At some point we all need to obtain specific data of users to further analyze.
With this PS script you can get a specific data from a certain OU and export to csv.
Get-ADUser -Filter * -searchbase 'ou=your_ou_name,dc=yourdomain,dc=yourdomain' -Properties * | Select-Object Name, Pager | export-CSVresults.csv -NoTypeInformation -Encoding UTF8
With this script I can get the user name and the pager number on a CSV.
You can find what the objects you can use by using: Get-ADUser -Filter * -Properties *
Be aware it will display all users. So Ctrl+c in the middle of and search for your desired field. Or restrict your search base.
The file will appear on the path displayed on the powershell cmd when you open it.
Wednesday, 27 November 2013
Thursday, 17 October 2013
CryptoLocker Malware
Since there is allready lots of info about this malware in English I am providing a few info in Portuguese:
Está a circular na internet um novo tipo de malware, neste
caso um ramsonware. Entitulado de Cryptolocker.
Como é que fico infectado?
1.
Por emails
falsos que fingem ser da UPS, Fedex, DHL, etc a indicar que temos uma encomenda
à espera de ser recebida ou algo do género.
2.
Através de
sites que estejam vulneráveis a este tipo de infecção.
3.
Através de
Trojans que fingem ser programas necessários para ver videos online,
típicamente encontrados em sites Porno e de SportTV online.
O que acontece quando fico infectado?
Uma vez activa a infecção no
computador vai percorrer as drives (locais e de rede) e encriptar os
seguintes tipos de ficheiros com uma mistura de encriptação RSA e AES: *.odt,
*.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx,
*.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg,
*.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai,
*.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw,
*.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef,
*.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f,
*.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7cThe
Após um tempo, tipicamente o
tempo que demora a encriptar os ficheiros aparecerá uma janela semelhante a
esta abaixo, que vai pedir um resgate de 100 ou 300 US$. O pagamento pode ser
feito por Bitcoins, Moneypack, Ukash ou CashU. E aparecerá uma contagem
decrescente para o fazer!
Há alguma forma de recuperar os ficheiros?
Infelizmente não. Desencriptação por força bruta não é
possível no tempo que é disponibilizado e todas as ferramentas que têm surgido
têm-se revelado ineficazes.
A única forma de não ser infectado por este e outro tipo de malware é usar o bom senso e não abrir emails suspeitos, sites, etc.
A única forma de não ser infectado por este e outro tipo de malware é usar o bom senso e não abrir emails suspeitos, sites, etc.
No caso de se ter sido infectado a única forma de recuperar
os ficheiros é através de backups que tenham sido feitos.
Monday, 30 September 2013
VMWare: unable to connect to the mks login (username/password) incorrect
This error can present while opening a console for a virtual machine.
There can be several reasons for this error, but what I have encontered the most is a DNS problem.
Check if you can ping the VMWare hosts and the Vcenter server by their name, if not add them to the DNS.
There can be several reasons for this error, but what I have encontered the most is a DNS problem.
Check if you can ping the VMWare hosts and the Vcenter server by their name, if not add them to the DNS.
Just like that, no firewall issues or editing vmware config files.
Tuesday, 24 September 2013
Windows 8 Black Screen / Flickering on boot with dual VGA (Intel HD Graphics & Geforce)
This happened to me on my desktop whith a Asus P8Z68-V motherboard.
I have 3 monitors and so I needed a second VGA for the two secondary monitors.
I had an old Geforce 8400GS laying around and so I decided to use it.
I wanted my main VGA to be the onboard Intel that amazingly has better performance. So I setted up on Bios as main VGA.
All went fine until MS did their number... Windows update changed the Graphics adapter driver.
I was unsuspected of that until I rebooted the pc. The log on screen was not to be seen but only a black flickering screen. So after some trial and error here is what I did.
I went to the bios and changed the main VGA to be the Nvidia. Booted normaly. I found out after many tries that Windows keeps getting the Nvidia driver from the internet regardless if I disabled that option in Windows Update.
So you need to Run "gpedit.msc" and go to: Computer Configuration - Administrative Templates - System - Internet Communication Management - Internet Communication Settings - "Turn off Windows Update Device Driver Searching" and set this to ENABLED.
Download the latest Nvidia driver, run the installer, let it extract the driver and then cancel it.
Delete all Nvidia folders on program files.
Go to safe mode, uninstall the device in device management and make sure to tick the option to delete the driver.
In the windows folder search for the usual Nvidia files such as nvdisp.ini, make a search for Nvidia and nv*.* and delete everything related to Nvidia.
Reboot.
On Device Manager, your Display adapter should appear as "Microsoft Display Adapter" instead of the WDDM drivers for your card model. If not you must retrace the steps.
Right click the "Microsoft Display Adapter" and hit "Update Driver Software". Select "Browse my computer for driver software", then "Let me pick from a list of device drivers on my computer" and then select the "Have Disc" option.
Point Windows to the file "nv_disp.inf" that will be in your Nvidia folder, mine was: C:\NVIDIA\DisplayDriver\327.23\Win8_WinVista_Win7_64\International\Display.Driver\nv_disp.inf
Reboot, set your Intel VGA has main adapter once more and pray for uncle Bill for it to work.
And that should be it.
Hope it helps someone lost on the interwebs with the same issue as I.
I have 3 monitors and so I needed a second VGA for the two secondary monitors.
I had an old Geforce 8400GS laying around and so I decided to use it.
I wanted my main VGA to be the onboard Intel that amazingly has better performance. So I setted up on Bios as main VGA.
All went fine until MS did their number... Windows update changed the Graphics adapter driver.
I was unsuspected of that until I rebooted the pc. The log on screen was not to be seen but only a black flickering screen. So after some trial and error here is what I did.
I went to the bios and changed the main VGA to be the Nvidia. Booted normaly. I found out after many tries that Windows keeps getting the Nvidia driver from the internet regardless if I disabled that option in Windows Update.
So you need to Run "gpedit.msc" and go to: Computer Configuration - Administrative Templates - System - Internet Communication Management - Internet Communication Settings - "Turn off Windows Update Device Driver Searching" and set this to ENABLED.
Download the latest Nvidia driver, run the installer, let it extract the driver and then cancel it.
Delete all Nvidia folders on program files.
Go to safe mode, uninstall the device in device management and make sure to tick the option to delete the driver.
In the windows folder search for the usual Nvidia files such as nvdisp.ini, make a search for Nvidia and nv*.* and delete everything related to Nvidia.
Reboot.
On Device Manager, your Display adapter should appear as "Microsoft Display Adapter" instead of the WDDM drivers for your card model. If not you must retrace the steps.
Right click the "Microsoft Display Adapter" and hit "Update Driver Software". Select "Browse my computer for driver software", then "Let me pick from a list of device drivers on my computer" and then select the "Have Disc" option.
Point Windows to the file "nv_disp.inf" that will be in your Nvidia folder, mine was: C:\NVIDIA\DisplayDriver\327.23\Win8_WinVista_Win7_64\International\Display.Driver\nv_disp.inf
Reboot, set your Intel VGA has main adapter once more and pray for uncle Bill for it to work.
And that should be it.
Hope it helps someone lost on the interwebs with the same issue as I.
Friday, 26 July 2013
Subscribe to:
Comments (Atom)