I am pretty sure one of our consultants has this Osprey Comet. Looks decent! Wow, the Technonaut looks more like a travel bag than an everyday carry, and man, 400 bucks? And I thought my Veto Pro Pac was expensive.
My Personal Backup Strategy
New article: My Personal Backup Strategy
Feedback is welcome!
#backup #borg #syncthing
Those bags are looking great! Having enough space for tools and a big water bottle. Cheers
It seems that I have to drive more often to the office again. Any bag recommendations? What is your favorite brand/ model?
iperf3 - User Authentication with Password and RSA Public Keypair
I've been a little bit inactive. Trying to change it again. Most recent article.
So, let's assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I'd assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?
What are your high-prio things that every company should have? Is there even a framework for it?
Feeling kinda lost and I hope you get some guidance in the right direction.
read.brrl.net - New FreshRSS Service
Set up new #FreshRSS instance for now. I want to read more and stay up to date on certain topics and I figured I could give RSS another chance. Stays invite-only for now, but feel free to hit me up if you want to have an account.
TryHackMe - c4ptur3-th3-fl4g - Write Up
IT Forum - forum.ittavern.com
Focus on decoding unknown strings.
Testing a few CTF platforms to learn more about pentesting. It is interesting, but the learning curve is quite steep.
TryHackMe - Crack the hash - Write Up
IT Forum - forum.ittavern.com
Not gonna lie, wasn't that fun. Learned a lot, but felt lost multiple times. Probably gets better over time.
IT Forum - forum.ittavern.com
Doing some rooms on TryHackMe. Decided to create a write up of one room. Have to work on the format, but it should be fine for now.
Feedback is welcome!
To make it quick, I wish I had known about port forwarding and tunneling earlier. With this blog post, I try to understand it better myself and share some experiences and tips with you. Topics: use ca
I think I've never share one of my favorite articles with you.
Creating this was great and it has been a great resource ever since. I use SSH tunnel a lot in troubleshooting sessions and security demonstrations.
forum.ittavern.com is online and you are welcome!
I am pleased to announce the launch of: forum.ittavern.com
More information can be found in this thread, but in short I miss the forum culture and want to create an open-minded and sustainable community.
I welcome you and look forward to great discussions.
There is no trash can for the Linux CLI. rm removes the data permanently, and there is practically no way of recovering deleted files reliably. trash-cli fills this role and lets you 'trash' files and
New logo, new design, lower loading time
I am happy to share with you the new design of my blog.
New logo, new thumbnails, lots of CSS changes and everything is now hosted in a German DC.
The goal was to create a clean design and reduce the loading time even further.
Feedback is welcome.
New service - send.brrl.net
Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.
Sending files over the internet. Been a pain in the past and I finally decided to host my own instance. It should be 'production' ready, but let me know if you encounter any problems.
Currently using HedgeDoc for taking notes, but it is lacking some features, so I am trying to find and host some alternatives and compare them. And I hope I can find some time to play with my Flipper Zero....
Reacting to "It's the network" allegation
So, every network engineer knows it: everyone else will blame the network and you have to prove them wrong.
There are multiple reason:
- lack of knowledge
- ignorance
- passing on responsibility
- laziness
- ... There are more.
I am interested in how you react to 'The network is causing the problems' requests.
- do you request certain information?
- need an explanation?
- what are you first steps?
- do you have a runbook or some policy in place?
---
Without getting into too much detail, I request some or all of the following information before I start looking:
- what are they trying to do? What is the desired outcome?
- what is the error message? *(pref a screenshot!) *+ timestamp (for logs)
- has it ever worked before?
- since when isn't it working?
- can you resolve domains?
- Source Host > Destination Host:Port
- Results of Ping + Powershell Test-NetConnection on Windows and Netcat on Linux (to test general connection, assuming TCP connection)
What I ask for and in what order depends on the person I am talking to. By the way, monitoring is my friend. If it says everything is fine, it usually is.
Side note Describing the actual proof that it is not the network depends heavily on the infrastructure and the problem, so this may be a discussion for another thread.
---
What are your first steps?
There are various implementations. I am using nmap-ncat on rockOS 8 on both hosts. Netcat's using TCP by default and this test is not limited by disk I/O from what I understood. That said, it is not
A quick & dirty solution that is available on most Linux hosts.
ntfy.brrl.net - Device Push Notifications
ntfy lets you send push notifications via scripts from any computer or phone. Made with ❤ by Philipp C. Heckel, Apache License 2.0, source at https://heckel.io/ntfy.
I've decided to self-host yet another service. This time it is NTFY. Simple HTTP based push notifications for your devices.
https://ntfy.brrl.net/
Feel free to use it. Feedback is welcome.
I use it to notify me about successful logins on one of my servers, failed backups, results of cron jobs and so on. One simple HTTP request is all you need.
A free and open-source online collaborative drawing tool. Sketch new ideas together on WBO!
Sometimes I just need a simple whiteboard for troubleshooting or brainstorming sessions. I've decided to self-host a whiteboard with collaboration function. I am going to give whitebophir a try.
Feel free to use it too!
- free
- no ads
- no tracking
---
Disclaimer: the data is not encrypted and I - as provider - could look into them.
Not optimal for permanent boards as I plan to reset it once a month (not sure yet).
rsync is a CLI tool that covers various use cases. Transfering data, creating backups or archives, mirroring data sets, integrity checks, and many more. Reference for this article: rsync version 3.2.
Rsync is one of my most used tools and I am happy to share this guide with you. I've learned a lot doing the research and I hope to share some tipps with you.
Does fortigate not have a form of DMVPN like Cisco?
ADVPN (Auto-discovery VPN) seems to be the equivalent. https://docs.fortinet.com/document/fortimanager/7.2.0/single-datacenter-for-enterprise/282533/advpn
Just curious why ISP/third party MPLS? Purely interest.
I guess it was easier at some point? - Taht was way before my time there. But we are going to replace the MPLS part with simple internet-breakout points on location and the the rest with SDWAN.
Also, did you find this purely from user complaining or have monitoring tool?
Purely from users complaining and other departments getting frustrated about why their stuff was not working (e.g. Citrix). The new FW had to be installed in a short time and 'everything' worked fine at first. Problems only occurred after some load was put on the network. We failed - as in network dep - by NOT doing a stress/limit test of the network and finding this problem immediately, and NOT implementing some kind of monitoring that would have notified us of all those lost packets and connections. We caught up, but we should have done it in the first place, because it is necessary.
I’m assuming using third party was supposed to offload the work/config from you?
Do you mean the ISP/MPLS provider? - If so, not really.
'Networking' community is back
Thanks to Jerry for bringing this community back to life. I'll be playing moderator for a while and may tweak the design a bit.
Enjoy!
In this article, I'll use Ubuntu 22.04 (Debian-derivative) and rockyOS 9.2 (RHEL-derivative) as references. If it is not mentioned, commands are the same for both systems. Basics # Cron jobs are sched
I want to get into Ansible and I am building a testing env for it - home lab with various switches and routers, Fortinet, Palo, and a proxmox host server and some remote VPS. One of my goals for Q1 '24. Today I am going to prep the switches.
Besides that, I want to host my own NFTY server and I hope that I can get it online within this week.
I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?
- Vuln-Scanner
- Logging/ SIEM-Server
- ...
public key authentication ... is king.
I agree that port knocking won't replace any other hardening method, but I thought I'd look into it since it gets recommended so often. Not a big fan either.
Learning things about Wireguard and implement it to secure my internet facing servers.
Being using rsync and borg for backups, but rclone is a great alternative and has even more functions.
Yeah, after more testing, we can say that the second IPStunnel was the issue. Re-worked the route over a single tunnel and the whole 100 Mbps are available again. Users are happy, I am happy. Even tho a little bit frustrating.
Thank you for your input!
I fully agree. Those tools are so useful! - But, not too familiar with s_client - will look it up.
Thank you for letting me know. It seems that adding a separate image removes the URL to the article. Interesting and might be a bug.
Ping - Update 2 @[email protected] @[email protected] @[email protected]
Ping - Update 3 @[email protected] @[email protected] @[email protected]
Yeah, notifications are really unreliable here. I've got another window for more stress test today. Going to post update later, or tomorrow. Focus on MTU/MSS
The ISPs are slow to answer if there is no active outage. Will take some time anyway.
Packets are dropped in bot directions. I am currently looking through the pcaps and will do another stress test later - got another window. MTU/MSS is the prio today.