Forwarding Ubiquiti Cameras Over WAN / Double-NAT

I’ve had to do this at a job recently that had to monitor access to sensitive offices and vaccines. This works internally (with a double-NAT) or over WAN with a change or two

Essentially, the steps are:

1) Setup camera with static, local IP

2) Login to camera and configure NVR IP as the WAN IP of the UDM Pro / NVR

3) Login to UDM Pro and configure WAN Local Firewall Rule to allow all traffic from static IP you set in Step 1 (if going over WAN, use WAN IP of location with Ubiquiti camera)

4) Login to Protect app in UDM Pro, add camera

Deleting Emails from Gmail or G Suite Mailboxes

Since being thrust into using GSuite / Google Workspace, I found the GAM tool on Github incredibly valuable.

We recently have a spear-phishing attack sent to a number of users in finance pretending to be the CFO. I was able to test and then remove all the emails from users mailboxes by using the following command:

gam all users delete threads query from:[xyz]@gmail.com doit

You can read more on the command here.

Allow External Senders to Email Google Group

I encountered this one recently. Google doesn’t make it simple (or clear) how to allow external people to send emails to a Google Group (which most people use as the equivalent of a distribution list / Office365 group).

In Google Admin, navigate to the Google Group and check off “Allow” (a checkmark) where Publish Posts and External intersect (seen below with the number 1 in red)

That’s it! External users will now be able to email the group.

Audit Error – Office365

Recently, I was trying to perform an audit search on an Office365 organization and found auditing wasn’t enabled. When I tried to do it straight from the audit screen, I encountered this error:

Sorry! We couldn’t update your organization settings. Please try again.

I went straight to PowerShell and ran Get-AdminAuditLogConfig | FL Unified* and it was not enabled.

To resolve this, I ran Enable-OrganizationCustomization 

And then I ran the Powershell command Set-AdminAuditLogConfig – UnifiedAuditLogIngestionEnabled $true

And that did it!

ESXI Error: Could not find a trusted signer: certificate is not yet valid

It’s been a while and there is plenty of reasons for that, but namely… I got a new job!

Anywho, here is a good one I encountered when trying to update an ESXI host.

Could not find a trusted signer: certificate is not yet valid

Failed to setup patcher for upgrade

Full error and command

I hadn’t used this host in a hot minute and one thing I know is that SSL Certs are time/date-based. I took a look at the date and time in ESXI and lo and behold found an incorrect date.

The incorrect date!

After setting the correct date, I re-ran the command and the ESXI update completed successfully. I also set the server to use NTP so this doesn’t pop up again.

Enable / Allow Sending From an Alias in Office365

The long-requested ability to send emails from an alias in Office 365 has been finally released!

When you use an alias to send an email, the From and Reply to field for the recipient will appear to be the alias meaning the recipient will only see the alias and not your primary email address.

To make this happen, simply login to your Office365 tenant via Powershell and run the following command:

Set-OrganizationConfig -SendFromAliasEnabled $true

That’s it! Within a few minutes it should begin working.

To send from the alias, make sure you are showing the From field by clicking Options > From, shown below

Voila!

More information can be found on Microsoft’s website

Testing Office365 Mail Rules

Recently I had to implement a tag for external emails. However, I wanted to test it out first and see what would be tagged.

I created my rule and set these settings:

Audit this rule… should be checked off but can be set to “Not specified” while the mode should be Test without Policy Tips.

Ok the rule.

Wait a day, then go to to the Reports section of Office365 Security & Compliance Center. On the Dashboard, click on the Exchange transport rule section.

Once there, click the dropdown for “Show data for” and choose your transport rule. This will only list transport rules where you have checked off Audit this rule with severity level: . No matter the setting, that must be checked off or you won’t see results here!

That’s it. Filter by sender, date, etc. and you’ll see the emails affected by the rule. Happy hunting!

Using the New Exchange Admin Center (2020 Edition)

I’ve noted this as the 2020 edition because simply… Microsoft loves to change their GUIs and portals. If you’ve worked with Office365 for a long time, you can remember the BPOS days and all the subsequent portals.

Anywho, the link for Exchange Admin is more in-line with the Sharepoint and Teams admin portals and is easier to remember: https://admin.exchange.microsoft.com/

As of this writing, it’s… pretty blank when you arrive there. You can still run message traces through here. One of the bigger changes is they’ve combined User and Shared Mailboxes under Mailboxes and put distribution lists and Office365 groups under Groups. Resource Mailboxes are under Resources.

As of now, I still work out of PowerShell or the old admin center. This will probably be finished by late next year… just in time for the next version of the EAC to apprear.

Getting Inbox or Mailbox Rules in Office365 via Powershell

First, login to your tenant via Powershell using Microsoft’s new Exchange V2 Powershell module.

We’re going to be using the Get-InboxRule commandlet. If you run it outright, you’ll see a limited list of Inbox rules across your tenant. To narrow things down, you can use Get-InboxRule -Mailbox [user] to get rules for a specific user. Using the -Identity parameter will not work for this! Identity is for specifying specific Inbox rules. You can use wildcards, so you could do Get-InboxRule -Mailbox jeff*

The results will be:

From here, you can use the -Identity parameter to get information on specific rules such as their date of creation, what they actually do, and more!

Check it out.