Training Resource
Who Destroyed Three Mile Island? makes a compelling argument as to why organizations should focus on the systemic causes behind major failures, rather than just assigning blame. In this fascinating talk, Nickolas Means offers specific examples from the famous nuclear disaster that illustrate why the perspectives of key players must be examined if we want to make our teams stronger and avoid future problems. A valuable lesson that can help build truly strategic leadership skills for any IT manager!
How to Crash an Airplane is a natural companion to last week’s item on Three Mile Island. But this time, team optimization is approached from the positive side: In a worst-case scenario, what makes a team come together to achieve the impossible? This entertaining, informative presentation helps you understand specific dynamics to cultivate in your team in order to help them overcome obstacles. This guy is one of the best presenters I’ve seen. You learn something with every one of his talks. Put one in every one of your releases until you run out of them.
Conferences
PWN2BTC: A smart contract & crypto hardware exploitation competition on June 7th, as a part of Off The Chain. If you pwn it, you keep the crypto.
LocoMocoSec: Registration costs increase after June 7th, so get your tickets soon! If you do, I’ll see you June 27-30 in Honolulu 😎.
ROOTCON: CFP open until July 25, conference September 28-30 in Manila.
Tutorial
The Art of Command Line offers a concise set of helpful notes and tips for using the command-line in Linux. The guide is intended for all skill levels, covering topics that range from basic to advanced—including some rather obscure hints that are nonetheless valuable. Adds, “…as many of us are constrained to windows environments in many scenarios (dang msft shops), this is a neat read to remind yourself of things, learn a few new things, etc.”
Top 10 Microsoft Graph PowerShell Cmdlets for Office 365 Admins is a nice tutorial on how to perform your O365 reporting with PowerShell cmdlets. Includes instructions on how to generate reports on users, licenses and groups; plus how to export Microsoft 365 Reports to a CSV and view in Grid View.
BurningIceTech YouTube Channel offers some great training courses on Microsoft products as well as a few featuring other vendors. Some courses are designed to help you pass an associated international certification exam, while others are aimed at general knowledge or troubleshooting. The material is presented by an internationally certified training pro with more than a decade of experience.
Tip
System for patch-cable labeling:
Use “a date-sequence number, like yyyymmdd-xxxx, where xxxx is a zero-padded sequential number. If new patches [are] added, [you don’t] need to try to figure out the last used number, as any day would start at 0001. You’re databasing the patches, so all you need is a unique id for the patch.”
Some perspective on interviewing candidates to avoid screening out good people:
“[M]ost people don’t interview well. It’s just not something they do much, and they’ve never learned how to do it. So if you hit them with vague questions, they’ll fall apart. Add to that: most people want the job. In some cases, they really NEED the job. That ratchets up the stress level.
I gave up asking bare technical questions. I just talk to them. And while doing so, I’m able to embed technical questions. Within a few minutes, I can tell what the person knows and also find out a lot of other things that simple technical questions won’t reveal.”
Cheat Sheet
Bash Redirections Cheat Sheet is a convenient, one-page resource to help jog your memory for occasions when you’re working with redirections in bash. There’s also a nice companion blog post on the topic here. Explains, “If you do use Linux/Cygwin/WSL/whatever command line, [this] is a really valuable guide to redirection.”
Free Tool
BatteryInfoView is a utility for displaying all the essential information about a battery’s health and specs on laptops and netbook computers. Details include manufacturing info, charge status, capacity, voltage and more. Also provides a log window that can track battery status on whatever time interval you like.
Mail PassView is a simple password-recovery tool for revealing account details for email clients in a large variety of programs. For each email account, the following fields are displayed: account name, application, email, server, server type (POP3/IMAP/SMTP), user name and password. Finds it “great to get people off imap into exchange as you can script and scoop passwords.”
Tmuxinator allows you to more-easily manage your tmux sessions using a single command. Explains, “without it, tmux is pretty much the same as screen for me… pseudo example: ‘tmuxinator clients’ would open a tiled window with 16 windows with ssh to 16 clients and sync input after login.”
paping is a cross-platform tool for TCP port testing that emulates the function of ping for cases when ICMP has been blocked. Allows you to repeatedly scan the same ports to determine if a service is responding. Calls it an “invaluable TCP port ping tool for Windows platforms.”
DNSQuerySniffer is a network sniffer utility that shows all the DNS queries being sent on your system. Displays: host name, port number, query ID, request type (A, AAAA, NS, MX, and so on), request time, response time, duration, response code, number of records, and content of the returned DNS record. Useful “to see who is still using the DNS server I’m trying to decommission.”
PrivateBin is an open-source online pastebin for absolute data privacy. Encryption/decryption occurs in the browser using 256bit AES in Galois Counter mode, so the server never has access to any of your data. Adds: “Requires hosting on something, but free open-source paste bin for sharing secure credentials, one-time burn after reading links, etc.”
WSL gives you the ability to integrate Linux tools like Bash or Grep within Windows tools like PowerShell or Visual Studio Code—without the need to dual-boot. Explains, “I use this for SSH instead of putty+pageant along with Ansible. It’s a much better experience. Plus, it’s nice having a quick and easy bash console sometimes.”
Uyuni (@UyuniProject) is an open-source solution designed to facilitate automated deployment and infrastructure management for those tasked with managing hundreds or even thousands of Linux machines. Adds, “It’s a fork of Redhat’s Spacewalk but fully up to date. Also known as suse manager, but supports many more distros.”
Microsoft Security Compliance Toolkit 1.0 is a set of tools to download, analyze, test, edit and store the recommended security config baselines for MS products as well as comparing them against other configurations. It can “export and import local group policy to human readable files.”
Appwrite is an end-to-end backend server that makes it easier to build a modern backend API from scratch as well as making it faster to build secure apps. Explains, “It’s a general purpose backend tool with a feature set comparable to Google’s Firebase, plus it’s self-hosted and open-source. If you’re building web apps, there’s probably something useful in Appwrite for you to use (you can disable unwanted services). You can do authentication, OAuth, user management, file storage, cloud functions, database, and a load of other features… It’s useful if you want to build and host your own web/mobile apps and own your own deployments and data. I use it personally for building Discord bots, ‘cause I don’t want people snooping my chat data.”
PoolMon can help you determine if you have a kernel-mode memory leak by monitoring the pool memory usage by pool tag name. Explains that it’s “from the Windows SDK/WDK package. [It’s] great for identifying memory leaks in programs!”
Jupyter Notebook is a simple, streamlined web app for creating and sharing computational documents, with support for over 40 programming languages. Help work through python for those of us that are inexperienced.
changedetection.io is a simple, self-hosted website change detection and notification service. This open-source tool is designed as a simpler alternative to Visualping or Watchtower that alerts you to any text changes on the monitored web pages.
Portmaster is an open-source monitor that allows you to see all the network activity on a computer to expose questionable activity from applications that may be up to no good. Suggests it as a “Windows firewall and network monitor.”
Website
Petri is a professionally oriented IT knowledgebase with an extensive library of how-tos, news, industry perspectives, webinars, conferences, whitepapers and more—all intended to help sysadmins solve problems, become more effective in their work and advance their careers. You’ll find a ton of useful information on Microsoft products as well as dozens of other IT platforms and technologies.
DZone.com is an online community and knowledge resource aimed at professional software developers. Features information on the latest trends and loads of user-generated content on on new technologies, methodologies and best practices. While anyone can submit articles, everything is reviewed by experts to ensure consistent quality.
Podcast
IPv6 Buzz is another targeted offering from Packet Pushers that features a team of seasoned experts discussing IPv6-related networking, design and architecture. Subscribe: iTunes | RSS