RewriteCond %{REQUEST_METHOD} POST RewriteRule .* - [F,L]
In addition to the above I did advise 'Mike' that the logs would have to be monitored and rewrite rules modified, semi-continuously, to remove ALL unwanted traffic. "Businesses do not have IT departments only for when poo hits the fan. They are also there so the smell doesn't even reach the office."
Earlier today I renewed BOTH my CompTia Network+ and Security+ certifications. It was VERY exhausting. I had to re-learn, a lot, in order to pass through. Extremely happy it is done. I won't have to worry about them again until 2024.
Tonight Mission: Crack these passwords for competition practice.
9-18-2021 | I woke up to good news!
Tonight Mission: I really need to deep dive into Python again with a focus on remembering functions. I'll start with "Learn Python - Full Course for Beginners [Tutorial]" @ https://www.youtube.com/watch?v=rfscVS0vtbw&vl=en. I've watched this video almost 4 times over the last 3 years and am always taking away something new.
Oh yeah.... I took time off, officially for competition, with the hopes of doing better than I ever have in a CTF
I finally was able to get the zigbee2MQTT firmware correctly flashed on the c2531 and running on Home Assistant. I had to give up on Domonticz. Too much play. Not much fun. At the moment at a least.
It feels so great to be able to control my system without the need for the Samsung Smartthings hub and/or a working internet connection. I have approximately 20% of the system connected. Configuration is the hard part. The goal is to integrate network AND home security with presense.This will be 'epic!'..... and save on the electric bill. I hope.
Now to the next rabbit hole. Learning the serialization language that is YAML to make it all work together more efficiently. It doesn't look too far off from, or any more complicated than, XML and JSON. I use both almost everyday for 'paid labor' on the Salesforce platform. Small world.
amcrest:
- host: IP_ADDRESS_CAMERA_1
username: YOUR_USERNAME
password: YOUR_PASSWORD
binary_sensors:
Resources |https://www.cloudbees.com/blog/yaml-tutorial-everything-you-need-get-started && https://www.home-assistant.io/integrations/amcrest/
Unrelated news. Thank you mom for the car help!
We will never forget. 9/11
I went ahead and installed John The Ripper on the server using snap. It is a lot easier than I used to remember. When I first used JTR, some 7+ years ago, it has to be complied to allow for gpu support.
[https://infosecaddicts.com/john-ripper/]
Originally, “Cracker Jack” was developed for the sake of cracking Unix /etc/passwd files with the help of a dictionary. Then, John the Ripper came into existence afterward. Moreover, a “Pro” version was developed to include more features than the ordinary version. Especially that it has the capability to include and deal with many more hash types on which encrypted passwords are based in the first place. The Rapper’s commercial version is the most used among penetration testers for cracking passwords. This is essentially because of both its speed and great performance.
$ sudo snap install john-the-ripper
I periodically use JTR for infosec research. I was not expecting to return anything special when I bechmarked..
..and I didn't. So it appears you still have to build yourself for gpu support. I'll revisit after Samba configuration is perfected.
More info @ https://kalitut.com/john-the-ripper/
Recently my AMD FX black cpu wasn't cutting it for Plex and other home LAN services. I was finally able to 'upgrade'. The best part is the fact that the liquid cooler from the FX series bolts right up to a AM4 chipset. I researched this build for approximately 1 month in advance.
After a hour of fidd'lin around I was able to dial in my overclock to maximize the memory speed. For some reason when I build a pc, 7/10 times, a monitor ends up on the floor 'test bench'.
Room temperatures are noticibly lower considering not much was swapped (cpu,mobo,ram).
I'm extremely grateful to be able to continue learning through personal experience. Financially and physically.
Okay, so I couldn't just let this 8 core cpu and motherboard just sit on the shelf. I, for the most part, finished assembling the box. I was able to use the Ryzen AM4 stock cooler from the Ryzen 5 on the FX8. I am going to use this as my 'web dev' env server and VM playground host.
It was getting a little hot behind the 4U so I decided to repurpose a couple of 120mm pc fans. The 'mini' Thermalake fan wasn't cutting it. I 3d printed some modified 120mm fan mounts to take care of the job. Total print time was approximately 4 hours on the Crealty Ender 3 Pro. The printer actually sits one shelf above the server AND is controlled via a Pronterface enabled VM. USB passthrough is enabled with a physical cord for comm. Win-Win.
The bed leveling system took care of the most frowned upon part, leveling. Temps are way down and hot air is no longer getting trapped between the UPS and rackmount. Sticker safe temperatures
I like stickers, a lot.
Original Thingiverse thing: https://www.thingiverse.com/thing:1062368
For a while now I have been wanting to implement a unified/central logging 'center'/server to correlate activities, including attempted access violations, on the SOHO LAN. The time for action was yesterday
The process was extremely straight forward. Install apt-get install rsyslog -y
Update server configuration to allow remote client access via UDP and TCP.
Update client configuration to send logs. Open client config; sudo nano /etc/rsyslog.conf. Append to eof *.* @@192.168.1.229:514. Make sure to update IP address to that of syslog server.
Restart rsyslog service on server then client. sudo systemctl restart rsyslog
Verify server configuration accepted and service is running. systemctl status rsyslog. Green means go đź‘Ť
Now Live!Yes. You heard right. growthwithgreg.com / greg.buf0rd.com is up and running. I'm not sure if a more healthy relationship could exist between an IT professional who sits down all day and a Licensed... certified... personal trainer. That health-to-IT profession balance is important. Mobility is key to health.... and i'll stop there. Visit the website. Get trained! Get healthy! Stay smart!
When I last was messing around with the Smartthings hub and automation I pretty much stopped once I verified it was working. Slowly, but surely, I will now begin to migrate the Samsung hub automations over to various scripts running on the raspberry pi, which runs smartthings-cli. Crontabs will handle the daily, non-triggered-routine, type automations. For the sensor activated 'things' I will start to look into how I may utilize Zigbee directly with the Pi.
https://albert-david.blogspot.com/2020/07/pimoticz-vendor-neutral-zigbee-gateway.html
... https://www.zigbee2mqtt.io/getting_started/what_do_i_need.html
that link brought me to Domoticz @ https://www.domoticz.com/. A clean, open source, all-in-one zigbee controller interface
Installed via one-liner curl -sSL install.domoticz.com | sudo bash one pre-reqs, including broker are installed
sudo apt install -y mosquitto mosquitto-clients
sudo systemctl enable mosquitto.service
Note: sometimes the command mosquitto -v prompts a warning message saying “Error: Address already in use“. That warning message means that your Mosquitto Broker is already running, so don’t worry about that.
So far research has lead me to this post. I shall continue when time allows and a zigbee dongle is found. This one seems promising and is preconfigured with Zigbee2Mqtt for $22(ish) [https://www.ebay.com/itm/124717567748?hash=item1d09bf0f04:g:Lg0AAOSwT21gmJ6d].
As always, support Open-source software by donating to the organizations you back.
I was wrong. I admit it. I was wrong
The breach was only 40 million and not all of them were T-Mobile customers. Some were prospective clients. Better yet. Some of the stolen pii belonged to people denied credit with T-Mobile!
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.[https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation].
I was wrong again! They didn't offer people free LifeLock
Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
It was McAfee ID protection. It does feel a little odd that they still use John's name on new products.
One of the most important resources for artifacts, when not deleted, are logs. Logs are there for a reason and that reason isn't to take up drive space. I review many logs daily. After a while the brain starts to notice irregularities and trends naturally. The brain, IMO, is strongest when tasked with pattern recognition.
In the above example each 'section' in itself doesn't really provide a lot of information. Let's review the IP addresses. Aside from 77.111.247.205 being on the same network as 77.111.247.50 we don't know much about the traffic with only the IP. However, when the IP addresses are compared to request time we start to see a trend. "Oh wow. Four different addresses tried to access SOMETHING at the same exact time". That is a little odd.
Let's add the 3rd question of 'what resource was attempted to be accessed?".
"Oh wow. Four different computers tried to access THE SAME resource at the same exact time. A document that doesn't exist"
A quick google auto-complete comparison of the keyword "fcked" automatically generated results in-line with my initial assessment of the users goals. Malicious.
If the resource did exist and the objective of the attacker was resource exhaustion then may had succeeded if the only defense was rate-limiting. However they were looking to exploit at a different vector.
TDLR: check logs for activity frequently and question irregularities.
Domain registration tips: -Buy the singular and plural forms -Buy common spelling errors associated with it -When possible; buy the .com FIRST -Buy any OTHER top level domains -Secure DNS
As a good faith effort and to further information security research best practices we have registered judgeforyourselve.com and have awknowledged the registration similarities, via text at top of page, while still allowing direct access to intended website via hyperlinks.
What have we learned -In a single day thousands of vistors have ACCIDENTALY come across our mirrored content -We have reinforced our knowledge that some people don't hear the "s" in a .com address. -Script kiddies still exist and love to target wordpress website
"GET /?a=fetch&content={php}die(@md5(HelloThinkCMF)){/php}"
The website www.judgeforyourselves.com does run on wordpress. Fortunately it is up to date. Go webadmin! Our adventure stops here.
Not. Even the bad actors mess up with their tools and attack the wrong targets.
"We are not running Wordpress so 404 your way somewhere else."
Depending on how advanced these requests get we may opt to honeypot traffic.