Bill's Tech Tips

Helpful Tips Collected Over Time

Truncated Reply Message - Phrase Express

This is a macro I wrote that mimics the Highlight+Reply you get with Outlook for Mac or the older Entourage software. I use PhraseExpress software with an assigned hot key. {#clipboard -copy}{#sleep 100}{#CTRL {#SHIFT -chars r}}{#sleep 100}{#CTRL -chars a}{#sleep 100}{#DEL}{#sleep 100}{#ENTER -count 2}{#sleep 100} ======TRUNCATED MESSAGE====== {#ENTER}{#sleep 100}{#clipboard -paste}{#sleep 100}{#CTRL -chars a}{#sleep 100}{#CTRL -chars q}{#sleep 100}{#CTRL -chars i}{#sleep 100}{#HOME}{#sleep 100}{#CTRL {#SHIFT -chars t}}{#sleep 100}{#CTRL -chars i}

Windows Event Log Forensics

In the time of incidents, Windows Event logs provide a plenty of useful information for the Incident responder.As you know Windows can generate thousands of events in few minutes ,in this diary I will talk about some of the most useful events and in the next diary I would discuss how to use PowerShell to search for them . Here is of the most useful events for Forensics/Incident response: Event ID Description Log Name 4624 Successful Logon Security 4625 Failed Login Security 4776 Successful /Failed Account Authentication Security 4720 A user account was created Security 4732 A member was added to a security-enabled local group Security 4728 A member was added to a security-enabled global group Security 7030 Service Creation Errors System 7045 Service Creation System One of the useful information that Successful/Failed Logon event provide is how the user/process tried to logon (Logon Type ) but Windows display this information as a number and here is a list of the logon type and their explanation Logon Type Explanation 2 Logon via console 3 Network Logon, A user or computer logged on to this computer from the network.

Script to Generate Kernel Panic

This is a good tool to use to test what event cascade when a server crashes. WARNING: USE AT YOUR OWN RISK echo c > /proc/sysrq-trigger WARNING: USE AT YOUR OWN RISK Source: https://unix.stackexchange.com/questions/66197/how-to-cause-kernel-panic-with-a-single-command

Watch a site in BASH

Introduction: A quick script to watch a website to see if it remains online. Checks every one second. This is different than doing a simple ping check as it actually takes a look at the site and returns a status code. This is especially useful if you want to make sure a site is up during a critical event. The ‘watch’ command is used to execute scripts or commands at a regular intervals.

Watch a site using Powershell

Introduction: A quick script to watch a website to see if it remains online. Checks every five seconds. This is different than doing a simple ping check as it actually takes a look at the site and returns a status code. This is especially useful if you want to make sure a site is up during a critical event. while ($true -eq $true) {curl DOMAIN_NAME.COM | findstr "RawContent"; sleep 5} Or while ($true -eq $true) {curl DOMAIN_NAME.COM | findstr "StatusCode"; sleep 5} To see everything you can filter for, run this ‘curl’ command against the domain in question.