My book about Oracle Solaris 11 Advanced Administration

Dear friends, how are you? This time the post is about my new book about Oracle Solaris 11 Advanced Administration that was published in October/10 on Amazon in the following link:

Additionally, you can download a free chapter from the publisher website:

Some very important points about the book follow:

  • During the writing process, I chose to use a massive and intensive practice experience, which every recipe begins with a simple introduction and the remaining theory is presented across the practice in an interleaved way.
  • There is a proportion of 85 percent of hands on procedure to 15 percent of theory because I want to write a useful book and I used a process very similar to my articles on OTN.
  • For almost each command, there is a following output to make your reading better.
  • Specialists in Oracle Solaris such as Mark Round, Darryl Gove, Hosam Al Ali and Johnny Trujillo revised the Oracle Solaris 11 Advanced Administration book.
  • All recipes were tested to try to prevent errors and misunderstandings.
  • The book assumes a basic experience with Oracle Solaris.

If you have some free time, look inside the book on Amazon website or download the free sample chapter from PacktPub publisher.

Sincerely, I hope you enjoy this book as well I enjoyed writing it.

Have a nice day.

Alexandre Borges.


PS: It follows the TOC (Table of Contents):

Preface    1

Chapter 1: IPS and Boot Environments    7

Introduction    8

Determining the current package publisher    8

Listing and collecting the information and dependencies of a package    9

Installing a package, verifying its content, and fixing package corruption    13

Managing IPS history and freezing and uninstalling packages    17

Discovering the IPS Package Manager interface    20

Creating, activating, and destroying a boot environment    22

Listing and renaming a boot environment    24

Configuring an IPS local repository    26

Configuring a secondary IPS local repository    32

Publishing packages into a repository    34

Adding big applications into a repository    37

Creating your own package and publishing it    42

Managing an IPS publisher on Solaris 11    56

Pinning publishers    58

Changing the URI and enabling and disabling a publisher    59

Creating a mirror repository    61

Removing a repository and changing the search order    62

Listing and creating a boot environment    63

Mounting, unmounting, installing, and uninstalling a package
in an inactive boot environment    64

Activating a boot environment    66

Creating a boot environment from an existing one    68

References    71

Chapter 2: ZFS    73

Introduction    74

Creating ZFS storage pools and filesystems    74

Playing with ZFS faults and properties    79

Making a ZFS snapshot and clone    85

Performing a backup in a ZFS filesystem    90

Handling logs and caches    96

Managing devices in storage pools    101

Configuring spare disks    108

Handling ZFS snapshots and clones    112

Playing with COMSTAR    116

Mirroring the root pool    131

ZFS shadowing    134

Configuring ZFS sharing with the SMB share    138

Setting and getting other ZFS properties    145

Playing with ZFS swap    152

References    157

Chapter 3: Networking    159

Introduction    159

Playing with Reactive Network Configuration    160

Internet Protocol Multipathing    174

Setting the link aggregation    190

Configuring network bridging    198

Configuring link protection and the DNS Client service    207

Configuring the DHCP server    216

Configuring Integrated Load Balance    221

References    234

Chapter 4: Zones    235

Introduction    235

Creating, administering, and using a virtual network in a zone    238

Managing a zone using the resource manager    247

Implementing a flow control    277

Working with migrations from physical Oracle Solaris 10 hosts
to Oracle Solaris 11 Zones    280

References    292

Chapter 5: Playing with Oracle Solaris 11 Services    293

Introduction    293

Reviewing SMF operations    295

Handling manifests and profiles    306

Creating SMF services    320

Administering inetd-controlled network services    334

Troubleshooting Oracle Solaris 11 services    338

References    342

Chapter 6: Configuring and Using an Automated Installer (AI) Server    343

Introduction    343

Configuring an AI server and installing a system from it    344

References    370

Chapter 7: Configuring and Administering RBAC and Least Privileges    371

Introduction    371

Configuring and using RBAC    372

Playing with least privileges    386

References    392

Chapter 8: Administering and Monitoring Processes    393

Introduction    393

Monitoring and handling process execution    394

Managing processes’ priority on Solaris 11    407

Configuring FSS and applying it to projects    409

References    415

Chapter 9: Configuring the Syslog and Monitoring Performance    417

Introduction    417

Configuring the syslog    418

Monitoring performance on Oracle Solaris 11    427

References    451

Index    453

Mimikatz and Metasploit

Readers, good morning. How are you? It follows a very simple document about Mimikatz and Metasploit:

Finally, as my life is gradually returning to normal, soon I will start two series of articles (from scratch): Windows Debugging and Volatility. Stay tuned!

Have a nice day.

Alexandre Borges


Volatility 2.4 Cheat Sheet and the best paper from DFRWS 2014

Hello people, how are you? Unfortunately, I am away from the blog because my crazy work, but I will be back soon. For now, it follows a simple link to the Volatility 2.4 Cheat Sheet:

Additionally, it follows the best paper from DFRWS 20014, which was written by Golden G. Richard III and Andrew Case:

I hope you are fine and have a nice day.

Alexandre Borges.


Volatility – Official Training in Sao Paulo, Brazil – Complementary Information

Dear readers, good evening.

I have been talking to Michael Ligh (from Volatility team) and some new information follows:

During the course in Sao Paulo/Brazil, you will learn a massive amount of information. It follows some items (there are more than 70 topics!):

  • Volatility Internals
  • Interactive Memory Analysis with Volshell
  • Process DKOM and Cross-View
  • Analyzing a Client-Side Drive by Download
  • DLL Hijacking
  • API Hooking
  • Repairing Rootkit PE Headers for Static Analysis
  • Kernel Hooks
  • Registry in Memory
  • Anti-Forensics

The full agenda can be required sending a message to

The prerequisites are listed on the following page:!memory-forensics-training/c1q3n

If the attendee want to look over online evaluations about the course, it follows some links:

The course’s costs are (all USD)

  • $3800 USD for each regular attendee
  • % discounts off the regular price for groups of two or more from the same company
  • $1800 USD for full-time students in a forensics or security field

The course’s material (lessons guide, lab guide, etc.) follow in a summarized form:

  • 5 days (40 hours) of training, including lecture and hands-on labs Training book
  • Hard copy of the presentation materials Electronic lab guide with questions and answers to all hands-on exercises USB stick with Volatility logo, with memory dumps, evidence files, and malware samples
  • A pre-built VMware image running Linux configured with Volatility 2.4 Exclusive access to bleeding-edge Volatility plugins before they are released publicly Personalized course completion certificate with 40 CPE credits
  • Opportunity to enroll in the Volatility Training Alumni mailing list Discounts on industry-leading memory acquisition software such as KnTDD

More details about the course’s material can be viewed on!memory-forensics-training/c1q3n

The email for payment is

The Volatility team handle registrations in two ways:

  • credit cards through (invites are sent privately once attendees contact us through the provided email address)
  • bank wire transfers

Additionally to official email address above, I’ve made an email account for questions about the Volatility training in Brazil: I will try to answer the questions and I will forward messages to Volatility team when necessary some additional help.

A last and very important information: the Volatility course will be taught by Jamie Levy, Andrew Case and Michael Ligh.

I hope you like the training about the best tool for Forensic Memory Analysis of the world: Volatility.

Have a nice day.

Alexandre Borges


Playing with ZFS Snapshots in Oracle Solaris 11.1

Dear friends, it follows my new article about ZFS on OTN:

I hope you like it. Have a nice day.

Alexandre Borges


Volatility – Official Training in Sao Paulo, Brazil

My friends, how are you? Finally, I can tell you a good news: next year (February, 02nd 2015), it will be available, in Sao Paulo, a training for forensic professionals about the most impressive, outstanding and incomparable forensic memory analysis tool of the world: VOLATILITY.

Michael Ligh, Jamie Levy and Andrew Case (The Volatility’s developers) are going to be in Sao Paulo for teaching a full week training (40 hours) about the Volatility. After having exchanged several messages (since March) with Michael Ligh, now everything is OK and this course is scheduled.

The official pages about the course follow below:!New-Event-in-So-Paulo-Brazil-Feburary-2nd—6th-2015/c1zo4/BFB221C1-986F-4839-BD6A-D61FFAAFFFD0!memory-forensics-training/c1q3n

For now, my recommendation it’s to buy the newly published book (912 pages!) from Volatility team:!amf/cmg5

As Michael, Jamie and Andrew usually teach this course only in big events such as Black Hat, it’s a unique opportunity for learning Volatility by their developers.

Have a nice day.

Alexandre Borges.


Finding modified, accessed and created files with macmatch.exe

People, good morning. How are you? Do you know how to discover what files changed between two defined dates ? Use macmatch.exe tool:

Have a nice day.

Alexandre Borges