cf7/ittavern.com
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

DEL HTML anchors from posts as they are going to be added automaticly with new ssg

Browse source
This commit is contained in:
Caffeine Fueled 2025-10-27 20:20:04 +01:00
parent 3484b45045
commit 3d28d5eee9
Signed by: cf7
GPG key ID: CA295D643074C68C
26 changed files with 263 additions and 263 deletions
Download patch file Download diff file Expand all files Collapse all files

20
items/2022-12-12_long_getting-started-with-nmap.md
View file

@ -15,7 +15,7 @@ I'll show you the basics of nmap in this post. This is more than enough to get s
**Important**: I recommend using nmap as **root** since not all scans are available for non-root users. The kernel constrain standard users from using all functions of the NIC.
## Specify the hosts or networks to scan <a href="#target" id="target">#</a>
## Specify the hosts or networks to scan
You'll start by defining the range of the scan. This is mandatory and there are multiple ways to do it.
@ -44,7 +44,7 @@ Nmap would scan 3 hosts.
Choose a random number of hosts within a chosen range:
: `nmap 10.10.10.0/24 -iR 5`
#### Exclude hosts and networks from scans <a href="#target-exclusion" id="target-exclusion">#</a>
#### Exclude hosts and networks from scans
Choose hosts or networks that should be excluded:
: `nmap 192.168.0.0/24 --exclude 192.168.0.2`
@ -52,7 +52,7 @@ Choose hosts or networks that should be excluded:
Use a file with a list of exclusions:
: `nmap 10.10.10.0/24 --excludefile /path/to/file.txt`
## SPECIFIC PORT RANGES <a href="#ports" id="ports">#</a>
## SPECIFIC PORT RANGES
**Side note**: Without a flag, it runs the 1000 common TCP ports by default. [Source](https://nmap.org/book/port-scanning.html)
@ -88,7 +88,7 @@ If you only want to scan UDP ports, use the `-sU` flag to do so.
I am not familiar with it, but you can work with protocol names like this:
: `nmap 10.10.10.0/24 -p smtp` *# Thanks to k3vinw*
#### Exlude ports from scan <a href="#ports-exclusion" id="ports-explusion">#</a>
#### Exlude ports from scan
Simply us the `--exlude-ports` option and the ports / port range:
: `nmap 10.10.10.1 -p 1-100 --exlude-ports 22,53`
@ -99,7 +99,7 @@ Simply us the `--exlude-ports` option and the ports / port range:
Use the `-g` flag to specify the source port of the scan:
: `nmap 10.10.10.1 -g 12345`
## Save output to file <a href="#output" id="output">#</a>
## Save output to file
There are 3 formats you can pick between:
@ -117,7 +117,7 @@ Saves output of ALL 3 formats:
If you want to append the results to a file, simply add the `--append-output` option to the command.
## Port states <a href="#port-states" id="port-states">#</a>
## Port states
Nmap distinguishes the state of the port in six categories. This section is copied from the [official documentation](https://nmap.org/book/man-port-scanning-basics.html) since it is explained really well.
@ -145,7 +145,7 @@ Nmap distinguishes the state of the port in six categories. This section is copi
> This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
## Scan timing / timing templates <a href="#scan-timing" id="scan-timing">#</a>
## Scan timing / timing templates
With these timing templates, you can decide how aggressively and fast you want to scan your targets. The lower the number, the slower scan and vice versa. You can choose them with the `-T` flag like this:
: `-T0` paranoid
@ -159,7 +159,7 @@ With these timing templates, you can decide how aggressively and fast you want t
A detailed table of differences can be found in the [official documentation](https://nmap.org/book/performance-timing-templates.html)
## Scripts <a href="#scripts" id="scripts">#</a>
## Scripts
**Disclaimer + Important:** Scripts are not run in a sandbox and thus could accidentally or maliciously damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or have carefully audited the scripts yourself.
@ -177,7 +177,7 @@ Often enough scripts are used to find vulnerabilities. One example can be found
For more information about scripts for nmap, check out the following blog post: [Getting started with nmap scripts](https://ittavern.com/getting-started-with-nmap-scripts/)
## Helpful additional scan options <a href="#more-options" id="more-options">#</a>
## Helpful additional scan options
Verbosity of the scan:
: `-v` / `-vv` / `-vvv`
@ -246,7 +246,7 @@ TCP ACK Ping use
: *Port 40125 is the default, if no port entered*
#### IDS/ FW Evasion <a href="#evasion" id="evasion">#</a>
#### IDS/ FW Evasion
This is a topic for another time and unnecessary for beginners, but just some IDS/FW evasion methods.

18
items/2022-12-15_long_10-prompts-1000-ai-generated-images-openai-dall-e.md
View file

@ -34,7 +34,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
**So, enjoy!**
## 1 - Cats <a href="#cats" id="cats">#</a>
## 1 - Cats
> photo of a kitten on a carpet in the living room, digital art
@ -44,7 +44,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 2 - Robot <a href="#robot" id="robot">#</a>
## 2 - Robot
> small robot wandering around in an post-apocalyptic world, digital art
@ -54,7 +54,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 3 - Donut <a href="#donut" id="donut">#</a>
## 3 - Donut
> minimalist logo of a donut shop
@ -64,7 +64,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 4 - Dackel <a href="#dackel" id="dackel">#</a>
## 4 - Dackel
> dackel in a suit in a library, digital art
@ -74,7 +74,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 5 - Poster <a href="#poster" id="poster">#</a>
## 5 - Poster
> movie poster for an action movie from the 80s, digital art
@ -84,7 +84,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 6 - Citylife <a href="#citylife" id="citylife">#</a>
## 6 - Citylife
> a black and white photo of the life in new york
@ -94,7 +94,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 7 - Dolphin <a href="#dolphin" id="dolphin">#</a>
## 7 - Dolphin
> sticker illustration of a cute dolphin
@ -114,7 +114,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 9 - Monster <a href="#monster" id="monster">#</a>
## 9 - Monster
> detailed sketch of an evil monster, digital art
@ -124,7 +124,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
## 10 - Cyberpunk <a href="#cyberpunk" id="cyberpunk">#</a>
## 10 - Cyberpunk
> realistic photo of a colorful cyberpunk city in the rain at night, digital art

16
items/2022-12-20_long_online-security-guide.md
View file

@ -6,13 +6,13 @@ Let me start with; **there is no perfect security**. Your goal is to make it as
I keep it as short as possible and focus on the 'what' and 'why', not the 'how'. There are many ways to achieve the goals, but this is a topic for itself, and depends on the circumstances.
## "I am not a target" <a href="#i-am-not-a-target" id="i-am-not-a-target">#</a>
## "I am not a target"
Unfortunately, anyone is, and yes, ANYONE can become a victim of a cybercrime. Cybercrime is highly lucrative, and criminals become more creative every year. Automation makes it simple to find easy targets or attack a large group of targets.
I'll try to provide you with enough information for safe internet use. If you feel overwhelmed, tackle one topic at a time, and keep improving. **It is never too late to care about your online security**.
## TLDR - 5 most crucial tips <a href="#tldr" id="tldr">#</a>
## TLDR - 5 most crucial tips
If you only take away these five things, I will be more than happy. These steps alone take your security to the next level and are crucial. I'll go into more detail later in the post.
@ -50,7 +50,7 @@ Answering security questions truthfully makes you vulnerable to social engineeri
---
## Password Security <a href="#password-security" id="password-security">#</a>
## Password Security
**Summarized: Generate and store a random and unique 16+ characters password for every account in your password manager.**
@ -102,7 +102,7 @@ It does not hurt to change passwords regularly, but it is not worth the hassle,
---
## Multi-/2-factor authentication <a href="#mfa" id="mfa">#</a>
## Multi-/2-factor authentication
This authentication method requires the user to provide two or more factors to access the desired service. Those factors can be: **knowledge** (something you know (e.x. pin, password, security question)), **possession** (something you have (e.x. security token, security key, second device)), and **inherence** (something you are (e.x. fingerprint, iris)).
@ -161,7 +161,7 @@ PIN:
**Important**: I cannot stress enough how important backups are. Even though MFA is a must and brings your online security to the next level, there is a legit risk of getting locked out if you lose access to the second factor.
## Do not overshare <a href="#over-sharing" id="over-sharing">#</a>
## Do not overshare
I might be paranoid, but the internet can be a dangerous place. As the police would say: '**everything you say can and will be used against you**'. This section relates to targeted rather than automated attacks.
@ -172,7 +172,7 @@ Something you can do is **lie, share wrong information about yourself, use an a
Be skeptical and keep in mind: **the internet does not forget**.
## Check twice, click once <a href="#check-twice" id="check-twice">#</a>
## Check twice, click once
The best security strategy is worthless if someone clicks and downloads anything negligently.
@ -184,7 +184,7 @@ To provide some examples: 2 ways to deal with suspicious messages would be to, f
Being careful is an important part of being secure online.
## Secure your device <a href="#secure-device" id="secure-device">#</a>
## Secure your device
**Keep your operating system, browser, antivirus, and everything else up-to-date**. I cannot stress enough how important that is.
@ -202,7 +202,7 @@ Do your research. There are good and bad VPN providers, and NEVER use free VPN o
In the end, I have to mention **Tor**. Tor routes your traffic through of network of nodes and makes it almost to track back. It is an important tool, but I am afraid that a detailed description is out of the scope of this post.
## Conclusion <a href="#conclusion" id="conclusion">#</a>
## Conclusion
So, I hope I could provide some new ideas on how to protect your online activity. Just start with the five most important points that I showed at the start, and tackle other topics later. And keep in mind, there is no perfect security, just making it more complex, and limiting the damage in case of a security incident.

22
items/2022-12-25_long_guide-to-wireshark-display-filters.md
View file

@ -32,7 +32,7 @@ The display filter hides filtered packets and is mainly used on already saved pa
Just so you know the difference when you search for more commands.
## Saving display filters <a href="#saving" id="saving">#</a>
## Saving display filters
There are two common ways to save filters. They can then be used in later sessions or help you switch between different filters, especially since certain filters can get very long.
@ -44,7 +44,7 @@ There are two common ways to save filters. They can then be used in later sessio
![filter-buttons](/images/blog/wireshark-display-filter-button.png)
## Color of the display filter bar <a href="#color" id="color">#</a>
## Color of the display filter bar
Green:
: Filter is accepted, syntax is ok
@ -57,7 +57,7 @@ Yellow:
: *(haven't found too much information about it)*
## Operators <a href="#operators" id="operators">#</a>
## Operators
### Logical operators
@ -146,7 +146,7 @@ smb.path contains "\\\\SERVER\\SHARE"
\UNNNNNNNN Unicode codepoint U+NNNNNNNN
```
# Time filter <a href="#time-filter" id="time-filter">#</a>
# Time filter
`frame.time >= "Dec 23, 2022 17:00:00" && frame.time <= "Dec 23, 2022 17:05:00"`
@ -173,7 +173,7 @@ MAC / Ethernet address:
VLAN:
: `eth.vlan.id==1`
## IP <a href="#ip" id="ip">#</a>
## IP
[Full reference (ip)](https://www.wireshark.org/docs/dfref/i/ip.html)
@ -190,7 +190,7 @@ Filter IP addresses:
Filter packet TTL:
: `ip.ttl == 64`
## ICMP <a href="#ICMP" id="ICMP">#</a>
## ICMP
[Full reference (icmp)](https://www.wireshark.org/docs/dfref/i/icmp.html)
@ -204,7 +204,7 @@ ICMP echo reply (ping):
: `icmp.type == 0`
## ARP <a href="#arp" id="arp">#</a>
## ARP
[Full reference (arp)](https://www.wireshark.org/docs/dfref/a/arp.html)
@ -220,7 +220,7 @@ Target IP address:
Sender IP address:
: `arp.src.proto_ipv4`
## TCP <a href="#tcp" id="tcp">#</a>
## TCP
[Full reference (tcp)](https://www.wireshark.org/docs/dfref/t/tcp.html)
@ -246,7 +246,7 @@ Look for 3-way-handshakes:
Fitlers for TCP resets flag:
: `tcp.flags.reset==1`
## UDP <a href="#udp" id="udp">#</a>
## UDP
[Full reference (udp)](https://www.wireshark.org/docs/dfref/u/udp.html)
@ -258,7 +258,7 @@ Filter UDP ports:
: `udp.srcport == 68` *# source UDP port*
: `udp.dstport == 68` *# destination UDP port*
## DHCP <a href="#dhcp" id="dhcp">#</a>
## DHCP
[Full reference (dhcp)](https://www.wireshark.org/docs/dfref/d/dhcp.html)
@ -298,7 +298,7 @@ Finding rogue DHCP server:
Check if other DNS server are getting populated:
: `dhcp.option.dhcp == 2 && !(dhcp.option.domain_name_server == 9.9.9.9) && !(dhcp.option.domain_name_server == 149.112.112.112)`
## DNS <a href="#dns" id="dns">#</a>
## DNS
[Full reference (dns)](https://www.wireshark.org/docs/dfref/d/dns.html)

16
items/2023-01-01_long_visual-guide-to-ssh-tunneling-and-port-forwarding.md
View file

@ -4,7 +4,7 @@ To make it quick, I wish I had known about port forwarding and tunneling earlier
**Topics**: use cases, configuration, SSH jumphosts, local/remote/dynamic port forwarding, and limitations
## Use cases <a href="#use-cases" id="use-cases">#</a>
## Use cases
SSH tunneling and port forwarding can be used to forward TCP traffic over a secure SSH connection from the SSH client to the SSH server, or vice versa. TCP ports or UNIX sockets can be used, but in this post I'll focus on TCP ports only.
@ -30,7 +30,7 @@ There are many more use cases, but this overview should give you a sense of poss
Before we start: the options of the following examples and be combined and configured to suit your setup. As a side note: if the `bind_address` isn't set, localhost will be the default
## Configuration / Preparation <a href="#configuration" id="configuration">#</a>
## Configuration / Preparation
* The **local and remote users must have the necessary permissions** on the local and remote machines respectivly to open ports. **Ports between 0-1024 require root privileges** - if not configured differently - and the rest of the ports can be configured by standard users.
* **configure clients and network firewalls accordingly**
@ -44,7 +44,7 @@ If you forward ports on interfaces other than 127.0.01, then you'll need to enab
Remember to **restart the ssh server service**.
## SSH jumphost / SSH tunnel <a href="#jumphost" id="jumphost">#</a>
## SSH jumphost / SSH tunnel
Transparently connecting to a remote host through one or more hosts.
@ -74,7 +74,7 @@ Jumphosts must be separated by commas:
: `ssh -J user@REMOTE-MACHINE:22,user@ANOTHER-REMOTE-MACHINE:22 -p 22 user@10.99.99.1`
## Local Port Forwarding <a href="#local-port-forwarding" id="local-port-forwarding">#</a>
## Local Port Forwarding
#### Example 1
@ -99,7 +99,7 @@ Access logs of the webserver on REMOTE-WEBAPP:
: the request originates from the intern IP of LOCAL-MACHINE (10.99.99.2)
## Remote Port Forwarding <a href="#remote-port-forwarding" id="remote-port-forwarding">#</a>
## Remote Port Forwarding
#### Example 1+2
@ -120,7 +120,7 @@ Access logs of the webserver on REMOTE-WEBAPP:
**Important**: `GatewayPorts yes` must be enabled on the SSH server to listen on another interface than the loopback interface.
## Dynamic port forwarding <a href="#dynamic-port-forwarding" id="dynamic-port-forwarding">#</a>
## Dynamic port forwarding
To forward more than one port, SSH uses the [SOCKS](https://en.wikipedia.org/wiki/SOCKS) protocol. This is a transparent proxy protocol and SSH makes us of the most recent version SOCKS5.
@ -146,7 +146,7 @@ I won't go into detail, but you can create a bi-directional TCP tunnel with the
`-w local_tun[:remote_tun]`
## How to run SSH in the background <a href="#background" id="background">#</a>
## How to run SSH in the background
The native way to run the tunnel in the background would be `-fN`:
: `-f` - run in the background
@ -189,7 +189,7 @@ There are mutliple ways to do it; autossh, scripts, cronjobs, and so on.
This is beyond this post and I might write about in the future.
## Limitations <a href="#limitations" id="limitations">#</a>
## Limitations
#### UDP

42
items/2023-01-10_long_backup-guide.md
View file

@ -9,7 +9,7 @@ I've tried to keep this guide accessible for personal and corporate backups.
The main goal of backups is data loss prevention. There are numerous risks that could cause data loss, and we try to prevent them with a backup strategy that fits our needs. I'll go into more detail in the next section.
#### Risks <a href="#risks" id="risks">#</a>
#### Risks
The following risks exist for data in production and for your backups! - There are many more, but this section will give you a feeling of the most common risks.
@ -40,7 +40,7 @@ Some 'disasters' affect only a single hard drive, some devices, or the whole net
**Side note**: Backups do not prevent those risks, but minimize the damage and help to recover from them.
#### RAID/snapshots are no backups! <a href="#raid-is-not-a-backup" id="raid-is-not-a-backup">#</a>
#### RAID/snapshots are no backups!
**RAID** - *redundant array of independent disks* - is a method to either increase the performance, the availability and resiliency, or both. Misconfigured, it can even cause more damage; for example, a RAID0 can make the whole array useless after a disk failure. Don't let me get started with broken hardware RAID controllers or RAID expansions.
@ -54,7 +54,7 @@ Snapshots, therefore, should not be considered a valid backup!
Both solutions can be part of your backup strategy but can't replace a regular backup.
# Determine what to backup and why <a href="#what-to-backup" id="what-to-backup">#</a>
# Determine what to backup and why
What and why you backup specific files highly depend on your needs. It is helpful to have an inventory of critical infrastructure to determine what to backup.
@ -68,7 +68,7 @@ Some other category is the frequency with which the data gets updated. An exampl
Remember to provide some kind of backup solution for devices like laptops and smartphones.
# Data Retention Policy <a href="#data-retention-policy" id="data-retention-policy">#</a>
# Data Retention Policy
With the Data Retention Policy, we try to specify how long to retain certain data. There are various factors you should consider: usefulness, compliance, laws, and so on.
@ -76,7 +76,7 @@ Some system data, like old configuration files, can be deleted after a short tim
**Side note**: as mentioned before, this highly depends on your setup, and speaking to the relevant departments is recommended.
#### Backup/data deletion <a href="#data-deletion" id="data-deletion">#</a>
#### Backup/data deletion
Deleting data or backups seems not worth talking about, but data can be easily recovered if it is not done correctly.
@ -86,7 +86,7 @@ Some laws/compliances require you to destroy data in a certain way. To make sure
To be secure, store your backups encrypted in the first place.
# Decide the backup frequency <a href="#data-frequency" id="data-frequency">#</a>
# Decide the backup frequency
The frequency of your backups will determine the impact of a disaster in terms of data loss. The more frequently you do backups; the less is data loss in case a disaster occurs. There are two metrics you could consider: **RTO** and **RPO**.
@ -106,7 +106,7 @@ With the RTO we want to determine the maximum tolerable amount of down time afte
Like the RPO, every system can have its own RTO, and the RTO ends when data is recovered and it is up again.
# Document everything <a href="#documentaion" id="documentaion">#</a>
# Document everything
As in so many areas; documentation is king.
@ -123,11 +123,11 @@ Something that should not be overlooked is a **contact list**. What people must
Don't forget to **store** the documents **securely, but accessible**. Detached from the backup, like printed out, or on a USB stick in a safe.
# How to backup! <a href="#how-to-backup" id="how-to-backup">#</a>
# How to backup!
As mentioned before, there is no perfect solution, and you must find a backup strategy that works for you. Like everything, it has pros and cons, and you have to decide what works for you. I'll show you some points to consider.
#### 3-2-1 rule <a href="#3-2-1-rule" id="3-2-1-rule">#</a>
#### 3-2-1 rule
I want to start with the well-known **3-2-1 rule**:
: have **3** copies of your data
@ -136,7 +136,7 @@ I want to start with the well-known **3-2-1 rule**:
The 3-2-1 rules should be considered the bare minimum of every backup strategy. I'll go into more detail in the following points.
#### Have multiple copies of your data <a href="#multiple-copies" id="multiple-copies">#</a>
#### Have multiple copies of your data
Who would have known? But just to be sure, consider some points.
@ -144,7 +144,7 @@ Sounds obvious, but avoid storing backups of a system on the same system or stor
Spread copies over multiple mediums and use different methods. Every storage medium/method has its risks, and having copies on multiple mediums increases the resiliency overall.
#### Locations <a href="#locations" id="locations">#</a>
#### Locations
Make use of **different locations**.
@ -156,13 +156,13 @@ Some examples would be:
Just make sure that you can access the offsite backups whenever you can and add this factor into your strategy.
#### Encrypt backup storage and transfer <a href="#encryption" id="encryption">#</a>
#### Encrypt backup storage and transfer
This is especially important for offsite backups but can be necessary for local backups too. Make sure that you use a **secure encryption method**, **use a secure password/password** or another method, and **encrypt the transit and storage**! Still will protect the integrity of your data from tampering of a third party, and makes your data worthless in case a third party gets access to the backups.
**Important**: **Do not lose the keys!** - Backup your decryption method, store it securely (not with your backups), and ensure that the decryption key is **accessible in any disaster scenario**!
#### Think about the right tools <a href="#right-tools" id="right-tools">#</a>
#### Think about the right tools
Could you access your backups in 10 years? Is the technology still around? Is the de-/encrpytion service provider still in business?
@ -172,11 +172,11 @@ It is recommended to use **well-known open-source services**. Niche and propriet
Try to **automate** as much as possible, so backups won't be forgotten, and make sure that the **backup process doesn't disrupt** the daily business.
#### Store backups immutable/read-only <a href="#immutable-storage" id="immutable-storage">#</a>
#### Store backups immutable/read-only
Keeping the backup storage immutable prevents anyone from tampering with the backups and increases the data integrity. There are cases in which you have to delete certain data from backups, but in general, it is recommended to store them immutable.
#### Choose the right storage medium <a href="#storage-medium" id="storage-medium">#</a>
#### Choose the right storage medium
There are multiple factors that will play into the choice of a storage medium.
@ -200,18 +200,18 @@ Things to consider:
The choice of medium will affect the recovery process and speed and is overall important.
#### Have the recovery process in mind <a href="#recovery-process" id="recovery-process">#</a>
#### Have the recovery process in mind
Think backward from a recovery standpoint. You have to recover system 'A' and what else must be up to get system 'A'
running again? This might give you another perspective.
#### Avoid single point of failures <a href="#single-point-of-failure" id="single-point-of-failure">#</a>
#### Avoid single point of failures
![explanation-single-point](/images/blog/backup-single-point.png)
There are plenty of examples: single backup server, a single person with access to backups, single internet connection with cloud backups only, and so on.
#### Use different backup types <a href="#backup-types" id="backup-types">#</a>
#### Use different backup types
I won't go into detail, but the main goal is to save time and storage.
@ -226,13 +226,13 @@ I won't go into detail, but the main goal is to save time and storage.
**Incremental backups** store the changes from the last full backup or incremental backup.
#### Restrict and secure access to the backups <a href="#backup-access" id="backup-access">#</a>
#### Restrict and secure access to the backups
Backups should only be accessible by trusted parties. Admins only, separate network, MFA, and other security measurements are recommended. The goal is further to limit the risks of tampering, theft or deletion.
**Side note**: make sure that you do not lock yourself out. This is critical and should be tested regularly.
# Trust but verify <a href="#verification" id="verification">#</a>
# Trust but verify
![explanation-monitoring](/images/blog/backup-monitoring.png)
@ -245,7 +245,7 @@ Things to look for: failed backup jobs, unusual activities, access attempts, and
Let third party/experts **audit** your backup strategy. It is easy to overlook certain things, and it can be beneficial to have another perspective.
# Test recoverability regularly <a href="#test-recover-process" id="test-recover-process">#</a>
# Test recoverability regularly
![explanation-recovery](/images/blog/backup-recovery.png)

20
items/2023-01-17_long_ssh-troubleshooting-guide.md
View file

@ -5,7 +5,7 @@ I won't go into specific cases in this blog post. This is a general guide on how
In this post, I'll use a **Linux** client and server as a reference.
## Logging <a href="#logging" id="logging">#</a>
## Logging
**Client**
@ -31,7 +31,7 @@ Thanks to [youRFate on Lobste.rs](https://lobste.rs/s/wombsw/ssh_troubleshooting
As mentioned, there are many more, but the following list will give you a great starting point.
#### Hostname resolution <a href="#hostname" id="hostname">#</a>
#### Hostname resolution
```markdown
error output
@ -45,7 +45,7 @@ This error message implies a problem with the DNS.
- check hostname resolution with `nslookup` or other tools
#### Connection timeout <a href="#timeout" id="timeout">#</a>
#### Connection timeout
```markdown
Error output
@ -63,7 +63,7 @@ Routing:
Firewalls:
: check the firewalls on the client, server, and network firewalls and make sure that the connection is allowed.
#### Connection refused <a href="#refused" id="refused">#</a>
#### Connection refused
```markdown
Error output
@ -83,7 +83,7 @@ SSH server running:
: make sure that the SSH server is running, e.x. with `systemctl status sshd`
#### Permission denied <a href="#permission" id="permission">#</a>
#### Permission denied
`Permission denied (publickey,password)`
@ -124,7 +124,7 @@ Private key no longer accepted on the server:
: a workaround would be to add the insecure key algorithm to the SSH server config to the accepted keys `PubkeyAcceptedKeyTypes`.
#### SSH protocol version <a href="#ssh-version" id="ssh-version">#</a>
#### SSH protocol version
`Protocol major versions differ: 1 vs. 2`
@ -147,7 +147,7 @@ On the server, you can check the provided SSH protocol version in the configurat
If this option is missing, the mordern SSH server will use SSHv2 by default. It is worth adding it just to be sure and have it documented.
#### Failed host key verification <a href="#hostkey" id="hostkey">#</a>
#### Failed host key verification
```markdown
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ -162,7 +162,7 @@ Clearing the host key from `~/.ssh/known_hosts` our use `ssh-keygen -R <ip-of-de
If you were not informed about any changes, please contact the SSH server administrator to verify that everything is still secure.
#### Unable to negotiate ciphers, MACs, or KexAlgorithms <a href="#ciphers" id="ciphers">#</a>
#### Unable to negotiate ciphers, MACs, or KexAlgorithms
```
Unable to negotiate with 10.10.10.10: no matching key exchange method found.
@ -187,14 +187,14 @@ There are workarounds with the `-o` flag to set temporary options, but I am not
`ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 user@10.10.10.10`
#### Connect without startup file <a href="#startup-file" id="startup-file">#</a>
#### Connect without startup file
This is not that common but there are ways to lock you out after changes to the startup files like `.bashrc`, `.profile`, and so on. You simply can avoid loading those profile files with the following command.
`ssh -t user@host bash --norc --noprofile`
#### Handling SSH sessions with escape sequences <a href="#escape-sequence" id="escape-sequence">#</a>
#### Handling SSH sessions with escape sequences
SSH provides some **escape sequences** with which you can kill the session on the client.

8
items/2023-01-24_long_basics-of-power-over-ethernet.md
View file

@ -10,7 +10,7 @@ PoE generally requires Cat5+ cables and has a normal working distance of 100m. A
The usage of PoE over a connection should not have any effect on the transfer or latency of the data connection. That said, cheap hardware can still do, and I had 3 cases in which turning off PoE explicitly on a switch port helped to solve a problem with disconnecting a non-PoE device. I still blame the printers.
# Specification <a href="#specification" id="specification">#</a>
# Specification
The following standards were created by the Institute of Electrical and Electronics Engineers (IEEE), and the following overview should give you a quick insight of the differences of the common standards.
@ -48,7 +48,7 @@ The following standards were created by the Institute of Electrical and Electron
**UPoE/UPoE+** are Cisco proprietary and I won't go into detail. I think it is still worth mentioning.
# Active PoE / Passive PoE <a href="#active-passive" id="active-passive">#</a>
# Active PoE / Passive PoE
Active and passive PoE are **not inter-compatible** and PSE and PD must support the same type.
@ -60,7 +60,7 @@ PSE with **active PoE** does a handshake with the PD to determine how much power
**Side note**: some passive PoE PSEs can have a shorter distance and be limited to 100Mb/s.
# Power management classes <a href="#power-classes" id="power-classes">#</a>
# Power management classes
Power management classes prevent the over-powering of PDs.
@ -75,7 +75,7 @@ Class - power at PD:
: **Class 7** - 62W *(802.3bt Type 4)*
: **Class 8** - 71,3W *(802.3bt Type 4)*
# Modes <a href="#modes" id="modes">#</a>
# Modes
There are three modes available. The following modes determine what pairs the power will be delivered to the PD. **Mode A** provides the power over the same pairs that are used for the data transfer (T568A pairs #1 + #2, T568B pairs #2 + #3) and **Mode B** delivers the power over the spare pairs (T568A + T568B pairs #3 + #4). **4PPoE** stands for 4-pairs Power over Ethernet - and as the name implies - uses all four pairs to deliver the power to the PD.

18
items/2023-01-28_long_getting-started-with-gnu-screen.md
View file

@ -3,7 +3,7 @@
[Screen](https://www.gnu.org/software/screen/) is a terminal multiplexer and has a wide feature set. It allows you to split your terminal window into multiple windows (split screen feature), detach sessions to let commands run in the background, connect to a device via serial interface, and many more.
Screen sessions keep running even if you disconnect, which is especially great for unreliable connections. There are more advanced use cases, but we will focus on the basics.
# Basics <a href="#basics" id="basics">#</a>
# Basics
You can have multiple **sessions** within the screen and each session can contain multiple **windows**. When you use the split screen function, each panel would be a window called **region** in screen.
@ -24,7 +24,7 @@ You can have multiple **sessions** within the screen and each session can contai
└───── window 1: name b
```
#### Escape combination (Prefix) <a href="#prefix" id="prefix">#</a>
#### Escape combination (Prefix)
In this blog post, I'll call the **escape combination** 'prefix', but there are multiple names for it: meta key, leading key, escape combination, and some others.
@ -32,7 +32,7 @@ The prefix tells the terminal that the following command or shortcut will be use
A list of all default key bindings can be found in the [official documentaion](https://www.gnu.org/software/screen/manual/html_node/Default-Key-Bindings.html).
## Configuration files <a href="#configuration" id="configuration">#</a>
## Configuration files
Screen won't create the startup configuration file by default but will look for these two files if it gets started.
@ -60,7 +60,7 @@ startup_message off
Simply add these lines to your configuration file, and the copyright message won't appear again.
## Logging <a href="#logging" id="logging">#</a>
## Logging
Before we start with the sessions and windows, it might be beneficial to talk about logging. For most troubleshooting sessions, it is required to save the logs. I am going to show you some ways to do it.
@ -79,7 +79,7 @@ Logging is disabled by default.
You can start a logged screen session with `-L` flag + `-Logfile /path/to/logfile.txt`. If you are already in a session, you can activate it with `Prefix` + `SHIFT` + `h`. The output file will be called `screenlog.n`, where 'n' is the number of the current window.
## Working with sessions <a href="#sessions" id="sessions">#</a>
## Working with sessions
Show all sessions:
: `screen -ls`
@ -119,7 +119,7 @@ Rename session in terminal:
: `screen -S OLDSESSIONNAME -X sessionname NEWSESSIONNAME`
: `Prefix` + `:sessionname NEW-NAME` *# screen command to change the current session name*
## Working with Windows <a href="#windows" id="windows">#</a>
## Working with Windows
Show list of all windows of current session:
: `Prefix` + `SHIFT` + `w`
@ -137,7 +137,7 @@ Kill the current window:
: `exit`
: `Prefix` + `k`
## Working with Regions / Split screen <a href="#split-screen" id="split-screen">#</a>
## Working with Regions / Split screen
Screen has the feature to show multiple windows in a split screen. Every window would then be a so called 'Region' in screen.
@ -164,7 +164,7 @@ Fit the regions to a resized terminal window:
You could create layouts, and save and reuse them later. This topic is out of the scope of this post and I am going to write about it later. You can get a reference and further information in the [official documentaion](https://www.gnu.org/software/screen/manual/screen.html#Layout).
## Screen commands <a href="#commands" id="commands">#</a>
## Screen commands
It can be used to try out configurations and screen-specific commands.
@ -174,7 +174,7 @@ It can be used to try out configurations and screen-specific commands.
I am not too familiar with screen commands, so I won't go into detail. A list of all commands can be found in the [official documentaion](https://www.gnu.org/software/screen/manual/screen.html#Command-Summary).
# Check if you are still in a screen session <a href="#active-session" id="active-session">#</a>
# Check if you are still in a screen session
Screen sets an environment variable `STY`. If the output is empty, you are not in a screen session.

14
items/2023-02-03_long_basics-of-the-linux-bash-command-history.md
View file

@ -4,7 +4,7 @@ The bash command history shows the previously used commands. By default, the his
I use RHEL and Debian-based Linux distributions and bash in this blog post as a reference.
# Configuration <a href="#configuration" id="configuration">#</a>
# Configuration
I want to start with ways to configure the behavior of the bash history.
@ -19,7 +19,7 @@ If you want to use an option for one session only, you can just type it in like
In both ways, you would disable the history for the current bash session.
# The basics <a href="#basics" id="basics">#</a>
# The basics
The bash history should be enabled by default, but you might want to change some settings.
@ -55,7 +55,7 @@ Delete a specific history entry or range:
: `history -d 15-20` *# range*
: `history -d -5` *# last 'n' of entries*
#### Disabling bash command history <a href="#disable" id="disable">#</a>
#### Disabling bash command history
As mentioned above, there are multiple options to disable the bash command history.
@ -70,7 +70,7 @@ The following option sets the maximum number of entries in the history on disk:
: `HISTFILESIZE=2000`
# Search function <a href="#search" id="search">#</a>
# Search function
You can start a **reversed search** through the history by pressing `CTRL` + `r` and entering the search term. You can jump to the next result by pressing `CTRL` + `r` again. After finding the desired command, you can press `TAB` to get filled to the current command line or press `ENTER` to run the command immediately.
@ -100,7 +100,7 @@ kuser@pleasejustwork:$ echo nightmare # dolphins chasing me in a mall
nightmare
```
# Exclusions <a href="#exclusion" id="exclusion">#</a>
# Exclusions
We can add exclusion with the `HISTIGNORE` option in your startup file. This can be useful for privacy and security reasons.
@ -117,7 +117,7 @@ You can add commands too.
`HISTIGNORE="ls:pwd:cd"`
# Timestamps <a href="#timestamps" id="timestamps">#</a>
# Timestamps
Timestamps are often important for reviews of troubleshooting sessions. With the `HISTTIMEFORMAT` option, you can add timestamps in various formats to your history.
@ -159,7 +159,7 @@ You can adjust the format with the following placeholders:
%c: complete date and timestamp (day-D-M-Y H:M:S format)
```
# Re-run commands <a href="#rerun" id="rerun">#</a>
# Re-run commands
`!!` is a variable for the previous command and, for example, can be used to run the last command as 'sudo' .

24
items/2023-02-08_long_detecting-rogue-dhcp-server.md
View file

@ -1,6 +1,6 @@
# Detecting Rogue DHCP Server
# What is a rogue DHCP server <a href="#what-is-a-rogue-dhcp-server" id="what-is-a-rogue-dhcp-server">#</a>
# What is a rogue DHCP server
A rogue DHCP server is an unauthorized DHCP server that **distributes knowingly or unknowingly wrong or malicious information** to clients that send DHCP discover packets within a network. The following section lists some examples of rogue DHCP servers.
@ -18,7 +18,7 @@ Misconfiguration:
![dhcp-rogue-server](/images/blog/dhcp-rogue-server.png)
# Signs of a Rogue DHCP server <a href="#signs" id="signs">#</a>
# Signs of a Rogue DHCP server
Some signs of having a rogue DHCP server on your network are listed below:
@ -29,7 +29,7 @@ Some signs of having a rogue DHCP server on your network are listed below:
- more than usual DHCP traffic
- DHCP traffic from new/unknown IPs
# What is DHCP <a href="#dhcp" id="dhcp">#</a>
# What is DHCP
I won't go into too much detail on how DHCP is. In a nutshell, DHCP stands for Dynamic Host Configuration Protocol and allows automatic assigning of IP addresses to devices and provides more information about the network, like the default gateway, subnet mask, DNS server, NTP server, and more.
@ -62,7 +62,7 @@ The following screenshots show a rough overview of the DORA process. Since this
So, enough theory; let us detect the rouge DHCP server.
# Detecting a rogue DHCP server <a href="#detecting" id="detecting">#</a>
# Detecting a rogue DHCP server
There are various ways to detect a rogue DHCP server. Some work on the client or network level, or both.
@ -70,7 +70,7 @@ In the following sections, we assume that we only have **one legitimate DHCP ser
**Side note**: You can **release the old and request a new IP** on **Windows** via command line `ipconfig /release` and `ipconfig /renew` and on **Linux** with `sudo dhclient -v -r` and `sudo dhclient -v`. Don't forget to specify the interface if you use multiple.
## Packet capture <a href="#packet-capture" id="packet-capture">#</a>
## Packet capture
![DHCP-discover](/images/blog/dhcp-d.png)
@ -80,7 +80,7 @@ You should look for **UDP traffic on ports 67 and 68**. It makes it easier to de
You can find more DHCP display filters for Wireshark in this [post](https://ittavern.com/guide-to-wireshark-display-filters/#dhcp).
## Using nmap <a href="#nmap" id="nmap">#</a>
## Using nmap
Scan for IPs that listen on the UDP port 67 in your network:
: `sudo nmap -sU -p 67 -d 10.10.20.0/24`
@ -106,7 +106,7 @@ Final times for host: srtt: 406 rttvar: 3765 to: 100000
This gives you a quick overview of your network.
#### nmap Scripts <a href="#nmap-scripts" id="nmap-scripts">#</a>
#### nmap Scripts
The required NSE script `broadcast-dhcp-discover` should be installed by default together with nmap. More information to the script can be found in the [official documentation](https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html).
@ -159,7 +159,7 @@ Nmap done: 0 IP addresses (0 hosts up) scanned in 1.23 seconds
For more information about `nmap` visit the [nmap guide](https://ittavern.com/getting-started-with-nmap/) or other `nmap` [posts](https://ittavern.com/tags/nmap/).
## Windows DHCP server event logs <a href="#windows-event-logs" id="windows-event-logs">#</a>
## Windows DHCP server event logs
The following event logs on the authorized Windows DHCP server can indicate a rogue DHCP server on a network.
@ -180,7 +180,7 @@ The source can be found on [microsoft.com](https://learn.microsoft.com/en-us/pre
You can check the logs regularly or add those events to your monitoring solution.
## Microsoft Rogue DHCP Checker <a href="#microsoft-roguechecker" id="microsoft-roguechecker">#</a>
## Microsoft Rogue DHCP Checker
Microsoft provided a tool to detect rogue DHCP servers, but this blog post from 2009 is no longer available. But thanks to archive.org we can find the [blog post](https://web.archive.org/web/20140812200404/http://blogs.technet.com/b/teamdhcp/archive/2009/07/03/rogue-dhcp-server-detection.aspx) and download the 'RogueChecker' there.
@ -188,17 +188,17 @@ Microsoft provided a tool to detect rogue DHCP servers, but this blog post from
Installed it on Windows 10 and it seems to work.
## Turn off your own DHCP server <a href="#turn-of-legitimate-dhcp-server" id="turn-of-legitimate-dhcp-server">#</a>
## Turn off your own DHCP server
Especially in larger networks, this often enough is not a solution, but I thought it would still be noteworthy. Disable the legitimate DHCP server in some way, release the IP on the client and ask for another IP. You shouldn't get a new legitimate IP address! - In case you receive a new IP address, the chances are high that there is a rogue DHCP server.
You can now check the DHCP server on the client and use other methods to find the rogue DHCP server on your network.
## Intrusion Detection Systems <a href="#ids" id="ids">#</a>
## Intrusion Detection Systems
There are many solutions that cover the detection of rogue DHCP servers, but not all companies have the capacities to maintain such a system. Therefore, we do not need to go into detail, but it is still worth mentioning.
# Preventing actions of a rogue DHCP server <a href="#prevention" id="prevention">#</a>
# Preventing actions of a rogue DHCP server
Detecting is one thing; preventing any damage from a rouge DHCP server is another. This post focuses on detection, but I thought it won't hurt to list some prevention measurements.

18
items/2023-02-14_long_simulate-an-unreliable-network-connection-with-tc-and-netem-on-linux.md
View file

@ -4,7 +4,7 @@
This a blog post about the basics of `netem` and `tc` on how to modify the **outgoing** traffic. You could modify the incoming traffic with an Intermediate Functional Block pseudo-device in Linux, but I am not too familiar with it and is out of scope for now.
# Reasons to simulate an unreliable network connection <a href="#reason" id="reason">#</a>
# Reasons to simulate an unreliable network connection
There are various reasons why you want to modify the traffic between devices. The last time we had to ensure that a streaming server in Frankfurt could handle incoming video streams with a high latency over an unreliable connection from the US. The other time we had to provide proof that some SAP modules can't handle the additional latency of a VPN and that the problem is on their side and not ours.
@ -28,7 +28,7 @@ We are going to cover the basics of the following options in this post:
Those options can be combined and will cover most of the cases.
# Basics of tc <a href="#basics" id="basics">#</a>
# Basics of tc
`tc` stands for 'traffic control' and, as the name implies, is used to configure the traffic control of the Linux kernel and is part of the `iproute2` package. [`Netem`](https://man7.org/linux/man-pages/man8/tc-netem.8.html) stands for 'network emulator' and is controlled by the `tc` command.
@ -63,7 +63,7 @@ Unfortunately, it is not that easy to limit the applied options to a specific IP
I might rework this section at some point. For further reading, feel free to check the [official documentation](https://man7.org/linux/man-pages/man8/tc-ematch.8.html) for the filters.
# Units used for Parameters for the netem options <a href="#units" id="units">#</a>
# Units used for Parameters for the netem options
Almost every 'nenum' option can have one or more parameters. I thought it would make sense to show you the available units before we start with the practical part.
@ -88,7 +88,7 @@ The time for latency and other options can be specified as follows:
: `ms` - Milliseconds
: `s` - Seconds
# Netem Options <a href="#options" id="options">#</a>
# Netem Options
I am going to explain the syntax in the first scenario.
@ -113,7 +113,7 @@ PING 10.10.22.1 (10.10.22.1) from 10.10.22.51 eth0: 56(84) bytes of data.
rtt min/avg/max/mdev = 0.376/0.465/0.550/0.060 ms
```
## Add Latency / Delay <a href="#latency" id="latency">#</a>
## Add Latency / Delay
The netem latency will be added to the normal latency of the connection.
@ -155,7 +155,7 @@ To **remove** this `tc` rule, send the same command again, but replace `add` wit
`sudo tc qdisc del dev eth0 root netem delay 100ms`
#### Add Jitter <a href="#jitter" id="jitter">#</a>
#### Add Jitter
If you want to add more Jitter - or in other words - variance in latency, add another parameter at the end. This is a plus/minus value.
@ -184,12 +184,12 @@ rtt min/avg/max/mdev = 54.495/110.797/145.590/25.366 ms
The added latency will be in a range from **50-150ms** from now on.
#### Send duplicate packets <a href="#duplicate" id="duplicate">#</a>
#### Send duplicate packets
Sending random duplicate packets over a specific interface:
: `sudo tc qdisc change dev eth0 root netem duplicate 1%`
## Simulate Packet loss <a href="#packet-loss" id="packet-loss">#</a>
## Simulate Packet loss
There are various reasons for packet loss: an unreliable network connection, network congestion, bugs, and so on.
@ -215,7 +215,7 @@ PING 10.10.22.1 (10.10.22.1) from 10.10.22.51 eth0: 56(84) bytes of data.
rtt min/avg/max/mdev = 0.302/0.505/0.833/0.145 ms
```
#### Corrupt packets <a href="#corrupt" id="corrupt">#</a>
#### Corrupt packets
Introduced an error at a random position of the packet.

22
items/2023-03-05_long_icmp-echo-requests-reference-guide.md
View file

@ -6,7 +6,7 @@ In a nutshell: ICMP echo requests can be used to check the reachability of two h
**Side note**: All Linux references should work on **MacOS** too.
# Simple ping without any options <a href="#ping" id="ping">#</a>
# Simple ping without any options
Linux:
: `ping 10.10.20.1`
@ -85,7 +85,7 @@ PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
```
## Continuous ping requests <a href="#cont" id="cont">#</a>
## Continuous ping requests
Linux:
: *continuous pings by default*
@ -98,7 +98,7 @@ Windows - Powershell 7.2+ - Test-Connection:
: `-Repeat`
## Number of ping requests <a href="#number" id="number">#</a>
## Number of ping requests
Sets the number of pings
@ -114,7 +114,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: `-Count NUMBER`
: Default is 4
## Using a specific interface <a href="#interface" id="interface">#</a>
## Using a specific interface
Linux:
: `-I INTERFACE-NAME`
@ -125,7 +125,7 @@ Windows - Cmd Line:
: *you have to choose the IP of the interface to use it for a ping*
## domain name resolution <a href="#resolution" id="resolution">#</a>
## domain name resolution
You get results faster if you can avoid domain name resolution.
@ -138,7 +138,7 @@ Windows - Cmd Line:
: `/a` / `-a`
## Avoid output / quiet mode <a href="#quiet" id="quiet">#</a>
## Avoid output / quiet mode
Linux:
: `-q`
@ -153,7 +153,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: Just outputs `True` / `False`
## Add timestamp <a href="#timestamp" id="timestamp">#</a>
## Add timestamp
Linux:
: `-D`
@ -163,7 +163,7 @@ Windows:
: *haven't found an option. There are multiple ways with bash scripting*
## Packet Size <a href="#size" id="size">#</a>
## Packet Size
Linux:
: `-s NUMBER`
@ -178,7 +178,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: data bytes. The default is 32 bytes + 8 bytes ICMP header data.
## TTL / Time to live <a href="#ttl" id="ttl">#</a>
## TTL / Time to live
Sets the IP Time to live!
@ -193,7 +193,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: *default is 128*
## Sets "Don't Fragment" bit <a href="#df" id="df">#</a>
## Sets "Don't Fragment" bit
Sets the DF flag in the IP header.
@ -207,7 +207,7 @@ Windows - Powershell 7.2+ - Test-Connection:
: `-DontFragment`
## IP Protocol 4 or 6 <a href="#protocol" id="protocol">#</a>
## IP Protocol 4 or 6
Linux:
: `-4` *# IPv4*

10
items/2023-04-07_long_getting-started-with-nmap-scripts.md
View file

@ -10,7 +10,7 @@
This blog post will cover the general usage of nmap scripts, not the scripting itself. Check out the [getting started with nmap post](https://ittavern.com/getting-started-with-nmap/) if you are new to nmap.
# Basics usage <a href="#usage" id="usage">#</a>
# Basics usage
The **Nmap Scripting Engine (NSE)** allows you to run and share pre-made and custom scripts. Scripts are written in Lua and use the file extension `.nse`. NSE will enable you to scan and analyze any host and network in-depth and according to your needs. Automation, vulnerability scans, and many other functions are possible with the NSE.
@ -41,7 +41,7 @@ Example with different syntaxes:
**Side note**: Scanning the domain `scanme.nmap.org` is permitted in low volumes as stated on [their page](http://scanme.nmap.org/), but please do not abuse it!
#### Using multiple scripts <a href="#multiple-scripts" id="multiple-scripts">#</a>
#### Using multiple scripts
There are various ways to use multiple scripts at once. The easiest way would be to separate them with a **comma**.
@ -79,7 +79,7 @@ The official syntax is:
If you have many arguments to run, you can call them from a file with `--script-args-file FILENAME`.
# Script directory <a href="#directory" id="directory">#</a>
# Script directory
You usually can find the default scripts in the following directories.
@ -107,7 +107,7 @@ NSE will look for the script in the following places until found:
More complex scripts require separate data sets, databases, and other things. Those must be placed in the NSE data directory. It works similarly to the script directory but is out of this post's scope. Most scripts that require this function will let you know. I just thought it would be beneficial to mention.
# Custom scripts <a href="#custom-scripts" id="custom-scripts">#</a>
# Custom scripts
It is straightforward to use and add custom scripts, that are either created by yourself or downloaded from the internet.
@ -124,7 +124,7 @@ Add the `.nse` file to the script directory and run the following command to add
You should now be able to run the script with the name only.
# Script categories <a href="#script-categories" id="script-categories">#</a>
# Script categories
NSE categorizes its scripts, so you can run a bunch of them at once. The following categories are currently there:

26
items/2023-04-30_long_curl-reference-guide.md
View file

@ -4,7 +4,7 @@ Curl is a powerful tool that is mainly used to transfer data. It has way more fu
Most of it should work on other operating systems too, but I'll use **Linux** as reference. I'll keep this page up-to-date and add more topics in the future.
# General <a href="#general" id="general">#</a>
# General
**Side note**: put the URL into single or double quotes if it contains special characters.
@ -14,7 +14,7 @@ A quick example to get you public IP:
: `curl brrl.net/ip`
: `curl -L brrl.net/ip` # `-L` to get through the HTTP>HTTP if necessary
#### Saving to disk <a href="#download" id="download">#</a>
#### Saving to disk
You can redirect the content from stdout to another application, save it as a file or download the target file.
@ -30,28 +30,28 @@ If you want to create a **new directory**, you can use `--create-dirs` like this
The **permission** used is 0750.
#### Specific interface <a href="#interface" id="interface">#</a>
#### Specific interface
You can use the `--interface` option to use one specific interface. You are free to use the interface name, the IP address, or the hostname.
#### Specific DNS server <a href="#dns-server" id="dns-server">#</a>
#### Specific DNS server
You can choose a specific DNS server with the following option. Multiple DNS servers can be chosen and must be separated by a comma.
`--dns-servers 9.9.9.9:53,149.112.112.112:53`
#### Redirects <a href="#redirects" id="redirects">#</a>
#### Redirects
If you want curl to follow redirects, simply use the `-L` flag.
#### Import curl options and targets from the file <a href="#import-options" id="import-options">#</a>
#### Import curl options and targets from the file
Some tasks require many options. To keep it organized, you can import those options from a file with the `-K` or `--config` and followed by the name of the file.
Example:
: `curl --config curl-options.txt https://example.com`
#### Data tranfer limits <a href="#transfer-limits" id="transfer-limits">#</a>
#### Data tranfer limits
You can set up- and download limits with `--limit-rate`. The default are bytes/second, and you can use `K`,`M`,`G`,`T` for Kilo-,Mega-,Giga- and Terabyte, respectively.
@ -61,7 +61,7 @@ You can set up- and download limits with `--limit-rate`. The default are bytes/s
--limit-rate 10M
```
#### Parallel function <a href="#parallel" id="parallel">#</a>
#### Parallel function
To let curl transfer data parallel, you can use the `-Z` or `--parallel` and choose `--parallel-immediate` to start immediately.
@ -80,11 +80,11 @@ Unreliable connections are a pain, and you can tell curl to retry and continue d
[Source from StackExchange](https://superuser.com/a/142480)
# Wildcards / Multiple downloads <a href="#wildcards" id="wildcards">#</a>
# Wildcards / Multiple downloads
**Side note**: make sure to put the full URL into single or double quotes if you work with wildcards and sequences.
#### Sets <a href="#sets" id="sets">#</a>
#### Sets
You can tell curl to transfer multiple files by putting the names into curly brac `{}`
@ -124,7 +124,7 @@ kuser@pleasejustwork:~/temp/curl$ ls
file_1_3.txt file_1_4.txt file_2_3.txt file_2_4.txt
```
#### Sequence <a href="#sequences" id="sequences">#</a>
#### Sequence
Use `[]` for alphanumeric sequences:
: `curl -O 'http://example.com/picture-[1-51].img'`
@ -138,7 +138,7 @@ Adding steps:
: `curl -O 'http://example.com/picture-[1-50:2].img'` # every second picture
# Proxies <a href="#proxy" id="proxy">#</a>
# Proxies
I am not too familiar with the proxy functions. I normally just use it to download things from Tor.
@ -157,7 +157,7 @@ The usual syntax for proxies looks like this, according to the manual:
Another example of HTTP basic auth proxy:
: `curl --proxy-basic --proxy-user user:password -x http://proxy.example https://example.com`
# Authentication <a href="#authentication" id="authentication">#</a>
# Authentication
Example for basic authentication:
: `curl -u name:password --basic https://example.com`

24
items/2023-06-11_long_getting-started-with-tcpdump.md
View file

@ -2,7 +2,7 @@
In this blog post, I assume that `tcpdump` is already installed since the installation method can vary from system to system, and basic Linux and CLI skills already exist. I'll try to keep it as short as possible while providing all the necessary information.
# General <a href="#general" id="general">#</a>
# General
`tcpdump` is a CLI tool to capture network traffic to help you troubleshoot specific issues. I'll use a Linux system as a reference system.
@ -13,7 +13,7 @@ You can get more help with the `-h` / `--help` or get the current version of `tc
The following sections show you how to filter the traffic and save your packet captures to disk. For more advanced filters, you can use logical operators to combine filters.
# Limit the hosts or networks <a href="#host-filter" id="host-filter">#</a>
# Limit the hosts or networks
There are many ways to filter the packets you want to capture, and we are going to start with the host and network filters. Here are some examples:
@ -48,7 +48,7 @@ You can specify whether the IP should be the source or destination instead of bi
Use logical operators to filter for more than one host.
#### Network filter <a href="#network-filter" id="network-filter">#</a>
#### Network filter
If you want to traffic for a **specific network**, you can use the `net` option together with the **network address** and **CIDR notation**.
@ -59,7 +59,7 @@ You could combine this option with `src` or `dst` to see only the incoming or ou
: `sudo tcpdump src net 10.10.10.0/24`
: `sudo tcpdump dst net 10.10.10.0/24`
#### MAC address filter <a href="#mac-filter" id="mac-filter">#</a>
#### MAC address filter
If you need to filter captures for a specific MAC address, you simply could use the previous filters with `ether`.
@ -80,7 +80,7 @@ I've never used this option, but you can use a filter for incoming or outgoing t
: `sudo tcpdump -Q in` / `sudo tcpdump --direction=in` # all incoming traffic
: `sudo tcpdump -Q out` / `sudo tcpdump --direction=out` # all outgoing traffic
# Port filters <a href="#port-filter" id="port-filter">#</a>
# Port filters
Packet capture filter for a specific port:
: `sudo tcpdump port 53` # source or destination port
@ -94,7 +94,7 @@ Use `portrange` instead if you want to filter a range of ports:
: `sudo tcpdump portrange 53` # source or destination port
: `src` and `dst` can be used too!
# Protocol filters <a href="#protocol-filter" id="protocol-filter">#</a>
# Protocol filters
The most common protocol filters are:
: `tcp`
@ -104,7 +104,7 @@ The most common protocol filters are:
: `ip6`
: `arp`
# Using a specific interface <a href="#interface" id="interface">#</a>
# Using a specific interface
Choosing the proper interface is one of my most used options to keep the pcap file as small as possible. Most servers have multiple NICs, and many troubleshooting sessions require me to be connected to multiple networks. Choosing a single interface keeps things sorted.
@ -133,7 +133,7 @@ To choose an interface for your packet capture, simply use `-i` / `--interface`
You could use `any` as an interface for all interfaces, which is the current default anyway.
# Miscellaneous options <a href="#misc-options" id="misc-options">#</a>
# Miscellaneous options
These are just some filters that are important to know.
@ -160,7 +160,7 @@ net 10.10.20.0/24 and port 53
**Important:** Some options - like the choice of the interface - can not be put into this file, and the `tcpdump` user must be an owner or in the owner group of the file with the filters to get it working. Additional filters provided in the CLI will be ignored!
# Logical operators <a href="#logical-operators" id="logical-operators">#</a>
# Logical operators
As mentioned before, filters can be combined, and logical operators can be used for more advanced filter combinations.
@ -176,7 +176,7 @@ A more complex `tcpdump` with more options could look like this:
**Side note:** You need to place the filters in quotes if you want to use parentheses.
# Display options <a href="#display-options" id="display-options">#</a>
# Display options
You've got various options to adjust the display of the captured packets in the terminal. This won't affect the raw packet capture that you would write to disk.
@ -198,7 +198,7 @@ Various options for timestamps at the beginning of the line:
: `-ttttt` # delta between current and the first packet of this capture in microseconds per default > `00:00:04.013707`
# Saving capture to a file on disk <a href="#saving-to-disk" id="saving-to-disk">#</a>
# Saving capture to a file on disk
Before we start, `tcpdump` overwrites files and does not append existing files. There is no option to change that, to my knowledge.
@ -250,7 +250,7 @@ total 3096
If you want to **limit the number of files**, you can create a **rotating buffer** with `-W NUMBER`. If the chosen number of files is reached, `tcpdump` starts to overwrite the first file again. It must be combined with the `-C` option.
# Reading PCAPs <a href="#reading-pcap" id="reading-pcap">#</a>
# Reading PCAPs
As mentioned before, `tcpdump` saves everything raw in binary in a file that is not human readable. You can read this file again, **make it human readable again**, and **apply new filters again**.

16
items/2023-06-16_long_create-tmux-layouts-using-bash-scripts.md
View file

@ -39,7 +39,7 @@ The creation of the script involves a lot of trial and error. I hope I can provi
**Side note:** just in case, here is a link to the [tmux primer](https://ittavern.com/getting-started-with-tmux/).
#### Session and window overview <a href="#overview" id="overview">#</a>
#### Session and window overview
Get an overview of all tmux sessions, windows and panes by pressing the `Prefix` + `w` shortcut. This allows you to get a quick overview and move fastly within your tmux environment.
@ -47,7 +47,7 @@ To get a quick overview of the panes of the current window, press `Prefix` + `q`
![tmux-overview](/images/blog/tmux-primer-1.png)
#### Syntax of the tmux commands <a href="#syntax" id="syntax">#</a>
#### Syntax of the tmux commands
Just to provide you with a quick explanation of the syntax of the following commands.
@ -62,7 +62,7 @@ Run a command in a specific pane:
Just to give you an idea of how a simple command can look and what everything means.
# The essential commands <a href="#commands" id="commands">#</a>
# The essential commands
Create a new window:
: `tmux new-window -t $session_name:1`
@ -76,7 +76,7 @@ Select a specific window:
Select a specific pane on the current window:
: `tmux select-pane -t 0`
#### Spliting windows <a href="#splitting" id="splitting">#</a>
#### Spliting windows
Split current pane horizontally:
: `tmux split-window -h -p 50 -t $session_name:0`
@ -111,7 +111,7 @@ Split current pane vertically:
**Side note:** Since there is a lot of trial and error involved, you can kill a tmux session with `Prefix` + `:kill-session`.
# Send keystrokes to pane <a href="#key-stroke" id="key-stroke">#</a>
# Send keystrokes to pane
There are many things you could do with this one. Toy around and see what works for you. Changing directories, creating temp files, open specific files, running commands, starting scripts or programs, and so on.
@ -121,7 +121,7 @@ Some examples:
: `tmux send-keys -t $session_name:2.2 'htop' C-m` *# start `htop` in the third window (starts with 0) and pane number 2*
# Design / customization <a href="#design" id="design">#</a>
# Design / customization
You can use color names like `red` or hex color codes like `#ff1900`
@ -142,7 +142,7 @@ Set the background color of the currently active pane:
: `tmux set -g window-active-style "fg=white bg=black"`
# Demo <a href="#demo" id="demo">#</a>
# Demo
![tmux-demo-layout](/images/blog/tmux-demo-layout.png)
@ -201,7 +201,7 @@ fi
tmux attach -t $session_name
```
# Conclusion <a href="#conclusion" id="conclusion">#</a>
# Conclusion
As I mentioned before, there are multiple ways to do it. From the config file to random plugins. I am still using it since it provides me with a lot of flexibility and per-project customizability. If you have any questions or tips, feel free to reach out.

28
items/2023-07-06_long_url-explained-the-fundamentals.md
View file

@ -2,7 +2,7 @@
In this post, I'll try to explain the syntax and use of an URL and the difference between URI, URL, URN, and URC.
# URL explained <a href="#url-explained" id="url-explained">#</a>
# URL explained
![url-explained](/images/blog/url-explained.png)
@ -20,7 +20,7 @@ Noted that the 'authority' can have the following syntax:
More information follow in the following sections.
## URI Scheme <a href="#scheme" id="scheme">#</a>
## URI Scheme
Always required, but often hidden by the application, e.x. most commonly in browsers as `http` or `https` is the default and implied.
@ -38,7 +38,7 @@ There is a large - but now retired - list of [Public registered and un-registere
As a side note, the double slashes were a choice of [Tim Berners-Lee, which he regrets since they have no other purpose](https://archive.nytimes.com/bits.blogs.nytimes.com/2009/10/12/the-webs-inventor-regrets-one-small-thing/?partner=rss&emc=rss).
## UserInfo <a href="#userinfo" id="userinfo">#</a>
## UserInfo
The UserInfo is optional, and often enough gets discarded by applications. Most browsers will ignore that information or warn you since it is a security risk.
@ -46,7 +46,7 @@ An example where it is used normally:
`ssh://username@example.com:2222`
## Host <a href="#host" id="host">#</a>
## Host
This is the host section. It can be the **same system, a hostname, an IP, or a domain**.
@ -55,7 +55,7 @@ Examples:
: `https://ittavern.com/url-explained-the-fundamentals/`
: `vnc://10.10.20.57:5900`
#### Domains <a href="#domains" id="domains">#</a>
#### Domains
Just a short digression into the world of domains.
@ -84,11 +84,11 @@ The **list of all TLDs** can be found in the [docs of IANA](https://data.iana.or
There are two kinds of TLDs - **Generic top-level domain (gTLD)** like .com .info .net and **Country-code top-level domain (ccTLD)** like .nl .de .us and some **combinations** like .co.uk or .com.au.
## Port <a href="#port" id="port">#</a>
## Port
Many schemes have a default port number, allowing most programs to hide the port number to avoid confusion for their users. `http` has port 80, `https` has port 443, `ssh` has port 22, and so on. The same applies to the transport protocol, for example, `TCP` or `UDP`. They are required, but most applications hide them, if the default port is being used, e.x. browsers hide the `:443` and show `:10443` if the used protocol is `https`.
## Path <a href="#path" id="path">#</a>
## Path
The path is a hierarchical naming system of **subdirectories or subfolders and files**, goes from left to right and is required. Unlike domains, **the path is case-sensitive**!
@ -99,7 +99,7 @@ Examples:
As a side note, the first example leads to an image, and in the second example, you might have noticed that the file is missing. The browser will open the `random-post` subfolder and the webserver is so configured that it provides the browser with a pre-definded file. Those files are Usually called index.html, but that can vary from setup to setup. That is also called 'Pretty URLs.'
## Queries <a href="#queries" id="queries">#</a>
## Queries
Carries optional parameters that can be used on the server or client site. Commonly use cases are referrer information, variables, option settings, and so on. The delimiters between parameters are `&` and `;`.
@ -108,20 +108,20 @@ Examples:
: `https://youtu.be/dQw4w9WgXcQ?t=4` *# on Youtube, it tells the client where to start the video*
: `https://youtu.be/dQw4w9WgXcQ?list=PLi9drqP&t=9` # multiple parameters containing the playlist and timestamp
## Fragments <a href="#fragments" id="fragments">#</a>
## Fragments
Fragments are optional references for a specific location within a resource. For example, HTML anchors like <a href="#fragments">this</a> in HTML files.
`https://ittavern.com/url-explained-the-fundamentals/#fragments`
#### Difference between Absolute and Relative URL <a href="#relative-url" id="relative-url">#</a>
#### Difference between Absolute and Relative URL
Until now, every URL was an absolute URL. Relative URLs are often enough just the `Path` and require a reference or base URL to work.
Examples:
: `/de-DE/same-page-different-lang`
: `/img/logo.png`
# Difference between URI and URL and URN and URC <a href="#difference-uri" id="difference-uri">#</a>
# Difference between URI and URL and URN and URC
URI stands for Uniform Resource Identifier and is a unique string of characters to identify anything and is used by web technologies. URIs may be used to identify anything logical or physical, from places and names to concepts and information. [2]
@ -134,7 +134,7 @@ The different subsets have different tasks: an URN identifies an item, an URL le
URL stands for Uniform Resource Locator and specifies where an identified resource is available and the mechanism for accessing it. Further details can be found above.
#### URN <a href="#urn" id="urn">#</a>
#### URN
Identifies a resource by a unique and persistent name without any location
@ -150,7 +150,7 @@ Every URN should have the following structure:
: **NID** *# namespace identifier (letters, digits, dashes)*
: **NSS** *# namespace-specific string that identifies the resource (can contain ASCII codes, digits, punctuation marks and special characters)*
#### URC <a href="#urc" id="urc">#</a>
#### URC
URC stands for Uniform Resource Characteristic or Uniform Resource Citation. According to [Wikipedia](https://en.wikipedia.org/wiki/Uniform_Resource_Characteristic), the former is the currently used name.
@ -162,7 +162,7 @@ That said, there was never a final standard produced, and URCs were never widely
---
# References <a href="#reference" id="reference">#</a>
# References
- https://cv.jeyrey.net/img?equivocal-urls
- https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL

16
items/2023-07-23_long_getting-started-with-netcat-on-linux.md
View file

@ -4,7 +4,7 @@ In this blog post, I'll focus on the basics of netcat. More advanced options and
Netcat is available on almost any Linux host and is easy to use. It is an excellent tool for troubleshooting network issues or gathering information and a great addition to any tool portfolio.
# Basics of netcat <a href="#basics" id="basics">#</a>
# Basics of netcat
Netcat and nc can be used interchangeably. I've decided to use `nc` for this blog post. On RHEL, it is often called ncat and part of the nmap packet.
@ -32,7 +32,7 @@ Use UDP instead of TCP:
: `-u`
: *I don't focus on UDP in this post, but I might add more related content in the future*
#### Interfaces & source port <a href="#interface" id="interface">#</a>
#### Interfaces & source port
Sometimes it is necessary to specify an interface since hosts often enough have multiple. You can choose the source/interface IP on both sides with the `-s` flag and the source port on the client with the `-p` flag.
@ -43,7 +43,7 @@ Example as a client:
: `10.20.10.7` *# IP of the server*
: `9999` *# destination port of the server*
#### Destination Ports <a href="#ports" id="ports">#</a>
#### Destination Ports
You can choose multiple destination ports for most Netcat functions on the client side.
@ -62,7 +62,7 @@ Examples of service names:
Combination:
: `ssh 2222 10022-10080`
# Simple port scan <a href="#port-scan" id="port-scan">#</a>
# Simple port scan
There are better options like nmap, but it is often enough all you need.
@ -88,7 +88,7 @@ nc -vz 10.20.10.8 20-23 2>&1 | grep succeeded
Connection to 10.20.10.8 22 port [tcp/ssh] succeeded!
```
#### More information about the running service <a href="#service" id="service">#</a>
#### More information about the running service
You can get more information about the running service with the following command:
@ -119,7 +119,7 @@ Connection: close
</html>
```
# Simple chat via netcat <a href="#chat" id="chat">#</a>
# Simple chat via netcat
Two Netcat instances can connect to each other in a server-client relationship to let you transfer text and files in both directions. Which host is the server, and which is the client only relevant for the initial connection?
@ -140,7 +140,7 @@ When the connection is closed, the server will stop listening by default. You ca
**Side note:** Non-root users are by default limited to ports above 1023 for security reasons, and all communication is unencrypted by default!
# File Transfer <a href="#file-transfer" id="file-transfer">#</a>
# File Transfer
With Netcat, we are not limited to chat messages and can use it to **transfer files** in both directions. Just as a reminder: the transfer will be **unencrypted** by default!
@ -153,7 +153,7 @@ Client / sender:
In this example, we would transfer the file `random-config.txt` from the sender to the receiver in the current directory. The files don't need to have the same name.
# Conclusion <a href="#conclusion" id="conclusion">#</a>
# Conclusion
Netcat is one of my most used tools for my day-to-day work as it is easy to use and installed on almost any Linux host. I've provided you with the basics of Netcat, so you can add it to your portfolio of tools.

22
items/2023-08-04_long_getting-started-with-fail2ban-on-linux.md
View file

@ -10,7 +10,7 @@ In short:
: Fail2Ban checks logs > sees suspicious logs in reference to set rules > adds suspicious IP to the deny list of the firewall
: (jails > logs > filters > actions > configuration > firewall)
# Running Fail2Ban with systemd <a href="#running" id="running">#</a>
# Running Fail2Ban with systemd
Make sure to systemd starts Fail2Ban automatically:
: `sudo systemctl enable fail2ban`
@ -36,7 +36,7 @@ You can start the Fail2Ban service with:
After changes to the configuration, you have to restart the service with:
: `sudo systemctl restart fail2ban`
# Configuration file <a href="#configuration-file" id="configuration-file">#</a>
# Configuration file
The **default configuration file** can be found in the `/etc/fail2ban/` directory and is called `jail.conf`. You can modify options within this file, create a new file called `jail.local` or create a new `*.conf` file in the `jail.d/` directory.
@ -65,7 +65,7 @@ As you can see in this example, lines that begin with a `#` are getting ignored
Important is that you have to restart Fail2Ban after changes. If you run Fail2Ban with systemd, you can restart it with `sudo systemctl restart fail2ban`.
#### Configuration syntax <a href="#configuration-syntax" id="configuration-syntax">#</a>
#### Configuration syntax
**Example:**
@ -102,7 +102,7 @@ Important: you have to enable a jail by adding the following line:
A jail requires the configurations segment, an action, and a filter. But this is beyond the scope of this blog post.
# Configurations <a href="#configuration" id="configuration">#</a>
# Configurations
I'll focus on the basics since Fail2Ban provides you with many options. You can check out the manual or default configuration for more options.
@ -135,7 +135,7 @@ Example:
: your options are: ` CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG and HEAVYDEBUG`
# Status & Logging <a href="#status" id="status">#</a>
# Status & Logging
After starting the service, you can check the current status with:
: `sudo fail2ban-client status`
@ -164,7 +164,7 @@ Status for the jail: sshd
`- Banned IP list:
```
#### Logs <a href="#logs" id="logs">#</a>
#### Logs
The Fail2Ban logs can be found `/var/log/fail2ban.log` here and look like the following example:
@ -177,7 +177,7 @@ sudo tail /var/log/fail2ban.log
2023-08-04 09:27:03,055 fail2ban.filter [2144579]: INFO [sshd] Found 170.64.141.213 - 2023-08-04 09:27:03
```
#### Check what hosts are banned <a href="#check-banned" id="check-banned">#</a>
#### Check what hosts are banned
There are multiple ways to do so.
@ -226,7 +226,7 @@ I bet there are way more ways to show your banned hosts, but those should be goo
Sometimes you have to work on Fail2Ban manually.
#### Manually unbanning hosts <a href="#manual-unban" id="manual-unban">#</a>
#### Manually unbanning hosts
It most likely will happen that Fail2Ban is one of your hosts. To **remove a host from the deny list**, just use the following command:
@ -234,7 +234,7 @@ It most likely will happen that Fail2Ban is one of your hosts. To **remove a hos
You don't need to restart Fail2Ban after this command.
#### Manually banning hosts <a href="#manual-ban" id="manual-ban">#</a>
#### Manually banning hosts
There might be a need to place hosts on a ban list. You can do it with the following command:
@ -263,7 +263,7 @@ You can check the ban list with `sudo fail2ban-client status sshd` or `sudo ipta
**Important**: the length of the ban will depend on the `bantime` configured for the jail.
#### Permanently ban hosts <a href="#permanent-ban" id="permanent-ban">#</a>
#### Permanently ban hosts
From what I know, you can't ban hosts permanently. You could create a new jail with the same configurations as a reference jail and change the `bantime` to let's say, `999y` - I'd say 999 years is more or less permanent.
@ -278,7 +278,7 @@ bantime = 999y
You now can use `sudo fail2ban-client -vvv set perm banip 170.64.141.213` to ban a host for a long time.
# Testing your configuration <a href="#testing" id="testing">#</a>
# Testing your configuration
That is probably the easiest part. Make sure you have access to the server, open the logs, and try to connect with the wrong credentials.

42
items/2023-11-22_long_ssh-server-hardening.md
View file

@ -14,7 +14,7 @@ I'll use Linux with an SSH server as a reference (`OpenBSD Secure Shell server`
Additionally, DO NOT copy any configuration mindlessly! - Some configuration changes are just recommendations and work in most cases, but make sure those work for your system, too.
# SSH Server Configuration <a href="#config-file" id="config-file">#</a>
# SSH Server Configuration
The following configurations can be changed in the `/etc/ssh/sshd_config` file or in a separate configuration file that can be created in a subdirectory `/etc/ssh/sshd_config.d/*.conf`.
@ -32,7 +32,7 @@ Use `sudo sshd -T` for a more **verbose output**, which additionally displays al
Almost every config file change **requires a restart of the SSH server service**.
## Public key authentication <a href="#public-key-auth" id="public-key-auth">#</a>
## Public key authentication
You can find a guide on how to use public key authentication [in this linked article](https://ittavern.com/ssh-how-to-use-public-key-authentication-on-linux/). I highly recommend securing your server with public key authentication instead of password authentication.
@ -43,7 +43,7 @@ After enabling it, make sure to turn off password authentification:
It requires some configuration on the server and client, but it is worth it as it is one of the best ways to protect your server.
## Changing the ssh port <a href="#changing-ssh-port" id="changing-ssh-port">#</a>
## Changing the ssh port
`Port 2222`
@ -63,7 +63,7 @@ Change the default SSH port `22` of your host to something else. Some people thi
**Side note:** choosing a port below 1024 (system or well-known port) is recommended to make it more difficult for an unprivileged user to highjack the service, as by default, non-root processes can only open ports above 1023. Just make sure to avoid **conflicts with already used ports**.
## Disable root login <a href="#disable-root-login" id="disable-root-login">#</a>
## Disable root login
`PermitRootLogin no`
@ -71,13 +71,13 @@ Prohibits connecting as `root` as it is recommended to work with a separate user
I've got some feedback that it is unnecessary to disable this since users with `sudo` permissions could do the same damage, but I disagree. Most - if not all - systems have a `root` user, and this is known, which makes it easy to run brute-force or dictionary attacks against the system. Most attackers don't know the available users on a system, which makes the `username` a kind of password.
## Disable login attempts with empty passwords <a href="#disable-empty-passwords" id="disable-empty-passwords">#</a>
## Disable login attempts with empty passwords
`PermitEmptyPasswords no`
It is fairly self-explanatory, but to make sure, allowing any account without a password to log into the system is a big no-no and should be turned off immediately.
## Disable SSHv1 and use SSHv2 <a href="#disable-sshv1" id="disable-sshv1">#</a>
## Disable SSHv1 and use SSHv2
`Protocol 2`
@ -109,7 +109,7 @@ SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
**Important:** If you see `SSH-1.99` as version, it means that SSHv1 is enabled and it should be disabled!
## Restrict access to specific users or/and groups <a href="#restrict-users-access" id="restrict-users-access">#</a>
## Restrict access to specific users or/and groups
`AllowUsers a_this a_that`
@ -117,7 +117,7 @@ SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
This option is pretty straightforward and limits the users or groups that can access the server via SSH.
## Restrict access to specific IP or network <a href="#restrict-network-access" id="restrict-network-access">#</a>
## Restrict access to specific IP or network
`AllowUsers *@10.10.10.10` *# affects all users*
@ -127,13 +127,13 @@ This option is pretty straightforward and limits the users or groups that can ac
You can further limit the access to specific IPs or networks.
## Restrict access to specific interfaces <a href="#specific-interface" id="specific-interface">#</a>
## Restrict access to specific interfaces
`ListenAddress 10.10.10.10`
Most servers have multiple interfaces. If the server has one interface for the internal network and one for the internet, and you don't need to reach the server over the internet, it is recommended to make the SSH server listen only to the internal IP. The default is `0.0.0.0`, which allows the service to listen to all interfaces.
## Set an authentication timer <a href="#authentication-timer" id="authentication-timer">#</a>
## Set an authentication timer
`LoginGraceTime 20`
@ -141,7 +141,7 @@ The authentication must happen in 20 seconds before the connection gets closed.
**Side note:** make sure that this limit works for you. This limit won't be a problem for Public Key Authentication, but if you have to wait for mail to arrive with the MFA token, 20 seconds might be too short.
## Limit maximum number of attempted authentications <a href="#limit-authentication-attempts" id="limit-authentication-attempts">#</a>
## Limit maximum number of attempted authentications
`MaxAuthTries 3`
@ -149,7 +149,7 @@ The default is `6`, and lowering it makes it a little bit more difficult to brut
**Side note:** Every SSH key loaded into the ssh-agent counts as one attempt each. Keep this in mind if you have a bunch of keys loaded! Additionally, if the Kerberos/GSSAPI authentication method is enabled, the look-up of whether the client is authenticated counts as one attempt.
## Limit the number of concurrent unauthenticated connections <a href="#limit-unauthenticated-conn" id="limit-unauthenticated-conn">#</a>
## Limit the number of concurrent unauthenticated connections
`MaxStartups 10:30:100`
@ -166,7 +166,7 @@ The randomized connection dropping makes it more difficult to DOS the service wi
This option only affects pre-authentication connection and does not limit anything else. Additionally, it has nothing to do with the following option.
## Restrict Multiplexing <a href="#restrict-multiplexing" id="restrict-multiplexing">#</a>
## Restrict Multiplexing
`MaxSessions 10`
@ -187,7 +187,7 @@ Setting `MaxSessions` to `0` disables all shell, login, and subsystem sessions b
This option can be used to **limit the permissions of a bastion/jump host user or group** to a single task.
## Set up a session timeout <a href="#session-timeout" id="session-timeout">#</a>
## Set up a session timeout
`ClientAliveCountMax 3`
@ -195,7 +195,7 @@ This option can be used to **limit the permissions of a bastion/jump host user o
The configuration above means that the session is terminated after 6 minutes of client inactivity. After `120` seconds without receiving any data from the client, the server will ask if the client is still there. If the client does not respond, the server will try it again in `120` seconds. If the client fails to answer `3` times, the session is getting terminated.
## Hide Linux Version in identification string <a href="#hide-linux-version" id="hide-linux-version">#</a>
## Hide Linux Version in identification string
`DebianBanner no`
@ -214,7 +214,7 @@ Please note that the rest of the identification string must remain unchanged acc
SSH-protoversion-software version SP comments CR LF
```
## Disable tunneling and port forwarding <a href="#disable-tunneling" id="disable-tunneling">#</a>
## Disable tunneling and port forwarding
`AllowAgentForwarding no`
@ -224,7 +224,7 @@ Please note that the rest of the identification string must remain unchanged acc
Disabling those functions makes it more difficult to use the server as a jump host to gain access to the connected networks, malicious or not. Most servers do not need those functions enabled, but to learn more, feel free to check my article about [SSH tunneling and port forwarding](https://ittavern.com/visual-guide-to-ssh-tunneling-and-port-forwarding/).
## Disable unused authentification methods <a href="#disable-unused-auth-methods" id="disable-unused-auth-methods">#</a>
## Disable unused authentification methods
`KerberosAuthentication no`
@ -237,19 +237,19 @@ It highly depends on your needs, but if an authentification method is unused, it
**Side note:** Please ensure you don't disable the only method you can log in to prevent a lockout.
## Disable X11 Forwarding <a href="#disable-x11" id="disable-x11">#</a>
## Disable X11 Forwarding
`X11Forwarding no`
The security concern here is that X11 forwarding opens a channel from the server to the client. In an X11 session, the server can send specific X11 commands to the client, which can be dangerous if the server is compromised. [Source](https://security.stackexchange.com/a/14817)
## Disable SFTP subsystem <a href="#disable-sftp" id="disable-sftp">#</a>
## Disable SFTP subsystem
If you do not need SFTP, disable it. It decreases the attack surfaces and makes the system less vulnerable to security flaws.
Just comment out the `Subsystem sftp [...]` out of the config by placing a `#` at the beginning of the lines.
## Disable insecure ciphers and MACs <a href="#disable-ciphers" id="disable-ciphers">#</a>
## Disable insecure ciphers and MACs
```markdown
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
@ -265,7 +265,7 @@ There are even some more restrictive options, but I have not tested them myself.
Auditing tools like [ssh-audit](https://github.com/jtesta/ssh-audit) can tell you what is secure and what is not.
# Host Server configurations <a href="#host-server-config" id="host-server-config">#</a>
# Host Server configurations
I won't go into detail in this section as it is not in the scope. I just reference methods that I have already covered and name others that can help you secure your server even further.

22
items/2024-01-10_long_cron-jobs-on-linux-comprehensive-guide.md
View file

@ -3,13 +3,13 @@
In this article, I'll use **Ubuntu 22.04** (Debian-derivative) and **rockyOS 9.2** (RHEL-derivative) as references. If it is not mentioned, commands are the same for both systems.
# Basics <a href="#basics" id="basics">#</a>
# Basics
Cron jobs are scheduled and automated tasks that run commands or scripts on Linux. Common **use cases** are backups, updates, health checks, and so on. Those tasks can be run as `sudo` or user context.
Cron is the daemon that runs in the background. The running service is called `cron` and `crond` on Ubuntu and rockyOS, respectively.
#### Make sure the daemon is running <a href="#daemon" id="daemon">#</a>
#### Make sure the daemon is running
Make sure that the service is running:
@ -26,7 +26,7 @@ or
or
`ps aux | grep crond`
#### Show cron jobs <a href="#show-cron-jobs" id="show-cron-jobs">#</a>
#### Show cron jobs
Before we start, there are several places where you can look for cron jobs.
@ -130,7 +130,7 @@ man-db
/etc/cron.weekly:
```
#### Add and edit cron jobs <a href="#edit-cron-jobs" id="edit-cron-jobs">#</a>
#### Add and edit cron jobs
**Side note:** `crontab` will ask you what editor you want to use to edit the file.
@ -164,7 +164,7 @@ The default syntax is slightly different as it adds the user name on the sixth p
**Important:** Make sure that the script is executable: `sudo chmod +x script.sh`
#### Remove cron job <a href="#remove-cron-jobs" id="remove-cron-jobs">#</a>
#### Remove cron job
You can either delete single cron jobs with `crontab -e` or all cron jobs with the following commands:
@ -180,7 +180,7 @@ Removing ALL cron jobs with `crontab -r`:
crontab: really delete remotesuser's crontab?
```
# Cron Expressions with Examples <a href="#cron-jobs-expressions" id="cron-jobs-expressions">#</a>
# Cron Expressions with Examples
**Side note:** I am going to use the `crontab` command syntax for further references.
@ -269,7 +269,7 @@ The `n`th day of the month with a hash (`#`):
---
#### Nonstandard Special Strings <a href="#special-strings" id="special-strings">#</a>
#### Nonstandard Special Strings
Most implementations support special strings, but some behave a little bit differently. They replace the usual expressions `* * * * *`.
@ -283,7 +283,7 @@ Special strings
: Example: `@reboot sleep 300 && command`
#### Environment Variables <a href="#env-variables" id="env-variables">#</a>
#### Environment Variables
Cron** does not source any startup files**. We then have to add any environment variable to the crontab to use it.
@ -296,7 +296,7 @@ If you want to add an environment variable **for just one cron job**, you could
`20 4 * * * TZ="Europe/Berlin" command`
#### Timezones <a href="#timezones" id="timezones">#</a>
#### Timezones
By default cron uses the system timezone which can be found in the file `/etc/timezone`.
@ -332,7 +332,7 @@ EET HST NZ-CHAT W-SU
EST Hongkong Navajo WET
```
#### Cron Job Permissions <a href="#permissions" id="permissions">#</a>
#### Cron Job Permissions
There are two configuration files to allow or deny users the use of cron jobs.
@ -347,7 +347,7 @@ There are two configuration files to allow or deny users the use of cron jobs.
**In case you want to deny all users** the use of cron jobs, you can either add `ALL` to the `/etc/cron.deny` file or create an empty `/etc/cron.allow` file.
# Cron Jobs Logging <a href="#logging" id="logging">#</a>
# Cron Jobs Logging
The cron daemon writes logs into the following files by default:

24
items/2024-01-14_long_getting-started-with-rsync-comprehensive-guide.md
View file

@ -8,7 +8,7 @@ If you want to transfer files to a remote host, rsync must be installed on both
**Side note:** rsync can be used via `rsh` or as a daemon/server over TCP873, but I won't cover those in this article and concentrate on the transfer over SSH
# Basic File transfer <a href="#basics" id="basics">#</a>
# Basic File transfer
You can transfer files locally, from local to a remote host or from a remote host to your local machine. Unfortunately, you can't transfer files from one remote host to another remote host.
@ -40,13 +40,13 @@ Common options:
: `--archive`/`-a` *# rescursive + keeps all the meta data. Further information in the 'metadata' section*
#### Specify a different SSH port <a href="#specify-ssh-port" id="specify-ssh-port">#</a>
#### Specify a different SSH port
The default TCP port for SSH is `22` but some servers listen on another port. That is not a problem, and you can tell rsync to connect to another port:
`-e "ssh -p 2222"` *# connection to TCP2222 instead of TCP22*
#### Mirroring data <a href="#mirror" id="mirror">#</a>
#### Mirroring data
You can simply mirror a directory to or from a remote host with the `--delete` option. Rsync compares the source and destination directories, and if it finds files in the destination directory that are missing in the source, it will delete those to keep both sides the same. Please use it with caution and start with a dry run.
@ -57,11 +57,11 @@ sending incremental file list
[...]
```
#### Deleting source files after transfer <a href="#deleting-source-data" id="deleting-source-data">#</a>
#### Deleting source files after transfer
The option `--remove-source-files` - as the name already implies - removes all data after transferring the data to the destination. Please use it with caution and start with a dry run.
#### Update-behaviour <a href="#update-behaviour" id="update-behaviour">#</a>
#### Update-behaviour
There are some options to make sure that rsync does not overwrite data on the destination.
@ -73,7 +73,7 @@ Examples:
This can be helpful when the files are used or modified by another application and you don't want to overwrite anything.
# Item Metadata <a href="#metadata" id="metadata">#</a>
# Item Metadata
As mentioned before, rsync does not preserve the media data of a file or directory. You can set various options to decide what you keep.
@ -92,7 +92,7 @@ One of the most common options is `--archive`/`-a`, which will preserve all meta
You can use the `--no-*` syntax to remove single attributes like `--no-perms`.
# Exclude directories and files <a href="#exclusion" id="exclusion">#</a>
# Exclude directories and files
Rsync makes it easy to **exclude files and directories**. I'll show you some examples in the following list.
@ -136,7 +136,7 @@ Common scheme:
Single letter or three letters ending with `ib` like `kib` tells rsync to use the Binary Prefix (multiplied by 1024) - kibibytes, and two letters like `kb` tells rsync to use the Decimal Prefix (multiplied by 1000) - kilobytes.
# Limit transfer bandwidth <a href="#limit-bandwidth" id="limit-bandwidth">#</a>
# Limit transfer bandwidth
Sometimes, it is necessary to limit the transfer speed of rsync. You can do it with `--bwlimit=`, which uses KB/s by default.
@ -146,7 +146,7 @@ Some examples:
: `--bwlimit=1m` *# Limits bandwidth to 1 MB/s*
# Data Compression <a href="#compression" id="compression">#</a>
# Data Compression
You can **choose to compress your data transfer** which is great for slow connections. You can choose to **activate compression** with `--compress`/`-z` and rsync will choose a method for you if you do not specify a method that is compatible with the server side.
@ -168,7 +168,7 @@ Besides the algorithm, you can choose the compression level with `--compress-lev
**Side note:** you can choose `--zl=999999999` to get the maximum compression no matter what algorithm you choose as rsync limits this value silently to the max limit.
# Showing Transfer Progress <a href="#progress" id="progress">#</a>
# Showing Transfer Progress
By default, rsync does not show any progress at all.
@ -214,7 +214,7 @@ This progress is better than nothing, but it can be vague as rsync is still chec
You can use `--stats` to get the transfer results at the end of the transfer.
# Start a dry run <a href="#dry-run" id="dry-run">#</a>
# Start a dry run
**Side note:** the following method can be used to perform an **integraty check**. For example, you used another tool to transfer a large data set, and you want to check if everything was transferred right. You can double-check it with rsync and even correct things.
@ -285,7 +285,7 @@ Explanation of the status of the attribute:
: `?` *# change is unknown, working with old rsync versions*
# Transfer Logging <a href="#logging" id="logging">#</a>
# Transfer Logging
Rsync does not log anything by default. There are multiple ways to do so.

8
items/2024-07-06_long_iperf3-user-authentication-with-password-and-rsa-public-keypair.md
View file

@ -16,7 +16,7 @@ There are some things we have to prepare before we can use the authentication fe
![iperf3 auth overview](/images/blog/iperf3-auth-overview.png)
# Usage <a href="#usage" id="usage">#</a>
# Usage
The following commands are simple examples - the explanation of all the things we need follow in the next sections.
@ -52,7 +52,7 @@ iperf3 -c 10.20.30.91 -p 1337 --username iperf-user --rsa-public-key-path public
As mentioned before, in the next sections we find everything we need to set it up.
# RSA Keypair Generation <a href="#keypair-generation" id="keypair-generation">#</a>
# RSA Keypair Generation
The **RSA keypair is used to encrpyt and decrypt the user credentials**. The client will receive the public key in the `.pem` format and the server side needs the private key in the `.pem` format without a password.
@ -74,7 +74,7 @@ Remove the password from the private key:
[Source](https://man.archlinux.org/man/iperf3.1.en#Authentication_-_RSA_Keypair)
# Authorized Users List <a href="#user-list" id="user-list">#</a>
# Authorized Users List
On the server we need a `.csv` file with the hashed credentials of the user. For our example we are going to use username `iperf-user` and the password `hunter2`.
@ -95,7 +95,7 @@ e8c37ee89b09dd23ec6658a80caaa941df4de8dd946482d861fa37b52338226a -
[Source](https://man.archlinux.org/man/iperf3.1.en#Authentication_-_Authorized_users_configuration_file)
# built with OpenSSL support <a href="#openssl-support" id="openssl-support">#</a>
# built with OpenSSL support
Authentication is only available when both iperf3 installations are built with OpenSSL support. That seems to be the default and the following methods should be enough to check if authentication is available:

18
items/2024-10-15_long_cisco-ise-backup-to-sftp-repository-with-public-key-authentication.md
View file

@ -31,7 +31,7 @@ My setup is explained in the next section.
Some prior Linux knowledge will help you, but I've tried to keep it as simple as possible with additional explanations.
# Overview <a href="#overview" id="overview">#</a>
# Overview
I've replaced some internal data with dummy data. You can find the overview here.
@ -46,7 +46,7 @@ On the ISE, we are mainly working within these two menues.
![ise-1-ise-overview](/images/blog/ise-1-ise-overview.png)
# SFTP Server - Create a backup directory on the SFTP server <a href="#sftp-backup-directory" id="sftp-backup-directory">#</a>
# SFTP Server - Create a backup directory on the SFTP server
We are going to save the backups in the home directory of the SFTP user `ise`. We are going to switch to said directory as root and, create a new directory for the backups, and change the necessary permissions.
@ -73,7 +73,7 @@ root@backup-server:# ll
drwxr-xr-x 2 ise ise 4096 Okt 1 01:11 ise-bk-new
```
# ISE GUI - Create new repository <a href="#ise-gui-repository" id="ise-gui-repository">#</a>
# ISE GUI - Create new repository
Open the GUI of the ISE as an admin and go to the following menu: `System > Maintenance > Repository`.
@ -89,7 +89,7 @@ Finally, enable PKI authentication by checking the box for `Enable PKI authentic
Click save to confirm the creation.
# ISE GUI - Create a new key pair for GUI user <a href="#ise-gui-key" id="ise-gui-key">#</a>
# ISE GUI - Create a new key pair for GUI user
Right after, we create a key pair for this repository/ GUI user and export the public of that key pair.
@ -104,7 +104,7 @@ Next, we will export the public key by choosing the repository again and clickin
![ise-6-export-gui-key](/images/blog/ise-6-export-gui-key.png)
# ISE CLI - Add SFTP server host key to ISE <a href="#ise-cli-hostkey" id="ise-cli-hostkey">#</a>
# ISE CLI - Add SFTP server host key to ISE
> **Important**: In a cluster, this section has to be done on every ISE node so it keeps working after a fail-over! [Source](https://community.cisco.com/t5/network-access-control/ise-nodes-unable-to-see-sftp-repository/m-p/4520332/highlight/true#M571772)
@ -117,7 +117,7 @@ Add the host key of the SFTP server to the ISE with the following command:
You can check if the host key was added with:
: `show crypto host`
# ISE CLI - Create a second key pair in CLI <a href="#ise-cli-key" id="ise-cli-key">#</a>
# ISE CLI - Create a second key pair in CLI
We now have to create another key pair.
@ -139,7 +139,7 @@ Now you need to **download** the second public key in the GUI under `System > Ma
Save it to your computer.
# SFTP Server - change SSH server configuration <a href="#sftp-ssh-config" id="sftp-ssh-config">#</a>
# SFTP Server - change SSH server configuration
So, from my experience, most SSH servers have authentication via public key disabled by default. We have to check it and might have to change some configurations.
@ -172,7 +172,7 @@ HostKey /etc/ssh/ssh_host_rsa_key
As a reference and troubleshooting tips: [SSH - How to use public key authentication on Linux](https://ittavern.com/ssh-how-to-use-public-key-authentication-on-linux/)
# SFTP Server - add public keys to authorized_keys file <a href="#sftp-authorized_keys" id="sftp-authorized_keys">#</a>
# SFTP Server - add public keys to authorized_keys file
So, we've created our key pairs on the ISE. We now have to make sure that the SFTP server trusts these.
@ -196,7 +196,7 @@ Now, we have to add the content of the public keys into the `authorized_keys` fi
You can use the CLI text editor `nano` to do so, but feel free to use your favorite method. Alternatives: WinSCP, `ssh-copy-id`
# ISE GUI - Test your setup <a href="#testing" id="testing">#</a>
# ISE GUI - Test your setup
There are two simple ways to confirm that it is working.

12
items/2025-10-26_page_tools.md
View file

@ -21,7 +21,7 @@
<details>
<summary class="summary-service"><b><span style="color: green;"><strong>NEW</strong></span> <a href="https://itt.sh">itt.sh</a></b><br>Link shortener with QR code generation.<br><span class="light-gray">click to unfold</span></summary>
## [itt.sh](https://itt.sh/) <a href="#itt.sh" id="itt.sh">#</a> - Flink
## [itt.sh](https://itt.sh/) - Flink
Links:
: [itt.sh](https://itt.sh/)
@ -32,7 +32,7 @@ Links:
<details>
<summary class="summary-service"><b><span style="color: green;"><strong>NEW</strong></span> <a href="https://convert.ittavern.com">convert.ittavern.com</a></b><br>Converts all kinds of formats - PLEASE NOTE: Videos are currently send to a third party server as it is not part of the current container. I'll try to implement their solution at some point.<br><span class="light-gray">click to unfold</span></summary>
## [convert.ittavern.com](https://convert.ittavern.com/) <a href="#convert.ittavern.com" id="convert.ittavern.com">#</a> - vert.sh
## [convert.ittavern.com](https://convert.ittavern.com/) - vert.sh
Links:
: [convert.ittavern.com](https://convert.ittavern.com/)
@ -45,7 +45,7 @@ Links:
<details>
<summary class="summary-service"><b><a href="https://share.ittavern.com">share.ittavern.com</a></b><br>securely sharing of passwords, code, snippets and files up to 30MB for a limited time<br><span class="light-gray">click to unfold</span></summary>
## [share.ittavern.com](https://share.ittavern.com/) <a href="#share.ittavern.com" id="share.ittavern.com">#</a> - PrivateBin
## [share.ittavern.com](https://share.ittavern.com/) - PrivateBin
Links:
: [share.ittavern.com](https://share.ittavern.com/)
@ -57,7 +57,7 @@ Links:
<details>
<summary class="summary-service"><b><a href="https://ntfy.ittavern.com">ntfy.ittavern.com</a></b><br>Open push notifcation platform for your devices<br><span class="light-gray">click to unfold</span></summary>
## [ntfy.ittavern.com](https://ntfy.ittavern.com/) <a href="#ntfy.ittavern.com" id="ntfy.ittavern.com">#</a> - ntfy
## [ntfy.ittavern.com](https://ntfy.ittavern.com/) - ntfy
Links:
: [ntfy.ittavern.com](https://ntfy.ittavern.com/)
@ -70,7 +70,7 @@ Links:
<details>
<summary class="summary-service"><b><a href="https://cc.ittavern.com">cc.ittavern.com - CyberChef</a></b><br>The Cyber Swiss Army Knife<br><span class="light-gray">click to unfold</span></summary>
## [cc.ittavern.com](https://cc.ittavern.com/) <a href="#cc.ittavern.com" id="cc.ittavern.com">#</a> - CyberChef
## [cc.ittavern.com](https://cc.ittavern.com/) - CyberChef
Links:
: [cc.ittavern.com](https://cc.ittavern.com/)
@ -81,7 +81,7 @@ Links:
<details>
<summary class="summary-service"><b><a href="https://draw.ittavern.com">draw.ittavern.com - draw.io</a></b><br>whiteboarding / diagramming software application<br><span class="light-gray">click to unfold</span></summary>
## [draw.ittavern.com](https://draw.ittavern.com/) <a href="#draw.ittavern.com" id="draw.ittavern.com">#</a> - Draw.io Instance
## [draw.ittavern.com](https://draw.ittavern.com/) - Draw.io Instance
Links:
: [draw.ittavern.com](https://draw.ittavern.com/)