“The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. ” Volatility GitHub
Kali Linux has dropped volatility from their new release and you won’t be able to install it as usual apt-get install. You can go to GitHub and get info to install it via volatility download https://www.volatilityfoundation.org/releases. But when you start running it you will see many error pop up. This mainly due to no python availability in new debian and missing dependencies.
It took me few hours of fiddling around with various package install and reading through many post. But this is the method I was able to test and get it working.
I’ve recently face an error with Kali Linux install in VMware Player and even after giving ample enough space /resources it was keep falling with install step failed and I’ve confirm that VM installer has internet access.
This is pretty much loop back even after restart the install. I’ve tried many times and different methods to install and come back to screen saying hit continue and it will bring up menu that you can skip the step of installing software, pretty much you will loose the GUI and all Kali packages.
After few hours browsing and cursing this the method I used to get kali install and functioning.
**** Basically hit continue and once you come to next step where you have option to skip,skip the step and installer will continue but when kali boot back you will be presented with basic debain shell.
****Log into the shell with your username and password then run these in a order and reboot. Make sure that your Kali can reach to the internet.
This command will install GUI XFACE, after install you will be able to log into Kali GUI.
***sudo apt-get install kali-desktop-xfce
Then you need to update kali install,
***sudo apt update
After this kali need to download base tool set via meta package install. This step will install base Kali tool and some other top tools. You can refer to this link for Kali meta packages in detail https://tools.kali.org/kali-metapackages
***If Above came as yes run Dism.exe /online /Cleanup-Image /StartComponentCleanup
***DISM /Online /Cleanup-Image /RestoreHealth
My case above didn’t work for whatever the reason and had to mount original server install ISO and ran below command and repair via WIM file in OS install ISO
Dism /Online /Cleanup-Image /RestoreHealth /Source:wim:X:\Sources\Install.wim:1/limitaccess ( X was the drive letter for my ISO)
Make sure to run all command in Admin mode in CMD.
As Cisco jabber released a new version to fix some security vulnerabilities, I had a opportunity to mass update the existing jabber versions. Below is tested script that I used to successfully deploy the Jabber 12.9.1 version to all Windows endpoints. You can edit this as needed and deploy Jabber 12.9.1. My script basically removed existing Jabber 12.8.1 and 12.6.2 and install latest 12.9.1.
Here are the steps for how to do it in short form,
*** SSH into the switch or console connect.
***show crypto pki certificates —– to get the certificates and show you all the certificates. This will show you all the switch certs and you will be able to locate expired one.
***Locate the ID of the cert that has expired date and it will usually show you something like TP-self-signed-51XXXXXX
***Switch to privilege mode
***no ip http secure-server ——-disable https server before do any renewal
*** no crypto pki trustpoint TP-self-signed-51XXXXX —- this id you were located running first command
***ip http secure-server ———re enables the https server and generates a new trustpoint and certificate
*** do show crypto pki certificates – check the new cert is there with new validity period
But after straight forward upgrade and testing everything was fine except SCCM, reporting will not load and was throwing an error Failed to load expressions host assembly. But SQL server was working without an any error.
****Basically, copy srsresources.dll from old SSRS install location which was in my case was in \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\Report Server\Bin
TO
New SSRS location \Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\Report Server\Bin
****Then find rssrvpolicy.config file in new SSRS install (\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\Report Server\Bin) open with note pad
****Then search for the SRSResources URL within note pad and change the URL to new location where DLL copied in first step.
Recently, I had to renew one of the remote desktop server farm SSL certificate. There are many instructions and videos for renewal of self-sign SSL for RDS gateway but there are only few places I was able to find anything for trusted SSL renewal.
In this blog I’ve used images from windowsserveressentials.com ( https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/), because I really didn’t have chance to take snapshot of every step I did and cannot risk leaking any info on servers I worked on( if I forget to black out some parts 🙂 ). But basically cert renewal is the same and no difference initially with few important changes. Server I worked was 2016 Server.
****First, open IIS Manger and click on Server name.
****Then click on server certificate about to expire and right hand top corner click on create certificate request and this will bring up certificate request wizard. In this fields make sure to fill the name as exactly as current rds gateway name and choose bit length as 2048.
****Then save the cert request where ever you want. But I usually save to the root C:\Cert\2020. So I can keep track on old certs too. Just in case if I need old one I’ve it close by. This a text file with all the crypto info.
Then head to your favourite SSL provider and complete the cert renewal. My cert provider was Go daddy and usually godaddy auto renew SSL but cannot use this SSL due to the fact that it is missing private key info from the server. So basically click on cert and copy and past entire certreq.txt file info and request the SSL from Go daddy.
****Then Go daddy will do it things and send out email to whoever mange domain to confirm cert renew. In this case I had access to the email account who mange the domain. Once you go daddy issue cert go ahead and choose IIS as a cert and download to the server cer location. I choose C:\certs\2020.
****Then we gonna go to next step and open IIS Manger again and same place click on complete cert renewal. Then select the CA issues cer and name the cert complete the request which will install new SSL on IIS.
****After cert install SSL need to bind into port 443 in order to be active.
****So we are done with SSL for IIS, then need to assign cert for RD Gateway. Open TS Gateway Manager and right-click the local TS Gateway server, and then click Properties.
****On the SSL Certificate tab, click Select an import and it will show certificate just install in IIS and you can simply install it. After that Click OK to close the Properties dialog box for the TS Gateway server.
I’m sure anyone of you log onto server notice that server manger start automatically. This is particularly issue for remote desktop environment when regular user log in, they will be presented with server manger. I’ve no idea why Microsoft allow this in RDS environment in first place. Anyways, here how you can disable it for all users.
There is two way you can do this first via GP, which is my preferred method.
First bring up group policy editor and create a GP and navigate to Computer configuration, Administrative Templates, System, Server Manger and then open ” Do Not Display Server Manger Automatically at logon” and click enable.
Otherwise, ( But this will need to be run on each servers) run power shell in admin mode,
Get-ScheduledTask -TaskName Server Manger | Disable-ScheduledTask -verbose