Cheat Sheet

This is a quick “cheat sheet” for myself…


Regular Expressions (Regex)

  • inverse match (i.e. match only when substring not found
    • ((?!<substring>).)*


Windows Shell/Command Prompt

  • future use

Mounting ext4 Partitions

  • advised to use Ext2FSD (updated fork here) unless unable to (e.g. corporate/controlled laptop/desktop)
  • in an administrator-level command prompt or PowerShell session:
    • list the bare devices
      • wmic diskdrive list brief
    • mount the entire device under WSL
      • wsl --mount \\.\PHYSICALDRIVEx --bare
  • in an administrator-level WSL session:
    • create mount point if not already existing
      • mkdir -p /mnt/tmp
    • check the partition to mount
      • lsblk (look for /dev/sdxN)
    • mount the partition
      • mount /dev/sdxN /mnt/tmp
  • access the files via Windows Explorer via the “Linux” file storage pass-through



Linux Shell/Command Prompt

  • find specifically named files containing a specific string
    • find . -type f -name "<pattern>" -exec grep -l '<string>' {} \;
  • delete all files of a specific name/pattern in current and any sub-directories (without confirmation)
    • find . -name "<pattern>" -type f -delete
  • protect all files of specific names/patterns in current and any sub-directories
    • find . \( -name "<pattern #1>" -o -name "<pattern #2>" \) -type f -exec chattr +i {} \;
  • reboot into UEFI/BIOS from command line
    • systemctl reboot --firmware-setup


Mounting Devices/Remote Shares

  • mount an SMB share
    • mount -t cifs //<server>/<share> <mount point> -o rw,username='<username>',password='<password>'
  • mount an ISO
    • mount -o loop <ISO path> <mount point>
  • mount a partition, assuming supported identifiable format (e.g. FAT32, Ext3/4)
    • mount /dev/sdxN <mount point> where:
      • x is the device letter typically starting from ‘a’
      • N is the partition number starting from 0


Hard Drive Security

Manipulates drive security as per ATA spec. If drive is external, the USB-to-SATA/PCIe bridge chipset must support/pass-through ATA security commands.


  • In odd cases, a secure erase may (re)set the master password as “NULL” or drive brand (e.g. “SEAGATE” or “ADATA” or “CRUCIAL“).
  • Read and understand this before attempting anything, particularly when attempting to manipulate master passwords!
  • In all the references below, <user/master flag> is either “u” or “m” denoting user or master password
  • unlock a drive
    • hdparm --user-master <user/master flag> --security-unlock <password> /dev/sdX
  • disable security
    • hdparm --user-master <user/master flag> --security-disable <password> /dev/sdX
  • lock a drive
    • hdparm --user-master <user/master flag> --security-set-passwd <password> /dev/sdX
  • secure erase a drive (which usually resets the master password also – see above NOTE)
    • WARNING: Irreversible loss of data once command is accepted!
    • hdparm --user-master <user/master flag> --security-erase <password> /dev/sdX or
    • hdparm --user-master <user/master flag> --security-erase-enhanced <password> /dev/sdX



  • review system journal in reverse order (earliest entries first)
    • journalctl -r
  • clear journals, leaving only a 1 day’s worth (without changing the configuration permanently)
    • journalctl --flush
    • journalctl --rotate
    • journalctl --vacuum-time=1d



  • as the world moves away from the venerable ifconfig,  there is a need to continue to use ip:
    • addresses:
      • show IP addresses:
        • ip address (or simply ip a)
      • add IP address:
        • ip address add <network>/<mask> dev <interface>
      • remove IP address:
        • ip address del <network>/<mask> dev <interface>
    • routes:
      • show routes:
        • ip route
      • add default route:
        • ip route add default via <gateway>
      • add specific route:
        • ip route add <network>/<mask> dev <interface> or
        • ip route add <network>/<mask> via <gateway>
      • save (necessary to commit changes)
        • ip route save
    • links:
      • show links:
        • ip link
      • bring link up or down:
        • ip link set <dev> [up|down]


Linux GUI

  • to drop to a text console tty, press the following key combination: CTRL+ALT+F2(i.e. tty2, or other Fn combinations for other terminals)
  • to get back into the UI, switch back totty7 by pressing the following key combination: CTRL+ALT+F7



  • generate TOTP given seed:
    • python -c "import pyotp;print(pyotp.TOTP('<seed>').now())"


Python version management tends to be a PitA, so here’s some quick cheats:

  • install pyenv:
    • apt install pyenv
  • install pyenv-virtualenv:
    • git clone $(pyenv root)/plugins/pyenv-virtualenv
  • list available python versions for pyenv:
    • pyenv install --list
  • install specific python version for pyenv:
    • pyenv install <version>
  • create specific virtualenv with specific python version:
    • pyenv virtualenv <version> <venv name>
  • show pyenv versions available:
    • pyenv versions
  • set the current directory to use a specific virtualenv:
    • pyenv local <venv name>
  • reset the current directory to use default/system version:
    • pyenv local system
  • set “global” python version:
    • pyenv global <version>



  • extract specific portions of video w/o re-encoding:
    • ffmpeg -i <input> -ss <seek timestamp> -t <duration> <output>
      • -ss <seek timestamp>: the timestamp (in format) to start from
      • -t <duration>: the duration of the extracted clip (in format)
      • note that multiple -ss <seek timestamp> -t <duration> <output> can be appended to do multiple extractions in one pass
  • remove embedded closed captions from video stream (e.g. example ffprobe output below):
    • ffmpeg -i <input> -c copy -bsf:v 'filter_units=remove_types=6' <output>
        Stream #0:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p, 1920x1072 [SAR 1:1 DAR 120:67], Closed Captions, 2150 kb/s, 23.98 fps, 23.98 tbr, 24k tbn, 47.95 tbc (default)   Metadata:     handler_name : VideoHandler     vendor_id : [0][0][0][0]
  • removing or re-ordering audio and subtitle tracks:
    • ffmpeg -i <input> -map 0:v:0 -map 0:a:<index> -map 0:s:<index> -c copy <output> (assuming only single input and single video stream, all <source> entries for the -map <source>:<type>:<index> parameters is always 0)
      • -map 0:a:<index>zero-based index of the audio track (i.e. even if multiple audio streams exist, and/or the first audio track is stream #0:n, the first audio track’s index is still0); multiple entries can be used, with the new order based on the order the -map parameter appears
      • -map 0:s:<index>zero-based index of the subtitle track (i.e.even if multiple subtitle streams exist, and/or the first subtitle track is stream #0:n, the first audio track’s index is still0); multiple entries can be used, with the new order based on the order the -map parameter appears
      • any unmapped streams will be omitted in the output (i.e. if you left out the -map 0:v:0, there will be no video stream)
  • removing or switching default audio and subtitle tracks:
    • ffmpeg -i <input> -c copy <output> -dispositions:<type>:<index> 0 -dispositions:<type>:<index> default <output>
      • -dispositions:<type>:<index> 0: remove stream <index> as the default stream for <type>
      • -dispositions:<type>:<index> default: set stream <index> as the default stream for <type>
      • note that the <index> is based on the output streams  order (e.g. if placed after other -map parameters)
  • merging a single separate audio and video stream:
    • ffmpeg -i <audio stream input> -i <video stream input> -c copy <output>
      • note that this assumes both streams have the same duration, and each input file only has one audio and video stream; if there are more, or if there are other streams (e.g. subtitles), these will all be merged – if only specific streams are required, use the -map parameters
  • changing/deleting the metadata on entire file and individual streams:
    • ffmpeg -i <input> -metadata <tag>="<value>" -metadata <tag>=""-map 0:v:0 -metadata:s:v:0 <tag>="<value>" -map 0:a:0 -metadata:s:a:0 <tag>="<value>" -map 0:s:0 -c copy <output>
      • note that in the above example format, only the main metadata, video and audio streams “0” require metadata changes/deletions, i.e. any -metadata parameters apply only to the preceding -map and if placed before any -map, applies to the main metadata



  • encode a string using AES and a password:
    • echo -n "<string>" | openssl enc -e -pbkdf2 -aes-256-cbc -a -nosalt
  • decode an AES-encoded string (from above) using a password:
    • echo -n "<encryptedstring>" | openssl enc -d -pbkdf2 -aes-256-cbc -a -nosalt


SSL/TLS Certificates and Server Connections

The following section/s shows some commands to obtain the data as per section heading.

  • grabbing certificate chain
    • openssl s_client -showcerts -connect <server:port>
  • testing TLS version
    • openssl s_client -connect <server:port> [ -tls1 | -tls1_1 | -tls1_2 | -tls1_3 ]
    • empty result likely shows the server does not support said TLS version, example:
      % openssl s_client -connect localhost:443 -tls1_3
      no peer certificate available
      No client certificate CA names sent
      SSL handshake has read 7 bytes and written 241 bytes
      Verification: OK
      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent
      Verify return code: 0 (ok)
  • testing accepted ciphers
    • nmap -script ssl-enum-ciphers -p <port> <server>
  • testing for EV (Extended Validation) certificates
    • run the following command to retrieve the OIDs from the Policy:
      • echo | openssl s_client -connect 2>&1 | openssl x509 -noout -ext certificatePolicies
    • subsequently, taking the OID, check with either:
      •<OID> or
      •<OID less last decimal/leaf node>
    • examples: