KrazyWorks | Category Archive

Generating Honeypot Data Structure

January 17, 2022 – 1:49 pm

I’ve been fiddling with my inotifywatch scripts to make a better “early-warning” system for ransomware detection and realized I needed a more realistic honeypot data structure. Ransomware is getting more clever and is no longer …

Laziness vs Phishing

October 21, 2021 – 2:02 pm

Here’s an interesting article detailing the methods scammers use to steal your one-time passwords for Coinbase.

Generating IP Whitelists

October 7, 2021 – 11:44 am

I have several scripts that scan various log files for signs of suspicious activity and block the offending IPs on my Web servers – pretty standard stuff. The trick, of course, is not to block …

Fixing Sudo

January 28, 2021 – 11:53 am

A decade-old massive and easy-to-exploit security hole (CVE-2021-3156) has been found in sudo allowing for full root access by any unprivileged system user. This is one of those rare security bugs you can’t delay remediating.

Bulk Create Linux Users using Salt

October 9, 2020 – 1:48 pm

Recently I ran into a situation where hundreds of VMs recently built via OpenShift/Ansible automation were missing an important local user account used for security audits. While our automation guys were working on tracking down …

Checking Linux Account Password

October 8, 2020 – 1:46 pm

On occasion you may need to check if an account has a specific password. For example, when you build VMs, you may use some default passwords for some default accounts (i.e. root) that should be …

Updating Lynis

October 6, 2020 – 8:22 am

Lynis is an excellent security audit tool for Linux and various Unix derivatives. I have a small wrapper script that runs Lynis via a cron job, does a selective diff with the previous run’s output, …

Hiding Passwords

October 5, 2020 – 8:20 am

I’ve touched on this subject previously, but suddenly felt I should repeat myself. The big issue with using passwords from command line is shell history.

Home-Brew Ransomware Defense

October 1, 2020 – 8:10 am

The first well-known case of ransomware was documented in 1989. The so-called AIDS Trojan was delivered on a floppy disc; encrypted data; demanded $189.00 (nearly four hundred bucks in today’s money) as a “license fee”. …

Bulk-Adding IPTables Rules

December 12, 2019 – 9:46 pm

I’ve been using my mod of this handy script to block countries with iptables. One issue with the script is that it is adding rules one-by-one using the iptables -A syntax. This is the proper …

Windows 10 Upgrades

December 6, 2019 – 9:44 pm

I did the only sensible thing and disabled automatic updates on my two Windows 10 laptops. Microsoft’s belated foray into the world of CI/CD for releasing Windows patches suffers from limited automated testing.

Working with iptables Logging

November 30, 2019 – 9:41 pm

Most commonly iptables is used to allow, block, or redirect connections. However, it also has a logging feature that can be very useful for network traffic analysis and system security.

Copying File Attributes Across Servers

November 29, 2019 – 9:40 pm

To make long story short, had to fix someone’s chmod -R 777 /. A late-night copy-paste fail, it would seem. Needless to say, console access is required, as SSH will not work with permissions on …

Copying Data in a Restricted Environment

August 17, 2019 – 8:04 pm

Consider this not-so-hypothetical scenario: you have some data on server_a that you would like to copy to server_b. Unfortunately, these two servers cannot communicate with each other. Nor do they have access to any common …

Sending Windows Logs to Remote Syslog

July 6, 2019 – 11:21 am

Nothing fancy here: just a quick note on directing Windows event logs and select application logs to a remote syslog server.

Plugging iPhone’s Privacy

July 3, 2019 – 11:19 am

Many recent publications , , suggest the iPhone is full of security holes threatening your privacy. The threat seems to be coming not so much from the phone’s operating system, but from the apps, …

Finding Passwords in Logs and Shell History

June 27, 2019 – 11:15 am

Sooner or later it will happen: you type something after which you expect a password prompt then, without looking, you type the password. However, you fat-fingered the first command, and your password ended up in …

Anatomy of Internet Bullshit

June 25, 2019 – 11:12 am

Here’s an oldie from two years ago that reared its ugly head on Pocket: Starting Your Day on the Internet Is Damaging Your Brain, by Srinivas Rao. The author presents his personal opinion that reading …

Creating a Chroot Jail for SSH Access

April 17, 2019 – 4:51 pm

Just a quick collection of notes on – rather than a definitive guide to – setting up an SSH chroot jail on RHEL 6. The same should work on RHEL 7 and unrelated flavors. For …

The Unix Oriental

April 14, 2019 – 4:16 pm

Placed quite appropriately in the “Security” category – my favorite Oriental cocktail recipe. Distinguishing it from the classic preparation, are absence of sweet vermouth and lime juice, as well as addition of just a couple …

Encrypting Log Data During Log Rotation

April 9, 2019 – 4:12 pm

Most log files do not contain personally-identifiable information or other sensitive data. And even if they do, encryption of all personal data is not mandatory under GDPR. Still, on occasion, for testing and troubleshooting purposes …

Late Night Rant: Facebook

March 25, 2019 – 4:15 pm

According to media reports, since 2012, millions of Facebook and Instagram logins and plaintext passwords have been sitting on some internal Facebook system, accessible by thousands of the company’s employees.

Articles in Security

Editor

Hi Igor

Latest Comments