Learning pillow

Recently I was playing with date formatting in python and wrote a little script which takes a json object full of upcoming dates, then shows a count down. Running this in the terminal is easy, but I wanted a simple way to see the information without having to do that. I could have written a macOS app to add to the UI at some point, but swift is still a mess and I’m not going to go learn ObjectiveC just for this one. [Read More]

Make Blue Great Again

I get it, I really do. Red team engagements are amazing and they’re a great way to identify problems in our environments. They’re really cool to talk about to your CEO buddies, and while you pay the bill you get to imagine a crack military-style force attacking your perimeter and attempting to breach your defences. They’re the cool thing that every security guy wants to do, because Blue’s the boring one, right? [Read More]

Docker Networking Issue

So I kept having issues with connectivity in the docker system I run on my laptop. Couldn’t get it to pull images, build or whatever I needed to do. $ docker build . Sending build context to Docker daemon 13.61 MB Step 1/9 : FROM ubuntu:latest Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.88.1:53: read udp 10.0.2.15:60485->192.168.88.1:53: i/o timeout Turns out my docker machine was a bit special - probably because I hop between different networks fairly regularly. [Read More]

ASA certificates and OpenSSL

While messing with a Cisco ASA, I needed to pull a certificate out of the config. While trying to parse it with openssl, it wasn’t pleased with the PKCS12 format file it claims to have exported: 139708630054816:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:\ wrong tag:tasn_dec.c:1319: 139708630054816:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:\ nested asn1 error:tasn_dec.c:381:Type=PKCS12 Even windows wouldn’t have a bar of it, which is unsurprising. Its certificate handling’s for shit anyway. I found the answer is here on StackOverflow (of course): OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx . [Read More]

Are You Secure?

I was commenting on the seeming madness and complexity of our work firewall design recently: We just drew a network diagram on the wall of just our firewalls, 12’ wide, 6’ tall… at the end, I jumped up and yelled “THE ARISTOCRATS”. Seemed required. And someone asked “are you secure?”. Now, I could go with what we tell management - that we’re as secure as budgets allow - or a variety of other answers. [Read More]

Filename wrangling fun

I learnt some new things today about how to deal with filenames in bash. $ touch foo $ ls foo* foo $ mv foo{,z} $ ls foo* fooz Alternatively… $ touch foo[1,2,3] $ ls foo* foo1 foo2 foo3 $ find . -name "foo*" -exec mv {}{,old} \; $ ls foo* foo1old foo2old foo3old Silliness, I know. But handy when you want to rename a bunch of things, or just rename one without messing it up. [Read More]

Loopback swap files

Setting up a loopback swap file is something I do fairly commonly on my virtual servers - RAM costs extra money - whereas SSD storage is common and included! Repartitioning’s too much messing around on DigitalOcean, so I set up a loopback file and it just works. Here’s the commands to make a 2GB file (change count for different sizes): yaleman@server:~# sudo dd if=/dev/zero of=/swap.img bs=1024 count=2097152 2097152+0 records in 2097152+0 records out 2147483648 bytes (2. [Read More]

CAPSMAN info dump

I was asked by a friend to give a quick rundown on Mikrotik CAPSMAN configuration, so I dumped the config and added some notes. :) Packages I’m currently running v6.38 but was running about v6.2 only a week or so ago - make sure you have the “wireless” package enabled. Older RouterOS versions required the capsman-v2 package, which is now deprecated. > /sys package print Flags: X - disabled # NAME VERSION 0 routeros-mipsbe 6. [Read More]

Domain LDAP listening check

A quick command for checking if your Active Directory servers are all listening on LDAP. Guess who had an issue with that today? :) dig +short domainname.internal | xargs -I{} /usr/sbin/hping3 -p 389 -q -c 1 {} 2>&1 | egrep "(transmitted|hping)" You’ll need hping3 - it’s installable from apt-get on Debian, can’t comment about any other distributions. A quick explanation for each part: dig +short domainname.internal - pull the IPs of the hosts in the domain entry - they’ll be your domain controllers sudo is required because hping uses raw sockets xargs runs the next command on each input line hping3 -p 389 - connect on TCP to the LDAP port 2>&1 - redirect STDERR to STDOUT to make it more easily filtered egrep - filter only the required lines This’ll hit each server once and show an output like: [Read More]