Compile Static Binaries
Creating static binaries easily, repeatably, and on your own.
Blog
Clipboard Snooping (X11 and Wayland)
This post takes a look at what's possible in terms of "clipboard snooping" or stealing and setting content to the clipboard in both, X11 and Wayland display servers on Linux.
Network Commands
This post is meant to be a single point of reference for all of the random ways of interacting with and diagnosing network(s) from a machine.
It was started after spending a significant amount of time working in packer, across both the Debian and Red Hat family OS's. There are so many ways to handle networking it's hard to remember these notes when I don't have access to them, and each tool had a dedicated page that has been built upon for 5+ years. Porting each of these notes to this page is an opportunity to clean up, review, and expand on each tool (and add new ones).
As of the latest update, this includes Linux (Debian / RedHat), BSD (pfSense), and Windows.
rsync
The fast, versatile, remote (and local) file-copying tool. It operates using deltas and by looking at properties to only update parts of files that have changed, making it incredibly efficient and invaluable as a part of a regular or scheduled backup operation. I have used this tool to ensure local, remote, and external copies of directories are in sync, or to identify what has changed.
CI/CD
Continuous Integration, Continuous Deployment
Improve the quality and security of your code using CI/CD workflows. This is best summarized in GitHub's Quickstart for Securing Repos.
Linting Code
Linting is running documented checks to statically analyze code for common mistakes and errors.
It can also be a great way to learn a new programming language as you'll be pointed to coding conventions, often in the form of the problematic code snippet, suggestions on how to refactor it, and the reasoning behind why.
Not every language has a standard linter, and some languages have multiple linters that are popular to use.
This guide is meant to get you started with linting, from "how to install" to "how to use" linters. It contains examples for both interactive CLI and automated CI/CD-focused workflows in Python, bash, PowerShell, Ansible, Packer, Terraform, with more to be added over time.
Additional Resources
The following resources will be useful if you're getting started with linting or CI/CD.
KVM (Kernel-based Virtual Machine)
KVM is a type 1 hypervisor technology built into the Linux kernel, using components like QEMU, libvirt, and virt-manager to orchestrate virtual machines. This reference aims to cover everything you'd need to have a basic understanding of KVM and QEMU, how to use virt-manager, networking configuration options, and the various components such as SPICE.
virt-manageracts as one possible GUI / CLI frontend to managing VM's.qemuis the virtualization / emulation technology that technologies like virt-manager call to run VM's.- QEMU can be used via the CLI on its own.
KVM relates to QEMU when you run VM's with hardware acceleration rather than pure software emulation, KVM provides the hardware translation and acceleration component. This is the difference when starting VM's with kvm instead of qemu-system-x86_64.
kvm is the equivalent of running qemu-system-x86_64 -machine accel=kvm:tcg (see man kvm).
libvirt is an API, daemon, and management tool that ties all of the components you want to use together, and is used by KVM, Xen, VMware ESXi, and QEMU when performing virtualization tasks.
nzyme x [ Raspberry Pi + Proxmox + Tailscale]
This guide walks through deploying nzyme on a Raspberry Pi (4B or 5) leveraging autoconfiguration tools available on each system. For Raspberry Pi OS this includes writing additional files into the bootfs and rootfs partitions. For Ubuntu server images cloud-init or Ansible could be used.
The result is nzyme running as either a stand-alone system, or as a distributed node + tap where the nzyme-node lives on a server like Proxmox with the nzyme-tap sending data back to it from the external Raspberry Pi. Tailscale is also brought into focus for secure remote access.
This guide doesn't offer anything new in terms of nzyme usage that the official documentation doesn't already answer, but more of what you might run into and steps on how to achieve certain deployments if your goal is anything like what's described below.
Proxmox
Get started with Proxmox. Installation considerations, networking, disk encryption options, and migrating existing virtual machines.
Everything's presented in a useful order to follow if you're used to Hyper-V, VMware Workstation, or VirtualBox and want to jump in by moving to a Proxmox server.
What's most interesting about Proxmox is the Web UI gives you full console and GUI (yes, GUI desktop) access to your VM's through either noVNC or SPICE, even via a smart phone.
Wazuh all your things with Tailscale
This guide shows you how to get a Wazuh instance running over Tailscale on both Windows and Linux, using Sysmon(+forLinux), auditd, and all the tweaks you'll want to get started. This is ideal for a low resource, low budget, or lab scenario. You could eventually migrate this Wazuh data to a distributed cluster (proxmox), or real hardware if you grow with it.
BIND9 DNS
How to install, maintain, and run a BIND9 DNS server (named). Covers building from source, configuring, hardening, and DNS over TLS as well as DNSSEC.
Get Started with PowerSTIG
Use PowerSTIG to automate STIG compliance across a number of items like WindowsServer, IIS, Adobe, Chrome, RHEL, Ubuntu, Vsphere, SqlServer, and more, while maintaining documentation of the state as a PowerShell configuration file. This is similar to my approach of using Ansible tags to maintain and combine machine states.
Atomic Red Team x Unix Artifacts Collector
An overview of spinning up a test environment, and extracting evidence from any unix-like endpoint. This is mostly for personal reference, as it's just pointing to all the existing (and vast) documentation in a sequence that's useful for me -- and hopefully for you as well.
Custom Shell Profiles
Working with and customizing shell profiles.
OpenSCAP Practical Usage
Install OpenSCAP, pull compliance profiles from GitHub/ComplianceAsCode, debug policies with Ansible's -C and -D options, apply, test, and maintain policies with Ansible tags.
AIDE (Advanced Intrusion Detection Environment)
How to set up aide for filesystem integrity monitoring and do basic tuning of the configuration.
Triage auditd logs with check-auditd
Recently updated to mirror and support ausearch arguments. This post showcases those changes and how the tool works.
Windows
Various configuration settings and notes for Microsoft Windows operating systems.
flatpak
An overview of using and configuring flatpak. Flatpak is a packaging system for unix-like machines, and also a security sandboxing system.
OpenWrt
This guide includes details for installing and running OpenWrt on UniFi AP's as well as Raspberry Pis and even as a virtual machine.
Because it's so flexible in its deployment, there are examples for different use cases included. For instance Tailscale can be leveraged for easy remote administration from anywhere including your mobile device thanks to the Web UI if that's important to you. Generally this guide approaches OpenWrt as a way to provide WiFi to networks where pfSense (or another upstream device) is the primary firewall router.
There's a detailed list of reference links at the top to keep in mind as you read through, and each step tries to include useful copy-and-paste ready commands for operations you may need to repeat every time you go through the process being described.
snap
Notes related to the snap package manager.
bitwarden
Notes related to the bitwarden password manager.
pfSense administration
A quick reference for pfSense administration.
Nessus
What does this post cover?
Nessus is possibly the most well-known vulnerability scanner out there. It was originally open source before going closed source / commercial. At that point, development split off into the OpenVAS project.
Having tried OpenVAS first, after configuring and setting it up, it was clear when moving over to Nessus, that also had similar processes to install and configure it. For example, back when these notes were taken, the web interface was accessible from any network interface by default (this still appears to be the case). There's also a setting related to checking the signatures of the scanner plugins after downloading which wasn't often talked about.
Installing Nessus regularly was more or less required for a number of pentesting courses, so this page was created to document those steps a long time ago. This is just a port of those notes with some review of the currrent documentation.
Snapshot in Time
These are my notes from 2022 and earlier on setting up Nessus in a lab environment. They may be outdated, and were only checked against the latest documentation when porting to this blog post. They have not been tested.
⭐ Resources
Information, compiled for easy reference.
CI/CD Your Notes
This set of links and notes has been my longest running note file, originally started back in cherrytree before making its way to this page.
The idea has been to create a searchable location pointing to each of these things, sorted by category, and with notes around them. This is currently a work in progess as entries need to be reformatted and updated as they move from my notes onto this page.