• List of iSCSI Mutual CHAP Posts by OS
  • Tools and Utilities for Windows
  • Unix and Linux Distros

slice2

slice2

Monthly Archives: July 2013

Using cipher.exe on Windows to purge deleted files for good.

20 Saturday Jul 2013

Posted by Slice2 in Security, Windows

≈ Leave a comment

Tags

Security, Windows

It’s well known that when you delete files and folders in Windows they are not technically deleted.  When you delete a file, the disk space used by these files is tagged as available for use. This allows the files to be reconstituted using various free recovery utilities such as SoftPerfect’s File Recovery or Piriform’s Recuva. The blocks must be overwritten to actually eliminate them completely.

Windows has a native utility named cipher.exe that can wipe those pointers and make sure the data is actually purged. Cipher.exe can overwrite all free space on your disk thus insuring files you have deleted and actually gone.

This is a safe utility. I have run this command many times over the years. You can also setup a scheduled task and run weekly to keep your systems clean. Launch a command prompt as administrator (right-click cmd.exe and select Run as administrator) and type the following:

c:\cipher /w:X where X is the drive letter you want to clean.

You can run this on your c:\ drive without any issues. Also note that the larger your drive, the longer this will take. For reference, a 1TB drive 3/4’s full took about 3 hours.

Example (this is on Windows 7):

C:\Windows\system32> cipher /w:c

To remove as much data as possible, please close all other applications while
running CIPHER /W.
Writing 0x00
………………………………………………………………………………………………………….
Writing 0xFF
…………………………………………………………………………………………………………..
Writing Random Numbers
…………………………………………………………………………………………………………..

C:\Windows\system32>

 

Further reading on cipher.exe options is available here:

http://technet.microsoft.com/en-us/library/cc771346(v=ws.10).aspx

Nessus now audits NetApp Data ONTAP

16 Tuesday Jul 2013

Posted by Slice2 in Nessus, NetApp, Security

≈ Leave a comment

Tags

NetApp, Security

From the Tenable blog post:

Nessus recently added capabilities to perform configuration and compliance audits in two major areas of the enterprise. First, Tenable added the ability to audit enterprise Cisco networking equipment, namely Cisco’s Nexus NX-OS. Then, we expanded and greatly enhanced support for auditing VMware vSphere and vCenter. Now, we’ve added support for auditing NetApp Data ONTAP storage devices. The new .audit is primarily based off the NetApp hardening guides (technical reports TR-3649 and TR-3996).

http://www.tenable.com/blog/nessus-now-secures-netapp-data-ontap

When all you have is ping.exe.

04 Thursday Jul 2013

Posted by Slice2 in Windows

≈ Leave a comment

Tags

Windows

So you are sitting at a command prompt on a Windows 7 PC and you need to enumerate live systems on your subnet. You don’t have your normal toolbox. What’s a poor ol’ Sysadmin to do?  Try this:

c:\for /L %V in (1 1 254) do PING -n 1 your.network.%V | FIND /I “Reply”

Example:

C:\Users\me> for /L %V in (1 1 254) do PING -n 1 10.10.10.%V | FIND /I “Reply”

The output is:

C:\Users\me>PING -n 1 10.10.10.1 | FIND /I “Reply”
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255

C:\Users\me>PING -n 1 10.10.10.2 | FIND /I “Reply”
Reply from 10.10.10.2: bytes=32 time=1ms TTL=128

C:\Users\me>PING -n 1 10.10.10.3 | FIND /I “Reply”
Reply from 10.10.10.3: bytes=32 time<1ms TTL=128

C:\Users\me>PING -n 1 10.10.10.4 | FIND /I “Reply”
Reply from 10.10.10.4: Destination host unreachable.

So what does this command mean. Can I break it down for you? Sure.

1) FOR /L %variable IN (start,step,end) DO command [command-parameters]

The set (in parenthesis) is a sequence of numbers from start to end, by step amount.
So (1 1 254) would generate the sequence 1 2 3 4 5 through 254 IP addresses in a /24 and (254,-1,1) would generate the sequence (5 4 3 2 1) in reverse.

2) PING -n 1

The count “Number” of echo requests to send. In this case its 1.

3) 10.10.10.%V

This is the network (/24) I am pinging. The %V variable is the for /L %V count 1, 2, 3, 4, 5, 6->254 as described in #1 above. Its pings 10.10.10.1, 10.10.10.2, 10.10.10.3, 10.10.10.4, etc., all the way to 10.10.10.254.

4) | FIND /I “Reply”

This pipes “|” the output of the ping command to FIND, the /I tells find.exe to ignore case and “Reply” is the string you are searching for. This gives you the “Reply from” string to determine if the IP is in use for unreachable.

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Recent Posts

  • Patch Alma Linux 8.7 on an Offline or Air-Gapped System
  • HOWTO Remove /home logical volume and add that space to the root partition
  • Patch Rocky Linux 8.6 on an Offline or Air-Gapped System
  • HOWTO Install the Splunk Universal Forwarder on FreeBSD
  • HOWTO install a Splunk Universal Forwarder on Solaris 11 SPARC and x64 Using pkg(p5p) and tar
  • HOWTO install a Splunk Universal Forwarder on Solaris 10 SPARC and x64 Using pkgadd and tar
  • Recover Files from a Windows NTFS partition using Linux based SystemRescue
  • Sysmon Event ID 1 Process Creation rules for Splunk Universal Forwarder and McAfee All Access
  • Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System
  • HOWTO Easily Resize the Default LVM Volume on Ubuntu 18.04
  • Create a Docker Container for your Cisco ESA, SMA or WSA Offline Content Updates
  • Apply the Mozilla Firefox STIG to Firefox on Ubuntu Linux 18.04
  • Dynamically Resize Those Tiny BlackArch Linux Terminals and Add a Scrollbar
  • Kali Linux OVA for Air-Gapped Use Build Process
  • HOWTO install the XFCE 4 Desktop on NetBSD 8.1
  • Build a Kali Linux ISO with the latest OS patches and packages
  • HOWTO quickly STIG Firefox 59.01
  • HOWTO mount a Synology NAS SMB share on Linux with SMBv1 disabled
  • Howto safely delete the WSUS WID on Windows 2012R2
  • HOWTO quickly STIG Firefox 45.0.1
  • Completing the vSphere vCenter Appliance Hardening Process
  • HOWTO install the XFCE 4.12 Desktop on NetBSD 7
  • Enabling TLS 1.2 on the Splunk 6.2x Console and Forwarders using Openssl and self signed certs.
  • HOWTO enable SSH on a Cisco ASA running 9.1.x
  • Apply a Windows 2012 R2 Domain GPO to a standalone Windows 2012 R2 server
  • Enable legacy SSL and Java SSL support in your browser for those old, crusty websites
  • HOWTO update FreeBSD 10.1 to the latest 11-current release
  • HOWTO Secure iSCSI Luns Between FreeBSD 10.1 and NetApp Storage with Mutual CHAP
  • HOWTO install the XFCE 4 Desktop on NetBSD 6.1.5
  • HOWTO Secure iSCSI Luns Between Ubuntu Server 14.10 and NetApp Storage with Mutual CHAP

Categories

  • Cisco (2)
  • ESXi (4)
  • FreeBSD (2)
  • HP (5)
  • iSCSI (12)
  • Linux (31)
  • Nessus (3)
  • NetApp (31)
  • NetBSD (10)
  • Oracle (9)
  • Security (48)
  • Solaris (9)
  • Splunk (5)
  • VMware (19)
  • Windows (20)
  • Wireshark (4)
  • XFCE (3)

Archives

  • February 2023
  • August 2022
  • July 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • January 2021
  • December 2020
  • November 2020
  • August 2020
  • May 2020
  • September 2019
  • August 2019
  • March 2018
  • November 2016
  • March 2016
  • January 2016
  • November 2015
  • July 2015
  • June 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013

Blogroll

  • Adobe Security Bulletins
  • CentOS Blog
  • Cisco Security Blog
  • CSO Magazine
  • DHS National Vulnerability Database
  • Eric Sloof's NTPRO
  • HT SSL Tests
  • Intel Corp Security Advisories
  • Internet Usage World Stats
  • Kali Linux Blog
  • Linux Mint Blog
  • Meltdown and Spectre
  • Microsoft Security Blog
  • Microsoft Security Intelligence Report
  • Microsoft Security Research & Defense
  • Microsoft Security Response Center
  • MITRE CVE Site
  • NetApp Blogs
  • NetBSD Blog
  • Oracle OTN Security
  • Oracle Security Blog
  • PacketStorm
  • Redhat Security Blog
  • SC Magazine
  • Shodan Search Engine
  • US-CERT Alerts
  • US-CERT Bulletins
  • US-CERT Vulnerability Notes KB
  • VMware Blogs
  • VMware Security Advisories

Category Cloud

Cisco ESXi FreeBSD HP iSCSI Linux Nessus NetApp NetBSD Oracle Security Solaris Splunk VMware Windows Wireshark XFCE

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 38 other subscribers

Powered by WordPress.com.

 

Loading Comments...