Enable 2-factor authentication in Ubuntu 22 for local Console, XRDP, and sudo usage.

Secret sauce: Build your Windows/Linux Desktop/Server virtual machines in advance, configure them the way you want and mark the hard disk as read-only. Then spin up new VM’s using differencing disks. Super fast & low disk usage.

I stopped using Windows as an Administrator and I don’t even notice. Keep reading to find out what kind of pitfalls I ran into and overcame, and some ways to keep your sanity as a mere “user”.

Abusing SQL Server CLR to obtain a Reverse Shell

During quarantine I built a portable Wifi scanner/hash catcher from parts I had laying around the house.

Our home network started off like most. We had a cable modem and a wireless router - two little boxy things plugged into the wall. We had internet; everything worked. Fast forward a few years - We now have a public-facing web server hosting several sites (I jokingly refer to this as “Bob’s Bargain Basement Hosting”), a whole bunch of PC’s/laptops/phones/IoT devices, a Plex server, security cameras, WiFi out the wazoo, and occasionally nefarious people poking around looking for a way in.

2 containers; 1 machine. What could go wrong? iptables.

TL;DR My security cameras were sending video to China. The following is how I found out and stopped it. # A while back I bought some Power-over-Ethernet (PoE) security cameras and a Network Video Recorder (NVR). The setup was pretty easy - plug the cameras into the NVR, install the app on my phone, and link them up by either scanning the camera-specific QR codes, or hand-typing the codes as shown on the NVR monitor.

The other day I came across a StackOverflow comment so valuable (and, unfortunately NOT marked as the answer), I had to share. First, a little context: I was debugging a webapp and popped open Fiddler to check some HTTP requests. Unfortunately, the site uses HSTS (HTTP Strict Transport Security) and was greeted with Chrome’s warning page letting me know that I couldn’t view the site. HSTS prevents man-in-the-middle shenanigans, which was currently being introduced by Fiddler’s SSL cert

A few months ago we upgraded to Charter’s Business-class internet - basically the same 60Mbps residential service but with a static IP. When the tech finished the install, I plugged my laptop into the cable modem and was pulling down almost 70Mbps! I powered everything down and put my hodgepodge of network stuff back into place. Everything was A-OK, or so I thought. From the top - EdgeRouter X, Netgear FVS336G, security camera NVR, and a Netgear switch.

I struggled installing Private Internet Access’ vpn in Kali a few different times using their Linux installer, and decided to share the super-simple way I got it to work. Make sure you have your /etc/apt/sources.list file populated with the correct values. These are the ones I used deb https://http.kali.org/kali kali-rolling main contrib non-free deb-src https://http.kali.org/kali kali-rolling main contrib non-free apt-get update apt-get install network-manager network-manager-openvpn network-manager-gnome network-manager-openvpn-gnome edit /etc/NetworkManager/NetworkManager.conf and set managed=true (in the [ifupdown] section)

I was in “Just make it work” mode and found I’d left my credentials out in plain text after setting up my Plex server to read off a remote fileshare. Don’t do that, instead, do this: Create a directory on your local linux machine where you’ll access the file share: sudo mkdir /media/PlexMedia Modify /etc/fstab and add the following: //remoteservername/fileshare /media/PlexMedia cifs uid=1000,iocharset=utf8,credentials=/etc/cifs-creds 0 0 Now you need to create the credentials file:

Disabling TLS 1.0 is required to pass PCI scans. I’ve done this before, and it’s fairly trivial in most cases, but when I disabled it on my e-commerce server, VevoCart started complaining. The UPS shipping estimate web service call failed, as well as our credit card processing system (which I didn’t find out about until later). The outbound call to UPS fails because it defaults to TLS 1.0. The simple workaround was to use disable TLS 1.

Ransomware is all the rage these days. The bad girls/guys live off the profit, AV companies try to prove their worth by blocking the latest variants, and the media reports on its proliferation across the country¹. There’s a couple positive side-effects of its apparent success. Corporations getting hit by Cryptolocker, Locky, and Cerberus, to name a few, are likely testing out their data-restoration policies. Lots of companies take backups - only a fraction of those actually restore them.

The Chicago Chapter of OWASP held a Capture The Flag (CTF) meetup which was really cool. The CTF was powered by Symantec, and it ran really smooth. When I arrived, we already had usernames/passwords waiting in our inbox so we could hook up to the VPN. We started promptly at 6:30pm and I started churning through the flags. Unfortunately, due to a scheduling mixup, the CTF ended an hour earlier than originally planned, so I didn’t get too deep into a lot of the technical areas that I wanted to explore.

ThotCon, short for Three One Two Conference (Chicago’s area code is 312), is one of Chicago’s few hacking conferences. This was my first security conference, and I wasn’t sure what to expect, other than to walk away more educated and (probably) more scared. Success on both counts. I also had a preconceived vision of what the crowd would look like: a cross-breed between Linux beards, and someone dressed up for Comicon.