QEMU/KVM web ui : Cockpit pt2: Network configuration

    I have a couple concerns with Cockpit currently. The first being the web ui defaulting to http vs secure https. I know the fix will be to create self-signed certificate(s) and place in correct directory.

    The second issue is Cockpit isn't reporting as having internet access. I'll tackle issue #2 1st. After reviewing the app documentation and github issues I was able to quickly figure out that Cockpit was looking for NetworkManager as the default renderer. Many options available were work arounds. I opted to specify a directive in a created netplan

    version: 2
    renderer: NetworkManager

    Apply newly created netplan:$ sudo netplan apply

    Restart cockpit:$ sudo systemctl restart cockpit

    One problem solved. Cockpit is now able to recognize the network connection and proceed with updates as need via WebUI button pressing

  • A Buford
  • Aug, 2022

How do you update so fast?! : A YouTube subscriber question.

    I have a script for that. A raspberry pi also.

    I use rsync on my 'staging' server along with a cronjob to sync with my public VM instance every [blank] number of hours. I also have a raspberry pi that works as a 'key', in conjunction with a modified version of a script I created called Mactroller that will update the website(s) once plugged in and detected on the LAN.

    Opsec: 0 / Public_satisfaction: 1

    Oh! I almost forgot. New page banner added.

    The old banners can be viewed with a little URL tampering. Try it out! Be brave! Warning: Rate-limits do exist.

  • A Buford
  • Aug, 2022

QEMU/KVM web ui : Cockpit

    As of recently I have started to use a Windows PC very frequently. Well.. more frequently than my Ubuntu box. I quickly realized the downsides when attempting to manage linux VMs. Kimchi was more work than it was worth. VMDashboard didn't have enough documentation to make me comfortable and firing up an Ubuntu laptop just to start a VM wasn't cutting it.

    I came across an option that handles it all just fine. Cockpit. It only took me 10 minutes of REAL research to find it. Live-and-learn. Before you plan on building something it is a good idea to "google it" thoroughly to make sure somebody else didn't already.

    $ sudo apt-get install cockpit cockpit-manager -y

    $ sudo systemctl cockpit start

    Then navigate to [ip of host cockpit was installed on]:9090 and enter user login credentials

    Cockpit is a web-based graphical interface for servers

    Documentation for cockpit installation available here.

  • A Buford
  • Aug, 2022

Hak4Kids badge @Blue Team Con 20222 finished

    I was able to get around to finishing this Hak4Kids badge this am. This thing sure is a beauty! Assembly instructions are available here

    Great organization. Check them out at hak4kids.com

  • A Buford
  • Aug, 2022

Cooler Master MasterLiquid ML240 CPU Cooler disassembly for replacement

Moving projects to VMs and containers: Reinstalling base system on 'Shadowmoon' server.

    First. I need to download a new OS and flash to USB. I decided to go with Ubuntu Server 22.04 LTS which will be supported until early 2032. DL: https://mirrors.xtom.com/ubuntu-releases/22.04.1/ubuntu-22.04.1-live-server-amd64.iso

    All buttoned up and ready to go.

    All drives are recognized upon boot via /etc/fstab automount

  • A Buford
  • Aug, 2022

Mobsf vs Albert Heijn supermarkt 8.23.3 (arm64-v8a)

    Decided to run another apk through MobSF. This is definitely a platform to become familiar with given that attack vectors are starting to make a HUGE pivot to IOT and mobile devices.

    Most issues with this application, per the pdf generated report, were due to the accesibility of aliases from alt programs and location permissions.

    On to the next one.

  • A. Buford
  • Aug, 2022

Blue Team Conference 2022

    This weekend, August 27th 2022, I will be attending Blue Team Con in Chicago IL. I hope to see some of your faces there! If you see me say "howdy".

  • A Buford
  • Aug, 2022

Moving projects to VMs and containers: Metasploitable

    First. I needed to convert the vmware vmdk file to a kvm/qemu qwoc2 file.

    qemu-img convert -f vmdk -O qcow2 Metasploitable.vmdk Metasploitable.qcow2

    Second. Move new converted image to, 'trae', VM host machine.

    scp Metasploitable.qcow2 trae@

    Finally, we just need to make sure it installs as it should!

    We are all good to go! Metasploitable with DVWA already configured for a practice lab

  • A Buford
  • Aug, 2022

Moving projects to VMs and containers: DOODS

    To install docker on DOODS vm

    sudo apt update
    sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    sudo apt update
    sudo apt install docker-ce docker-ce-cli containerd.io
    sudo apt update
    apt list -a docker-ce
    sudo apt install docker-ce= docker-ce-cli= containerd.io
    sudo systemctl status docker
    sudo usermod -aG docker $USER

    And then run DOODS docker

    docker run -it -p 8080:8080 snowzach/doods2:latest

    Also, thank you. To all of you that support me.

  • A Buford
  • Aug, 2022

CompTia CySA+ [pt2]

    The study guide is a total of 16 chapters. I'll pace myself at a Chapter and a practice test for every 2-3 days once i'm back at 100%.

  • A Buford
  • Aug, 2022

CompTia CySA+

    I have decided to make this the next one to accomplish. I will post my learning progress here just as I did with the Cloud+ Exam. Once I receive my ordered materials I will also advise on how I plan to break down the study of it. That means most rabbit hole projects will be on hold for a little while.

    I tested positive for Covid. I can already feel a storm brewing. I'm going to be down and out for a while.

  • A. Buford
  • Aug, 2022

"I have wanted to go since grade school" | BHUSA2022

    I finally did it! I went to Blackhat USA. The experience was more than I could have ever imagined. There were ups, downs, and it was a lot of physical and intellectual work. Hearts were broken, then pieced together. The Conference Associates put in work! Any show of this magnitude would require it in order to make it flow as smoothly as it did. It wasn't until the flight back to Chicago that I grinned and said, "that was fun". I left Blackhat feeling stronger, smarter, less of an imposter (syndrome), and ready for growth. Over the course of a few days, I had the opportunity to meet peers that I had never before seen in real life! It reminded me of the old IRC days. You know, back when meeting up was 'rare' but speaking daily was common.

    I did a lot of walking but, to say "it was worth it" would be an understatement. I was able to speak on new vulnerabilities at a technical level and learn about the projects people were working on. Away from work. The infosec community is the true definition of '6 degrees of separation'. Everybody knows every other person through somebody else, and 97% of the time it was the result of a positive previous interaction. The ability to communicate with other information security professionals, from all over the world, has really given me a greater appreciation for 'where' people come from and what those unique perspectives add to the community overall.

    Unique cultural and social experiences intertwined with security create a repository of knowledge that is extremely relevant and 'in the ballpark' when new attack vectors are developed. Some conferences acknowledge these communities within a community, on con days, with "villages" and themed social events. Communication is one of the greatest assets of the information security culture. The deeper you dive into security, the more 'niche' topics become. The only way to fill those niche gaps is by having a diverse pool of candidates in the pipelines.

    [When I needed 'off feet' time I was able to assist with the session chat monitoring. Great conversations were had with all the people in this room. Mark included!']

    [National Cyber League dinner;]

    [Rapid-7 event : We 'captured' our buttons and had a great time.[Jose, Paul, Erik pictured {CCC CA Spring 2022/National Cyber League Team}]

    At the end of it all I was able to add some new badges to my collection and a challenge coin.

    Unfortunately I was not able to stay for the DEFCON Conference.

    This is the closest i'll get to DEFCON this year.

    [Erik, Yo, Charlotte, Paul pictured {CCC CA Spring 2022/National Cyber League Team}]

    [Erik, Yo, Jose, Paul pictured {CCC CA Spring 2022/National Cyber League Team}]

    [City Colleges of Chicago Cyber Security Career Accelerator Class of Spring 2022 --image coming soon]

    My goal is to align myself, professionally, so that these events are more relavent and more beneficial to my career development while simultaniously making meaningful NEW relationships and connections. I'm going to do better and be better! Thank you Alyssa Miller. Thank you Mishaal Khan.


    Special thanks to Casey w/ Blackhat, Chris Lemon: My CCC CA instructor and NCL coach, and all City Colleges of Chicago classmates and program organizers! I will be forever grateful for the opportunities and experiences.

    City Colleges of Chicago: Take notice of the successes and opportunities created by your unique approach to cybersecurity programs. These programs are created and continually refactored by individuals that do a lot more than what can be documented or quantified. I have many "CCC" CompTIA IT certifications and have said thank you louder than the schools ever have to the facilitators [IMO]. Retain talent. Retain the community. Build up. This is the future of education.

  • A. Buford
  • Aug, 2022

"We need to watch ads to play together"

    That is what is required for the game, 'Team Sonic Racing', to allow two separate iPads to cross-play. The watching of ads essentially renews a token lease. Pi-hole was not allowing that. I implemented a 30 minute window for my son to do what he needed. Right away the situation reminded me of 'work' with access controls and application whitelisting. The lines that once separated a home network admin and a small business admin are starting to blur due to the number of devices on the average network.

    Did you ever imagine a home LAN looking like this?!

    I did and I love it.

  • A. Buford
  • Aug, 2022

Winner for the most used command

    During a morning meditation a thought came and went. "What is my most used command liner?"

    Very quickly I thought about how often I use sed. The idea was most likely sparted by a conversation I had with my brother. I was doing my best to explain the power of the command line interface (CLI).

    cat [filename] | sed 's/"//g' > [new-filename]

    "Read out the contents of this file and pass it to 'sed'. Hey 'sed'! Replace all the quotation marks with no character". I use it almost daily. $1 if you can guess correctly what it is used for AND why it would be considered abuse.

  • A. Buford
  • Aug, 2022

Samsung Galaxy A53 Case 3d Printed

    I woke up to a finished 3d printed phone case. The fit was a little too tight for my liking near the volume and power buttons. Tinkercad cannot edit a file this large so it was time to start learning FreeCAD. It reminds me of the old drafting days in high school at Lane Tech.

    I learned very quickly that a mesh with 185,929 points, 558,111 edges, and 372,073 faces was not going to be a simple mod. FreeCAD and MeshLab softwares were not having it. Anything over 100,000 can be an issue based on forum research. Essentially, I would be reverse engineering a phone case to be more simple and then printing several versions until I liked the final design. When that amount of effort is involved it is more time efficient to design from the ground up.

    I really want the case to be a 1-piece unit but it seems like that will not be possible unless I use a filament that is has more 'give' than PLA+. I want a case by today(ish) and at this point buying a case would cost less than production of a modified version. Hi Amazon.

  • A. Buford
  • Aug, 2022

Mobile Security Framework (MobSF)[cont]

    I did some more scanning of APK files on APKMirror. No real focus. Goal was to understand the tools' static analysis capabilites and see how well it performed on a VM. I am noticing quite a few hardcoded passwords and keys. I get the opportunity to translate a few different languages in the process. Another tool for the CTF arsenal.

  • A. Buford
  • Aug, 2022

See you at Blackhat : The Conference Associates program

    I will be attending Blackhat 2022 as part of the Conference Associates Program.

    Black Hat's Conference Associate (CA) program is designed to offer information security enthusiasts with an opportunity to connect with researchers and the Black Hat community while serving as support staff for the conference. CA's have the opportunity to liaison with speakers, work in the Network Operations Center (NOC), learn the ins and outs of producing the conference, attend DEF CON and more.

    If you see me say "howdy". I look forward to meeting quite a few people next week! If we take a picture together it will be added to the gallery.


  • A. Buford
  • Aug, 2022

Mobile Security Framework (MobSF)

    I don't believe in coincidences and 3 times in one day I was reminded of 'vehicle API vulnerabilities'.

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

    I have had it installed for a little while now and am going to give it some more attention. I wonder what specific work and CTF applications this will come in handy for.

    Until then i'll continue backburner research on the usb microscope software and other randomness.

    I will be following Alissa Knight's Shadow Academy while doing so!

  • A. Buford
  • Aug, 2022