UniFi Tutorials

Unifi Cloud Controller Adoption

In this Tutorial I will be showing you how to adopt New Unifi Devices to your Unifi Cloud Controller.

We will first start off by:

  1. Download and install Google Chrome.

  2. Download, install and run within Google Chrome the Ubiquiti Device Discovery Tool 

  3. Next Click: [Scan] and wait for your devices to show up.
    • Note: Make sure network discovery is enabled on your computer.

  4. Afterwards click on [Unifi Family] on the top right corner.

  5. You should now see the [Action] Button next to all the devices.

  6. Click [Action].

  7. In this popup window change the “Inform URL” to your Unifi Controller’s set-inform URL
    • Make sure to use a DNS name instead of an IP address. 
    • Make sure to use http:// instead of https:// and use :8080/inform, at the end of the domain, example: http://unifi.patrickdomingues.com:8080/inform.

  8. Log into your Unifi Cloud Controller and create your new site if needed. You should notice
Read the rest
UniFi Tutorials

How To Enable UniFi Controller MFA

In this Tutorial we will show you how to enable MFA for the UniFi Controller and once it is setup correctly you will be presented with the MFA login.

We will first start off by:

  1. Creating an account on Ubiquiti’s website https://account.ui.com/. Make sure to use the same email address that you are going to use for the Controller.

  2. Then follow these steps https://help.ui.com/hc/en-us/articles/115012986607-How-to-Enable-Two-Factor-Authentication#2

  3. Now log into your controller and go to Enable Settings > Remote Access > Local login with UBNT account on your UniFi server.

  4. Afterwards within your controller and create your admin account using the same exact username, email, and password as your UI account.

  5. Log out and then when you log in directly to UniFi you will be prompted for MFA
Multi Factor Authentication Login Screen
Read the rest

CISA Alerts in Ongoing Ransomware Exploiting Vulnerabilities in RDP and VPNs

The DHS Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding an on going Nefilim ransomware campaign, after the New Zealand Computer Emergency Response Team (CERT NZ) issuing an alert as well.

CISA Alerts Ransomware

Nefilim ransomware is the successor of Nemty ransomware and was first discovered in February 2020. The developers of the ransomware conduct their own attacks and deploy the ransomware manually after gaining access to enterprise networks.

Once an attacker gains a foothold through the remote access system, they then use tools such as mimikatz, psexec, and Cobalt Strike to elevate privileges, move laterally across a network, and establish persistence on the network.

The attacker identifies and extracts sensitive information from the network and encrypts files. Nefilim ransomware has commonly been used, but other ransomware can also be used. Once the attacker has the information they want they attempt to sell or publicly release the information.

Ransomware Mitigations

Read the rest

Kaseya Script for Windows Disk Cleanup

Aren’t you glad you stumbled upon this Kaseya Script for Windows Disk Cleanup? This Windows Disk Cleanup script for Kaseya cleans up everything from windows.

What does it do?

I am glad you asked. The script uses the Kaseya scripting engine to apply the options below to the registry and afterwards the script will run a CMD to run the specific Disk Cleaner Settings Profile we created to clean up all the junk.Windows Disk Cleanup Kaseya Script

  • Active Setup Temp Folders
  • BranchCache
  • Downloaded Program Files
  • GameNewsFiles
  • GameStatisticsFiles
  • GameUpdateFiles
  • Internet Cache Files
  • Memory Dump Files
  • Offline Pages Files
  • Old ChkDsk Files
  • Previous Installations
  • Recycle Bin
  • Service Pack Cleanup
  • Setup Log Files
  • System error memory dump files
  • System error minidump files
  • Temporary Files
  • Temporary Setup Files
  • Temporary Sync Files
  • Thumbnail Cache
  • Update Cleanup
  • Upgrade Discarded Files
  • User file versions
  • Windows Defender
  • Windows Error Reporting Archive Files
  • Windows Error Reporting Queue Files
  • Windows Error Reporting System Archive
Read the rest

Recent Plex Vulnerability Allows Full System Takeover

Recently it was found that Plex had a vulnerability that allowed hackers to do a full system takeover. 

The three vulnerabilities that were found are CVE-2020-5740CVE-2020-5741, and CVE-2020-5742 which was detected by Tenable security researcher Chris Lyne and reported to Plex on May 31st.

If hackers are able to exploit this vulnerability they could execute code to gain access to all files, create backdoors and even move to other devices on the network.

Phishing for Plex Media Server Tokens (CVE-2020-5742)

Update to the latest version

Make sure that you are not vulnerable, log into your plex server and update right away.

“We have rolled out a change in our update distribution servers. This change will protect Plex Media Server version 1.18.2 or newer,” the Plex Security Team said. “Plex Media Server installations older than 1.18.2 will still be exploitable and we highly encourage users on older

Read the rest

Amazon Phishing Emails Are Running Rampant

Amazon phishing emails are running rampant. These hackers are using these types of phishing emails to try and gain access to your account and information and use it to purchase items with.

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS 

New Amazon Phishing Email

  • Don’t ever open random attachments.

Always Review Incoming Email Address

  • In this case the email address is completely random and not coming from a verifiy
Read the rest

Russian Sandworm Exploiting Exim Mail Servers

It has been found by the NSA that the Russian Spy Group called BlackEnergy is actively exploiting Exim mail servers with Sandworm.

The Exim mail server flaw can be exploited using a email containing a modified “MAIL FROM” field in a Simple Mail Transfer Protocol (SMTP) message. The Russians have been exploiting unpatched Exim servers since at least August, according the NSA’s advisory.

Once Sandworm compromises a target Exim server, it subsequently downloads and executes a shell script from a Sandworm-controlled domain to establish a persistent backdoor that can be used for reconnaissance, spying on mail messages, lateral movement and additional malware implantation.

“This script would attempt to do the following on the victim machine: Add privileged users; disable network security settings; update SSH configurations to enable additional remote access; and execute an additional script to enable follow-on exploitation,” according to the NSA.

Exim admins should update their MTAs … Read the rest

Microsoft Patched 100 Vulnerabilities

Microsoft has pushed a hefty list of Patches on Tuesday to fix over 100 Vulnerabilities and 16 CVEs making the critical list.

This is actually the thrid mont that Microsoft has pushed over 100 vulnerabilities patches. May’s list does not contain any vulnerabilities currently being exploited in the wild, which is a good thing.

Make sure that you are always patching your systems.

Read the rest

Sophos XG Firewall Vulnerability

Hackers have been targeting Sophos XG Firewall due to the Zero-Day exploit that allows hackers to inject the Asnarok Malware.

Sophos said in their blog. “The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN, SPX Portal) to the WAN zone that shares the same port as the admin or User Portal were also affected.”

What was compromised?

It was found that the data impacted on the firewall was all local usernames and hashed passwords of any local user accounts. This would mean, local device admins, user portal accounts, and accounts used for remote access. However the passwords associated with external authentication like Active Directory (AD) or LDAP were not compromised.

Have I been compromised?

Well Sophos best practice is to make sure the firewall … Read the rest

Is OpenDNS Umbrella HIPAA Compliant?

So the question your asking Is OpenDNS Umbrella HIPAA Compliant? Surely OpenDNS Umbrella and its software client is questionable, right? Is this a breach of HIPAA Compliance? 

Lets Review The Basics…

Lets go back to the basics, OpenDNS is a company and service that extends the Domain Name System by adding features such as Logging, phishing protection, malware protection and content filtering in addition to DNS lookup, if its DNS servers are used. So knowing this it already seems to be better than Comcast DNS of 75.75.75.75 or Googles DNS of 8.8.8.8. Open DNS Umbrella actually provides something of value. 

Let’s look at exactly how a DNS request works.

  1. A DNS request starts when you try to access a computer on the internet. For example, you type PatrickDomingues.com in your browser address bar.
  2. The first stop for the DNS request is the local DNS cache. As you access different computers,
Read the rest

Stay Informed

Receive instant notifications when new content is released.