As part of the security work I’ve previously done, I keep several tools on hand when out and about for reconnaissance and data gathering. The last BSIDESROC convention reminded me about some of the tools I haven’t used in a while so I figured I’d go over what’s in the bag!Continue reading Hacker’s Toolkit (2019)
Another month, another set up changes to the network. These ones were a little more trying versus the gaming rig upgrade, however. Bit of downtime, some minor data loss, and some CPU upgrade issues. More experience, has I.Continue reading server upgrades
I’ve been using pfSense for several years now as a firewall/router for my home network. It’s always been reliable and has plenty of features I love tinkering with (VPN, internal DNS, domains, etc). It’s always been reliable until now, at least.Continue reading pfSense woes
With 2019 comes a new year and a new rig! I upgrade to a 1070 SC card recently and realized my second gen Xeon Sandy Bridge wasn’t cutting it (3.3GHz quad core, e3-1245). I was only using about 20-40% of the GPU under the heaviest load so the CPU was a massive bottleneck. It went downhill from there.Continue reading Unleash the beast: New Gaming pc
After spending some time troubleshooting this morning, I finally came across this gem hidden in the mail log: Clamav was having issues scanning emails, causing them to reject and delay.
Took a while to figure this out, but I started getting REALLY annoying notifications whenever I left my Fit2 sitting around (doing dishes, riding my motorcycle, etc) and couldn’t figure out anything to do to fix it.
“Remember to charge your gear if you’re not wearing it.”
I went through and even blocked all notifications to the Samsung Health and Gear apps completely with Android and they still occurred. Well. This was infuriating. Especially when it would hit me up at just after midnight in a dead sleep.
If you go into the Gear App, there’s a notification menu. There’s an option for:
“Only show notifications while wearing”.
I toggled this to on and I have yet to get another notification. Hopefully it isn’t just a fluke.
I should note I disabled notifications completely using Android and it still popped up, but hopefully this fixes it. Cheers!
My current job that I started last summer has been a godsend in every way possible. With this has also come some fringe benefits: Computers and hardware they don’t want. Fast forward a bit and ended up scoring a nice old Sandy Bridge Xeon and upgrade my gaming desktop!
Now my best friend has always harped about my Bulldozer CPU being a big of a slug and hurting my graphics’ performance. I didn’t pay much attention when I should have because he was right.
The new buzz words of 2017, and now 2018. You’ve all seen it. Products lining ads in webpages and flyers for Black Friday of last year touting “Google home!” and “Amazon Echo/Alexa!”.
I personally have tried a number of these basic items and have fallen in love with the simplicity of a smart home. Just don’t think about it too much or you might get a little weirded out…or a lot.
Background: Anyone who gets anywhere near INFOSEC information tends to get a little paranoid….or a lot of paranoid. This is just a side effect of knowing what you can do to own people’s information and learn about them. Email can be a weakness in this.
I encourage everyone to think about worst case scenarios related to this. What happens if your primary email account is compromised? What happens if you use it for everything? Well, then someone now can reset any account you have without Two-Factor authentication and even some with it.
Fast forward, and now we have an issue: Do you set up a throw away email for every account you have? Do you use something like ProtonMail that boasts double encryption? What if you set up your own system? Hm…..
In walks iRedMail. Opensource, beautifully simple and it just works. I don’t send many emails (maybe a couple a month at tops) and mostly use it for either news/updates, or for account information. This is good, because setting up your own email solution can get blacklisted quickly and not be able to send emails out. This is fine for me, so using a new set up works like a charm and runs off an encrypted system internally. Add to this that the website isn’t accessible via web, and we have a more solid and secure system. It’s nice getting my feet wet in these projects should other opportunities arise for freelance work as well.
Sometimes peace of mind is worth the extra effort.
I’ve wanted to use SSL for a while now on my sites to better encrypt traffic and logins on the site. Unfortunately doing this nuked my previous server and had to be restored from backups. As such…
Welcome to a new webserver!
I went through and migrated all hosts from this system to utilize SSL as default using a permanent redirect. The whole process was a bit intense at first but was extremely rewarding. Thankfully, Let’s Encrypt makes this a very simple process:
Add to this a WordPress plugin to allow everything to migrate from host to host, and some fancy internal DNS resolving and everything is now moved over and encrypted. It’s a good feeling seeing the “Secure” posted next to the URL now. Cheers!