binary options trading videos, binary options trading volume, binary options trading vs gambling, binary options trading vs forex, binary options virtual trading, binary options virtual trading account, free binary options trading videos, vault options binary trading, options trading vs binary options, track elite v1.2 binary options trading system, binary options trading + w, binary options trading wiki, binary options trading websites, binary options trading with franco, binary options trading with no minimum deposit, binary options trading what is, binary options trading winning strategy, binary options trading without investment, binary options trading with no deposit, binary options trading with bollinger bands, binary options trading with paypal, binary options trading + y, binary options trading yahoo answers, binary options trading youtube, binary options trading strategy youtube, binary options trading signals youtube, does binary options trading work yahoo, binary options trading + z, binary options trading new zealand, binary options trading + 1, binary options trading 101, binary options trading $100 minimum deposit, binary options trading top 10, $1 binary options trading, top 10 binary options trading platform, binary options 1 minute trading, 10 minute binary options trading system, binary options trading + 2, binary options trading 2014, binary options trading 2013, binary options trading 2012, binary options trading 24, binary options trading system 2014, binary options trading system 2013, binary options trading signals 2013, free binary options trading signals 2014, best binary options trading platform 2013, 24 hour binary options trading, binary options trading + 3, 3 binary options trading strategies for beginners, binary options trading + 4, binary options trading for beginners, binary options trading for dummies, binary options trading for a living, binary options trading for usa, binary options trading for us citizens, binary options trading for dummies pdf, binary options trading for free, binary options trading for mt4, binary options trading strategies for beginners, binary options trading signals for free, binary options trading + 5, binary options trading 50 deposit, 5 minute binary options trading, 5 minute binary options trading strategy, 5 min binary options trading strategy, binary options trading + 6, binary options trading 60 second strategy, binary options trading 60 seconds, 60 second binary options trading system, 60 sec binary options trading strategies, 60 seconds binary options trading signals, 60 second binary options trading hours, 60 second binary options trading demo account, 60 second binary options trading software, binary options trading + 7, binary options trading, binary options trading signals, binary options trading strategy, binary options trading system, binary options trading signals review, binary options trading review, binary options trading demo account, binary options trading platform, binary options trading in india, binary options trading forum, binary options trading + 8, assaxin 8 binary options trading system, binary options trading + 9, binary options trading system upto 90 accuracy, binary options trading system striker9, striker9 pro binary options trading system
submitted by optionsdomination to optionsdomination [link] [comments]

[Table] IAmA Reverse engineer who broke millions of hotel locks. AMA

Verified? (This bot cannot verify AMAs just yet)
Date: 2012-08-17
Link to submission (Has self-text)
Link to my post
Questions Answers
While there is no doubt that your expose' will only improve security in the long haul, what are you thoughts/feelings on the immediate impact of your findings? At the end of the day, I know that people will use this for malicious purposes, just like any important vulnerability that's disclosed. However, I have to balance that out with a question that's been on my mind for a long time: How many people used this before I even thought of it? How many people have been robbed or worse, because of these buggy locks?
Did you do any sort of responsible disclosure such as contacting Onity before going public? Covered at Link to www.reddit.com
I'm in the navy, and currently living in the barracks which are secured by these locks. This explains how a friend of mine had some of his stuff taken. Thanks for doing your part to stop this, we kind like our stuff here. Wait, they're using HT locks or CT locks? They look slightly different, and this stuff won't work on CT. HT is usually only used in hotels, whereas CT is used for commercial buildings, dorm rooms, barracks, etc. I know CT locks are used on some carriers, for instance.
What are you working on over at Mozilla? I work on Boot2Gecko, primarily doing gfx optimizations. Currently working on overscroll animations (what happens when you scroll a page too far).
Do you use Boot2Gecko as your primary phone or for any "serious"/actual normal stuff you'd use with your previous Android or iOS phone? Not yet. I use it as a side phone when I need it, but honestly I break it too often to do so. Sometime soon I'll set a phone aside for stable testing and dogfood it properly.
Why is it important to have an animation for it? Why not just have it have a hard stop? It feels very unnatural to have a hard stop.
Why doesn't Firefox/Gecko recognize my website's beautiful CSS3 stylized scrollbars? Sad. Couldn't tell you, sorry. I work much, much lower level than that; know nothing about the layout side of things.
None of our guests knew anything about it, so no having to deal with the fallout. Let me ask you, though, since I have your attention, what your beer of choice is? Depends on my mood. Overall favorite is Clown Shoes Black IPA, but I'm also a huge fan of Anchor Steam.
Clown Shoes? Damn, just looked them up and they don't seem to be available to California. Anchor Steam is a damn fine beer, though. Have you had their Breckel's Brown? So tasty and malty, like a biscuit. Don't believe I have. I'll check it out :)
Dude you're a MA guy? Western MA reporting in, Clown Shoes is AWESOME. Link to beeradvocate.com. Nope, sorry. NYC for a few more hours, then CT. Fell in love with Clown Shoes after they came to a local craft beer festival.
Also, something I was wondering earlier. Why didn't you give them a full heads up before releasing it full disclosure? Isn't it ethical to give them a warning you are going to release a pretty big vulnerability in a companies product? Tl;dr: I figured that getting the information out there and exposing this as the major issue it is was priority number 1; the safety issues involved make it a really risky proposition, and letting people know how bad things are was the best way.
I saw a couple options if I had gone to Onity with these issues ahead of time: 1) They file a lawsuit and keep me tied up in court to keep the info out of the public eye and save face. Result: information doesn't go public (and get fixed) for years. 2) They ignore it, I release everything. Result: same thing we have now. 3) They claim to fix it repeatedly and pressure me to hold off on releasing anything until X% of hotels are fixed. Result: nothing happens, ever; they fix it in an improper way and hotels never update. I eventually release, maybe. 4) They fix it quickly, get the fix out to hotels on their dime, and all is well. Result: Complete safety.
In my opinion, #1 and #3 are most likely. Either way, hotels continue to be unsafe for a very long time. That isn't okay in my book. This forced their hand such that they had to respond and fix the issues, and they're taking steps to do that now.
All of this is combined with the fact that I know I'm not the first person to discover this. It's simply too damn simple; how many people have used this in the past for malicious reasons? The cat has been out of the bag for many years, IMO.
Lets say you have 30 days until the presentation, you get an anonymous email address and send the company a description of the flaws with a note saying you will release the info to the public in 30 days and will not be checking your email until after that time. Maybe screenshot/record the mail being sent for evidence in case they deny it. In this scenario they have 30 days to fix the problem, they have no way to threaten you (or maybe they they could threaten the conference and this idea only works if you leak the info online independently?), and you can expose them as being even bigger pricks if they fail to take timely action to fix the problem. A decent idea, or not workable? That sort of thing would probably work if you wanted to remain anonymous while giving them a heads up. However, it seems like it'd increase your liability if you were to get into a legal battle after it.
Wikipedia tells me you were interested in computing by the age of four. What was it that got you interested at such a young age? I discovered a book on BASIC for the Apple ][E in my school library, and started tweaking the code in there, then started writing little text-based games; that was probably kindergarten or first grade. It was short (maybe 30-40 pages?) and IIRC its cover was orange with white lettering, if anyone has a clue. Would love to get a copy again.
The other thing was that I learned about EDIT.COM and opened the game Pilgrim's Quest in it, on my old 386. I was maybe 6 or 7, and I had absolutely no idea what I was doing, but I mashed keys and typed in words and such; it wasn't source, it was a raw binary. I ran the game, and the screen was completely corrupted, but on pressing a key, you'd hear a sound. Each key had a different sound. It was then that I realized that if you understood what these things did, you could be the master of a little universe of your own.
Of course, playing Shadowrun on the Genesis when I was a little bit older helped a lot. I still want to be a decker; hell, I even named my old OS "Renraku".
How does a 30 year old newbie learn to code? I'm not really sure. The hard part is just getting started, so maybe something like Link to www.codecademy.com could be of help.
I think the book you used was called "BASIC Programming for Kids." If so, that's the exact same book that got me into programming too! Link to www.amazon.com. Holy shit, I think you're right. Thank you!
Now that you've mentioned Apple, what is your opinion of Apple? I hear a lot of opinions here on Reddit regarding Apple, but I would love to hear what someone like yourself thinks of Apple or their direction/machines. I like some of their products (I couldn't live without my iPad, particularly) but despise their business practices.
I want to be a white hat security guy; how do I get started? my background is unix sysadmin/qa, etc. Learn to program in at least one high-level language (Python, Ruby, JS, whatever), learn to program in at least one low-level language (C is best, C++ is almost as good). If you want to work on the reverse-engineering side of things, learning assembly for at least one ISA (x86 is best) is a very good thing. If you want to work on the web side of things (which you'll likely need, at some point or another) then you have to understand how web development is done, how the web itself works, how JS works, etc.
Start from the top down; first step is the web. OWASP has lots of good information, but use it to just get a feeling for what's out there, then Google around.
Run through some web security challenges, e.g. HackThisSite, and use WebGoat as a test.
Read up on native security a bit -- learn the basics of buffer overflows and all that fun stuff.
Grab old versions of open source software with known vulnerabilities, and rediscover them. This applies equally well to native and web software.
Practice, practice, practice. Every time you encounter a piece of technology or a security process, think about how you could attack it. Take a shot at every piece of software you come across (-NOT- web-based services; that's generally illegal).
Surround yourself with people smarter than you are on every topic you're interested in. This is easy to do in the age of the interwebs.
I'm also writing a book on getting into security; the outline is available at Link to gist.github.com . The point of it is not to be a complete guide to every detail of every part of security, but rather to expose you to enough different things that when you need to learn something, you're able to. It'll be out... sometime before I die :P.
Are these generally the same set of instructions necessary for someone of less than honorable morals to learn to get into the criminal side of things? I ask out of curiosity if the difference is entirely intentions, because i'm really interested in psychology. Totally not a criminal and stuff :P. The only difference between an honorable hacker and a dishonorable hacker is what they do with their knowledge, not the knowledge itself.
Do you have an idea when this book will be released? I'm quite interested :) Can you suggest any other book(s) on the subject? I really have no idea. I'm about a quarter of the way finished, having started it maybe 4-5 months ago, so it's coming along pretty quickly. I'm happy with how it's turning out, though I have no idea how I'm going to publish it; some friends keep telling me to throw up a Kickstarter project to fund it, pay for an editor, etc but I'm on the fence still.
Ask you ANYTHING? well why don't we start with how do you do it? As in how it works? Well, there's a port on the bottom of the lock that's used to program the lock. That port allows direct memory access, enabling you to read the sitecode (unique code for the property) out of memory, then send it back up with the open command. No authentication is required, and it takes about 200ms for it to pop open. Full details are available at Link to daeken.com if you want more details.
Or do you mean how I actually got to that point?
Well I was actually jokingly asking you to disclose the secrets of your trade. Answer was totally unexpected and satisfactory :) First step is to figure out what your goal is. For instance, you may want to understand the model format in a game, so you can render them yourself.
Once you have your goal, think about how you would design the system you're trying to reverse-engineer. It doesn't have to be detailed, just a general idea.
From that, come up with a set of assumptions about the system. E.g. "there will be a field in the header that is roughly the size of the file divided by 12 (3 x 4 byte floating point values, for coordinates)". Then check each of those.
Once you've done that, rethink your model of how it works using the new information, and repeat until you figure it out.
It helps massively to know a little about everything, so you can draw conclusions about how things work just by seeing what it does. Yep. That example is real, btw -- I worked on reversing the Everquest file formats many, many years ago to write my own client for it. I was still in high school at the time; I printed out a couple pages of the hex dump of a few files in a given format, then I'd go over them with highlighters and figure out the specific bits. It's all about pattern matching and checking assumptions.
Even though I didnt understand a huge amount of acronyms in that it was still really interesting! thanks! Anything specifically? I might be able to clear things up.
Do you think the lock manufacturer will fix the vulns at least for newly produced locks? Or are there maybe even inherent protocol weaknesses that would make a patched lock incompatible with existing programming devices or cards or so? Fixing these vulnerabilities consists of two parts: changing the protocol for the portable programmer such that direct memory access is not possible, and changing the crypto to use a safe algorithm and a large key size (a 32-bit key on a terrible proprietary algorithm is very much Not Ok (TM)).
This means that the portable programmer and encoder both have to be changed, in addition to the locks. I can only hope they'll do all of this, and get it audited to know that it actually works properly.
So they need to replace 4 million locks and other stuff too. Wouldn't they be worried that a new RE will then come by and expose new vulnerabilities? They should be concerned about that no matter what. That's why I strongly, strongly recommend them to have everything thoroughly audited by independent security professionals. Will they catch everything? No. Will they catch these sorts of horribly obvious vulnerabilities? Absolutely.
Thought the mfr issued a statement that they were fixing "most" of the locks with a physical deterrent and "firmware upgrade"? Am I missing something? Am I in the wrong thread again?? Fuck! What they've described as their plan to fix these issues is, I believe, not actually going to solve everything. Details are at Link to daeken.com
Does Onity actually think that people don't have access to Torx bits? I'm sure they realize that people have them, but that it'll add quite a few seconds to the opening process, rather than it being instant. It also makes it harder to not be obvious that you're doing it or that you were there.
Honestly, it's not a bad solution, it just should be paired with fixing the underlying vulnerabilities.
Caleb from Hackaday.com here. Think they'll just ignore it like bump keys? Seems like so much money and trouble to go back and fix everything. I think that it's public enough that they'll be forced to do the right thing eventually and release a fix/recall in the future. I just don't know when that'll be.
How did you become so smart? College? Self-learning? If so, what did you read or follow? Everything I know was self-taught. I just found interesting things and started doing them. I'm actually a high school dropout, no college at all haha.
Why wasn't your presentation part of the normal blackhat briefings (the last two days)? Did one need more than a standard 'briefings only' badge to see your talk? I was frustrated to be excluded, having paid so much money for entry. They decided they wanted a "fun" presentation for the Zero Day Briefings that happened the night before everything, and I was picked for it. You didn't need any special badge, but it was woefully under-advertised. Amazed I got as many people as I did, honestly. That said, the presentation sucked -- my timing was totally off, so I ran through my 60 minute slot in... 30.
How many people actually came to your presentation? I assume only those from the trainings sessions ($5,000+ entry) were able to see your talk? For what it's worth, I'm planning on doing another one of it which will be livestreamed with a public Q&A. Not sure when, but I'll announce it on Twitter (@daeken) and my blog (Link to daeken.com) ahead of time.
Thoughts on Ada vs. C? Never wrote much Ada at all, so I don't have much of an opinion on it. C is my mother tongue (along with x86 asm) effectively, so I'm naturally biased towards it.
How much did you enjoy Stuxnet? Never looked into Stuxnet at all; malware doesn't interest me in the least.
Is reversing as boring as I imagine it? Reversing for me is amazingly interesting. Don't get me wrong, it definitely gets old sometimes. But it's a combination of the ultimate application of the scientific method (ok, this is how it would work if I designed it... what assumptions can I make from there, and how can I check them? Rinse, repeat) and putting together mental jigsaw puzzles while only having hints of what the image should be. I love it.
How does it feel to work in a field society absolutely doesn't give a shit about? Are there actually organizations out there that care about IT security in a way that deserves the word? Law firms? Drug cartels? The Vatican? I'm in it for the challenge, above all else. While most people have no idea what I do and those that do frequently dislike it, it's immensely challenging and fun for me. The money helps too, of course.
Can you tell me any secret IRC rooms where reversers hang out to be away from the noobs? PM me if necessary. I don't really know of any. I hang out in a lot of IRC channels, though, where this sort of thing is discussed in passing frequently, but they're mostly social. PM me on Freenode (nick is Daeken) if you want to join any of them. Also, #lockresearch (Freenode) is a channel I started to continue the Onity work, if you're interested.
Do you know of any secure hard-drives where the ATA security feature cannot be circumvented by firmware update or overwriting certain disk sectors? If not, are there other ways to reach this goal like cutting write-enable pins to flash chips? Never looked into ATA security stuff, sorry.
What do you think about the "oh, we'll send out some screws to stick into the reprogramming hole" response from the vendor? Would you stay in a hotel room with that patch applied? I think it's actually a really nice temporary fix, and I think it's good to have it there even once these issues are fixed -- after all, there are likely others there. It's not perfect, but it raises the bar slightly, and that's a good thing. The rest of the response... not so much.
Honestly, the likelihood of anything happening to you (even if you left the door latch off and had a vulnerable lock) is tiny. I always throw the door latch/chain on when it's available, but I don't stress about it. If someone wants to rob me or whatnot, they'll do it.
Did you get any blow backs from this? Like did any hotels or security companies (the lock companies) get pissed at you? I'm sure a lot of people are pissed at me, but outside of some rude comments on the internet (gasp) I haven't heard a thing.
Favorite sandwich? Reuben with thousand island dressing. Pretty much all I ate for a week after moving to NYC.
Damn, I replied before that we had very similar introductions into computers and now this. Are you the black hat version of me, though we both love Reubens, our universal weakness? Lots of sauerkraut, no lean meat, go hard or go home? Wouldn't the blackhhat version of you eat pastrami sandwiches instead? Then again, I do love pastrami...
You're in NYC now? I just moved away after several amazing years. Enjoy! Try the burgers at Paul's on 8th. Good work on getting a repeatable hack on these locks published. Now I can finally use the pool at the Hilton! I've been in NYC for a little under two years, but I'm actually moving to CT tomorrow haha.
Living in NYC, moving to CT, computer knowledge... Are you Foamy? Nope, sorry.
How does one get started in reverse engineering? Learn C.
Learn x86 assembly (start by compiling C you write down to assembly and reading it, then get your friends to write some stuff and compile it for you, then decompile it back to C by hand)
Start digging into every protocol and file format you can find. Pick a goal (e.g. I want to write a model viewer for WoW) and jump into it.
Practice, practice, practice.
If you want to go down that path, shoot me a PM on Freenode IRC; nick's Daeken.
I see from other comments as well that you are an advocate of C. What are your thoughts on C vs C++? C++ has its place, much as I hate to say it. I've recently begun relearning C++ properly, along with Boost, so that I can make use of Cinder. I don't completely hate it.
One of the reports mentions your code/device failing to open some locks in a few cases. Was that just a matter of your stuff being mostly proof of concept code that needed refinement, or were the locks any different from what you had been working on previously? I know that the locks were different (in that they used slightly different boards), but the key problem was a timing issue with my Arduino sketch. The night before the Forbes demo, I hacked the sketch up to add some extra functionality (reading out the code key values needed to make master cards, in addition to just opening the door) and I'm fairly confident that screwed up the timing, which I calibrated carefully a long while back.
Outside of some random documentation issues and a little bug in the code, I'm fairly certain that the code that I released in my paper (largely the original code) works 100% of the time. That's definitely been what I've heard from people who have tested it. Not sure how I feel about that.
How I'd solve this: Port it to a much faster uC, run your communications code in a fast high priority interrupt handler, will be rock solid. I think a PIC32MX7 would probably do it. Yep, a number of people have built independent implementations on random uCs and had full success.
Have you ever used your skills for something mischievous? or for a personal gain? Mischievous, not really. For personal gain, nothing directly outside of just using my skills for work; my projects like these have ended up boosting my reputation and making it easier to get work, so that counts I guess.
Did you see the industry having to do a complete overhaul of their procedures? Or was that the point? That was the point, by and large. The Onity vulnerabilities are terrible and obvious, and obviously need to be fixed, but I think the bigger picture is: there are plenty of other lock vendors, and I'm sure they aren't that much better. Security -- real, hard security -- needs to be the norm here, and that won't happen without getting some knocks.
Did you ever fear repercussions by Onity? I mean you're hurting their business and public image quite a bit. Fear? Not so much; I feel I've done the right thing and stayed within the bounds of the law. I'm surprised there hasn't been an attempt to 'shut me up', though.
Are you working on your next big hack? If so, can you give us a taste? You know, at this point I have no idea. I'm amassing hardware hacking equipment at the moment (well, putting in orders; moving tomorrow, so I had to wait), so something will be coming eventually. Mainly focusing on work, demoscene stuff, and some independent consulting at the moment.
It's very likely this won't be the last of the lock stuff I do. I've got some things on my mind, but I have no idea what will come of any of it.
Do you have more information on reversing the Emotive brain-computer interface that can be publicly released? I wrote about my reversing process at Link to daeken.com It's currently maintained as part of Link to www.openyou.org
If you have any questions about it beyond this stuff, feel free to ask. That was a fun project.
Cheers, Cody. (Awesome name for a hacker, btw) Definitely something I'd like to get involved in when my programming skills are less shit. The brain hacking thing's sure to be a big thing in the future - especially now there's a cheap consumer virtual reality headset on the way. Well, if you're interested go ahead and jump on ##reversing on irc.freenode.net -- just started it to help people get up to speed.
Is there anything else that you like to do with your spare times besides reverse engineering things? In terms of tech, I spend a lot of time working on demoscene productions and writing random little apps/tools. Otherwise, just doing things with the girlfriend; seeing movies, going to plays, bowling, shopping, etc. I'm pretty boring, generally.
Occasional acid flashback? We don't talk about that these days. Not after the incident.
I heard that when they tested your hotel door unlock scheme on several randomly chosen hotel locks, it only worked on a small percentage. Covered that at Link to www.reddit.com
So, I see a lot of questions about security and whatnot, but I have something totally different to ask you. What do you do for fun? Things both in and out of the realm of CS. First part is covered at Link to www.reddit.com
Do you ever do random challenges for the heck of it (like writing a Befunge interpreter in Befunge, for example)? Or do you strictly do stuff like that for work? I do a lot of random challenges in programming/reversing/security. Bug bounties (see Link to www.ccbill.com ) are a lot of fun, and I used to do a lot of esoteric language work ( Link to esolangs.org ). Also, a lot of Project Euler; it's slow going, though, since I don't allow myself to Google anything, ask questions, etc.
That's pretty awesome. I don't think I'm good enough at programming for any serious bug bounties, but I totally respect people who are. I used to do a ton of work in esoteric languages (mostly Befunge '98 and Piet) but the esolang community seems to be all but dead lately. Hey, nobody starts out awesome. It takes a lot of work to get to the point where you can totally dominate bounty programs; start small and work up. Simple sites like CCBill (whose bug bounty program is unfortunately terminated. May or may not have been my fault...) are a great place to start.
Can you break the lock on my Chasity belt I lost the key?!? Given the 'Lord' in your name, I believe I will pass ;)
How many hotel owners do you think even care or will bother to change this? For the majority of the people staying, no one would even realize that this is a flaw in the particular hotel they're staying at. So how/why would owners actually go ahead and do this fix, especially since its going to be out of their own pockets? How do you convince them to change it? Lots will care, simply because of the black eye the industry as a whole is getting in the press right now. However, I think many won't do anything about it, simply because they do have to pay for it themselves. That's why I believe that the responsible response from Onity would be a proper recall, at their expense. It's the only way that hotels are going to fix this.
Is it true that you find this easy but riding a bike very difficult? Quite so.
What ever happened to that chair you hate? Hah. I have no idea. Do you still have the sound bite of "Fuck! I hate this chair" ?
Purely hypothetical of course, but would it have been possible to make a little more money...doing this the other way? Are those routes possible? Are there people who are interested? Where there's money involved, there's always a moral and immoral path; someone will always be willing to throw you some money.
Have you figure out, how to unlock the heart of a woman? I believe so, yes.
I may be very naïve with this question and stuff but I really want to get into hacking/security. However, I really want to learn a programming language too. With what programming language would you suggest that I start with? I was thinkig between Python and C. Thanks in advance! I absolutely recommend both Python and C. They're the two languages I use most commonly. From there, go for x86 assembly.
Oh man so much thanks for answering! I honestly didn't expect you to answer my little question in this thread of a 1000+ replies, thanks a lot man! I'm making an attempt to answer every reasonable question haha.
You said a while back here that you were working on a book about software emulation. Is this still in the works? It is. Sort of. I wrote half the book, scrapped it, wrote half the book, scrapped it again. I can't come up with anything that 1) teaches the things I want to teach, 2) isn't a million pages, and 3) actually makes sense to anyone but myself. If it's ever going to work, it's going to be in the form of a bunch of separate ebooks on specific issues, I think.
Why didn't you tell the lock manufacturer and hotel chains instead of blasting it to the entire world so everyone can break into any hotel room? Covered this all over the thread, but here: Link to www.reddit.com
Like a bikechain that can be broken through with lockcutters? I don't think security through obscurity works anywhere, but just like on the interwebs, anything that raises the barrier to entry makes things safer, even if not more secure.
Can you comment on my thoughts above? As for how long it takes to open a lock with the vulnerabilities described in the paper, you're several orders of magnitude off; you plug a device into the lock (which can be done in under a second), it opens in 200 milliseconds or less, and you're in.
Last updated: 2012-08-22 11:01 UTC
This post was generated by a robot! Send all complaints to epsy.
submitted by tabledresser to tabled [link] [comments]

Binary Options Strategy 2020  100% WIN GUARANTEED - Deposit $10 Whitdraw $1,530.79 -Trading in Real DeltaRiver Binary Options Trading BINARY OPTIONS STRATEGY Easy Binary Options Strategy 2020 trading binary options strategies and tactics free - 2020 - 6 Binary Options - Profitable Strategy (2)

Please, be aware that Binary Options trading is risky. Any operation with Binary Options should be done in compliance with your objectives, risk and money management. FinMax sells Binary Options at a price which may differ from the current market quotes. Only admitted users may trade with FinMax. A clear and practical guide to using binary options to speculate, hedge, and trade. Trading Binary Options is a strategic primer on effectively navigating this fast-growing segment. With clear explanations and a practical perspective, this authoritative guide shows you how binaries work, the strategies that bring out their strengths, how to integrate them into your current strategies, and much Binary option bitcoin mining and forex trade As an investor or trader in binary options, you are interested in knowing about the health of the balance sheet, income. We also aim to cater to the trading needs of advanced traders, so we included some advanced topics as well eBook, Trading, Options, Binary Options, Anna Coulling. "Options Trading Crash Course" breaks down everything you need to know on trading options and making an income from your investments in a simple step-by-step guide. This book is specifically written with beginners in mind but by the time you're done reading it, you might feel like an expert. At just 82 pages, it's a pretty quick read but as the Generate Daily Income from Financial Markets: a beginner’s complete blueprint of trading binary options – Sid Bhattacharjee. Aimed at newcomers, this book provides a personal and pragmatic overview of binary options as a trading instrument.

[index] [22389] [12263] [8805] [17880] [18255] [28634] [18592] [16681] [3682] [24585]

Binary Options Strategy 2020 100% WIN GUARANTEED - Deposit $10 Whitdraw $1,530.79 -Trading in Real

Trading binary options strategies and tactics ebook trading binary options strategies and tactics review price . Binary options strategies episode 1 reveals a guide using binbot pro as a primary ... DeltaRiver Binary Options Trading - Duration: 6:36. Price Action LMBO 72 views. New; 6:36. 12 Year Old Boy Humiliates Simon Cowell - Duration: 5:37. LosGranosTV Recommended for you. Trading binary options strategies and tactics ebook trading binary options strategies and tactics review price .Please like this video and subscribe and i will release more trading strategies on ... Binary Options Trading Strategy - Weis Wave Volume Indicator - Duration: 12:42. Online Investment Tutorial 1,099 views. 12:42. Top 7 Beginner Investing Mistakes (DON'T DO THIS) - Duration: 20:21. ... I have been trading in binary options for more than two years. My video demonstrates the best binary options trading strategy. My channel was created for those who want to watch me trade on binary ...

Flag Counter