All posts by Dan

Graduate of Rochester Institute of Technology’s Applied Networking and Systems Administration program. Currently working as a Senior Security Analyst at one of the top US research Universities in the Northeast. Areas of interest: sysadmin, automating tasks, web application testing, working with hardware, and making already available tools work for unique, specialized situations. Main systems: Windows 7, Mac, Backtrack, vSphere lab, OpenIndiana storage.

Off grid solar: Introduction and Parts

And now for something different. This will be a multi part series of how I designed and constructed a small scale solar setup with LiFePO4 batteries, all-in-one charge controller/inverter, and 8 solar panels to run some small circuits in the house without needing the grid. This is an experiment to determine just how autonomous I can be with a small scale setup before moving to a new house in a few months and installing a larger system. We use a pretty small amount of electricity in general and I’m hoping this small system will take about 1/4 or more off our electricity bill as well as provide some resiliency in the case of a grid outage.

I am going to discuss my parts list and the choices I made, capacity testing and matching the battery cells to make a well-balanced pack, safety, and wiring it all up. Then if I can figure it out, I will be writing and releasing light weight data logging and control software for the inverter/charge controller to run on a Raspberry Pi, since everything I read says the Windows software is buggy and does not data log well.

And now – on to the parts list!

Increasing Applications and Services Event Logs size With regedit and GPO

Event logs contain important information for use in troubleshooting and information security investigations. Infrastructure and security teams should make make a conscious decision about retention of their important event logs so data is available on an endpoint when needed. The easiest way to set retention is to specify a max file size for the event log. After reaching this size, the oldest events will be overwritten with new.

Setting the max size of the standard Application, Security, Setup, and System event logs via GPO to standardize the settings across a domain is easy. But setting the max size for other logs, such as those under Applications and Services Logs → Microsoft within Event Viewer, is not as straight forward.

Continue reading Increasing Applications and Services Event Logs size With regedit and GPO

Upload to Amazon S3 from Powershell v2

Powershell v2 lacks many of the commandlets that we have come to know and love on more modern versions. Every now and then, you just have to do something on Windows 7 and you can’t update Powershell.

Below is an example script to PUT a file to an Amazon S3 bucket using Powershell v2. The missing functionality is the ability to set the “Date” HTTP header when using [System.Net.HttpWebRequest]. Even though the docs state that it should be settable, it is not. The Date header is required for AWS to validate the client generated signature. Continue reading Upload to Amazon S3 from Powershell v2

Convert Windows Event Log .evtx to .csv

In my day job doing incident response, I find myself looking at a lot of Windows event logs. And I don’t know about the rest of you, but I do not find eventvwr.msc to be very user friendly to navigate and filter large files. If you are a XPATH master then sure, it’s probably just fine for you. I, however, am not.

I instead prefer to use the best incident response tool ever created – Microsoft Excel. Sorting, filtering, and searching is a snap!

Continue reading Convert Windows Event Log .evtx to .csv

dnscrypt-proxy as a forwarder for BIND

I’m always looking for ways I can add layers of encryption and security to my network and I recently came across the DNSCrypt project created by OpenDNS. This toolset and infrastructure encrypts DNS queries from your machine or network so that your ISP can’t snoop on them. I decided to set up dnscrypt-proxy as a forwarder on my home router so that all DNS traffic leaving my network is encrypted.

Continue reading dnscrypt-proxy as a forwarder for BIND

Review your Google account for suspicious activity

After the massive phish targeting Google accounts this week, I’ve had some people ask me how to make sure their Google account is secure. Luckily, Google has built in some great features that help you assess your account security and keep it safe.

If you suspect someone has hacked your account, just changing your password is not enough. There are ways a hacker can maintain access to your account even after you change your password. Follow the below steps to review the state of your account.

Continue reading Review your Google account for suspicious activity

picam – Raspberry Pi battery powered timelapse camera – part 2 – software

In part 1 we covered the hardware setup of my Raspberry Pi based timelapse camera. Now we tackle the software.

Features

  • Configurable image capture interval.
  • Images are stored on a USB flash drive for easy retrieval.
  • Only takes pictures during the day. Daytime is determined by the awesome sunwait utility that calculates sunrise and sunset based on latitude and longitude.
  • The image capture script can be bypassed by flipping a switch connected to GPIO so you can boot into the OS.
  • A log is written to keep track of battery voltage over time.
  • The script is updated from the USB flash drive on every boot so you don’t need to manually boot into the OS every time you want to tweak the interval. Simply update the script on the flash drive and on second boot, you’ll be running the new code.

The couple scripts are written in bash and are available in my github here: https://github.com/dewoodruff/picam

Continue reading picam – Raspberry Pi battery powered timelapse camera – part 2 – software

picam – Raspberry Pi battery powered timelapse camera – part 1 – hardware

Timelapse cameras are fun. I’ve done a few timelapse videos (like this one with a really crappy webcam driven by an original Eee PC laptop) and I have some ideas for other long term videos in the future, so I wanted a higher quality, more autonomous setup. My requirements:

  • Waterproof so I can strap it to a tree for a few weeks
  • Long battery life, so I can strap it to a tree for a few weeks
  • Infinitely configurable delay between images depending on my goal for the video
  • Easy to retrieve the images from it
  • Don’t take pictures over night, because I’m lazy and don’t want to manually weed out black pictures. Sleeping over night means more battery life and less storage used too.

A Raspberry Pi seemed like a perfect platform. They are low power, they have camera module support, they’re small, and they’re cheap. With some extra hardware and scripting I can also turn it off between pictures to save even more power.

Here’s how I built it. Part 1 is the hardware setup and part 2 is the software.

Continue reading picam – Raspberry Pi battery powered timelapse camera – part 1 – hardware

Logrotate with alternate compression tool such as pigz

Logrotate is a versatile tool for rotating logs. When logrotate is configured to rotate a set of logs using the ‘compress’ command, by default the gzip utility will be used. gzip is a good utility but you may have a need to use something else. My need is:

  • Multi-gigabyte files need to rotate hourly or daily
  • Rotation and compression was taking several minutes per file
  • My CPUs were mostly idle

My solution was to use the pigz compression utility coupled with logrotate. pigz performs multithreaded gzip compression so some of the idle CPUs could be put to work. Here’s how to do it:

Continue reading Logrotate with alternate compression tool such as pigz