Skip to content

Blog

  • 4 min read

Setting Up a Pihole Docker

pihole-chacho

For some easy-listening learning, I often turn to NetworkChuck's YouTube channel. Recently, I decided to set up Pi-hole, a network-wide ad and tracker blocking application that acts as a DNS sinkhole and optionally as a DHCP server. However, Chuck's video used a Pi-hole image that wasn't ARM architecture compatible. I modified it, pulled the regular pihole/pihole:latest image, and then watched Brandon Lee's VirtualizationHowTo channel for additional insights. Here are my notes from this process:

Option 1: Create the Pihole Container

docker run -dit -p 53:53/tcp -p 53:53/udp -p 80:80 -p 443:443     -v "$(pwd)/etc-pihole:/etc/pihole:z" -v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d:z" --name chacho_pihole pihole/pihole:latest
Explanation:
1. We are running the container with the latest version of Pi-hole, naming it chacho_pihole.
2. Port forwarding is set up so the host forwards traffic to the Pi-hole container. Note: On macOS, mDNSResponder may use port 53 (and possibly 5353). In that case, use an alternative port like 5399 for the host while keeping port 53 for the container.
3. We are mounting two volumes from the current working directory to the container's directories.

Once this container is spun up, and in a healthy status (docker ps to check this), we're ready to visit the Pi-hole interface. Open up a browser and use your docker host IP address like so: 

http://10.2.3.4/admin
  • 4 min read
Draft

Pentesting a Linux Server

linuxPentest The first, most logical thing to find out is for what purpose the server is being used. This, along with other basic information guides the rest of the test.

1. Recon

dig example.com

whois

OSINT

git clone https://github.com/laramies/theHarvester.git

2. Scanning & Enum

If scanning a whole network, find out who is up first: 

nmap -sn 192.168.1.0/24 -oG - | awk '/Up$/{print $2}' > active_hosts.txt
Then scan only those hosts to learn which services are running and which common ports are open. 
nmap -sV -iL active_hosts.txt
Further scanning or targeted scanning may also necessitate running default scripts and if it is a webserver, perhaps also run the --script http-enum script.
nmap -sC --script http-enum 192.168.1.10
  • 3 min read

First Capture-the-Flag

ctf-chacho

A couple of months ago, I was invited to join a team to compete in a capture-the-flag event. Having only joined the cybersecurity community a year and a half ago, the invitation was both appreciated and a bit intimidating. Would I be able to contribute something of value? What if I didn't know how to do anything? What if it showed everyone how much I didn't understand?

* screech the brakes *
Curiosity is the antidote to imposter syndrome. When you care more about learning what you need to know than what people think about you, its a game-changer. So armed with my tenacity for learning and the goal of finding out where my strengths might lie in such an event, I accepted the invite.

  • 4 min read
Draft

Flag Swapping for CTF

cyberflag

This was for an exercise I participated in where we thought we would need a way defend our servers against flags from other teams. I created a couple of scripts and then combined them into an iterative script to make it easier to execute once on the box so I wouldn't forget to change specific variables.

  • 7 min read

Fail2Ban Primer

fail2ban

Fail2Ban is a log-parsing application that monitors system logs for symptoms of an automated attack on your server, and it bans offending IPs automatically by updating firewall rules to prevent further breaches. Fail2Ban is configured through jail files located in /etc/fail2ban. It comes with a default configuration file (jail.conf) which should not be edited directly, as it may be overwritten by package upgrades. Instead, create a local copy to override the defaults.

1. Configure Fail2Ban

a. Create a Local Configuration File: 

sudo cp /etc/fail2ban/jail.{conf,local}

b. Edit the Local Configuration File: 

sudo nano /etc/fail2ban/jail.local

  • 5 min read
Draft

Hardening a Linux Server

hardenLinux

1. Recon First

For a CTF, Grab n Crack

Grab the Hashes for Cracking (swap out the IP)

scp root@server_ip:/etc/passwd ./passwd
scp root@server_ip:/etc/shadow ./shadow

Unshadow

unshadow passwd shadow > combined.txt

Run John

john combined.txt

Review and Note

john --show combined.txt

SSH in and Change Passwords

ssh root@server_ip

passwd username

Document Normal Running Processes

ps aux > processes.txt

OS Info

cat /etc/os-release

2. Least Privilege

Review Current Permissions

Audit the current user accounts, groups, and their permissions on each server. 

cat /etc/passwd
or 
getent passwd

Checking GUID/SUID files
find / -perm -4000 -type f 2>/dev/null
  • 3 min read
Draft

Hardening a Windows Server

hardenWindows

1. Least Privilege

Review Current Permissions

Audit the current user accounts, groups, and their permissions on each server. 

Get-LocalUser

Adjust Permissions

Adjust the permissions so that users and services have only the necessary rights to perform their duties. In Windows, you can manage user permissions through the Local Users and Groups Manager or PowerShell.

Remove or Disable Unnecessary Accounts

Identify accounts that are no longer in use or unnecessary.

Remove User 

Remove-LocalUser -Name "ExampleUser"

Disable User 

Disable-LocalUser -Name "ExampleUser"

  • 12 min read

Harnessing Wireshark

harnessingwireshark

Background

The ability to effectively analyze network traffic is critical for maintaining security, troubleshooting issues, and optimizing performance. Crafting a tailored Wireshark setup that aligns with specific analysis goals and preferences can significantly enhance efficiency and effectiveness in packet capture analysis. In this post, I'll review some of the basic customization options including display filters, protocol dissectors, and advanced display configurations. These allow users to streamline workflows, focus on pertinent information, and uncover insights that may otherwise remain obscured. In the following walkthrough, we will explore how to set up Wireshark to suit distinct analysis needs.

Downloading Wireshark

Linux
Debian/Ubuntu
sudo apt install wireshark
Fedora
sudo dnf install wireshark
Arch Linux
sudo pacman -S wireshark
GUI Install Option

Wireshark

Windows

Wireshark

macOS

If you don't have Homebrew installed: 

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Once you've successfully installed Homebrew: 
brew install wireshark

GUI Install Option

Wireshark

  • 2 min read

Virtual Environments

venv-chacho Using a virtual environment (venv) in Python creates an isolated spaces for projects. Isolation ensures that each project has its own dependencies, regardless of what dependencies other projects might have.

Why Use venv?

1. Dependency Management

Different projects may require different versions of libraries. Virtual environments allow you to manage these dependencies separately, avoiding conflicts.

2. Project Isolation

By isolating your project environment, you ensure that global package updates or changes in one project do not break or affect other projects.

  • 11 min read

QUIC Protocol

flash-chacho

QUIC (Quick UDP Internet Connections) is a modern transport layer network protocol designed to improve the performance of applications running over the Internet. Developed by Google and standardized by the Internet Engineering Task Force (IETF), QUIC addresses some of the performance and security shortcomings of traditional protocols such as TCP and TLS/SSL. Here's a primer on its key features, benefits, and uses:

Key Features

Multiplexed Connections

Supports multiple streams over a single connection, which helps reduce latency and prevents the "head-of-line blocking" issue that can occur in TCP when packet loss happens.

Built-in Encryption

Incorportes encryption by default with TLS 1.3, ensuring that data is secure from the onset of communication, reducing the number of round trips needed for handshake completion.

Improved Connection Establishment

Aims to reduce connection establishment time. In some cases, it can establish a connection and secure data transfer with zero round-trip time (0-RTT) compared to TCP's 1-RTT plus an additional round-trip for TLS handshake.

Connection Migration

Supports connection mobility, which means it can maintain a connection even if a client's IP address changes, benefiting mobile devices that switch between different networks.