Posted by jpluimers on 2017/03/06
In case you manually want to configure or have a web-server that’s not supported by certbot for letsencrypt (yet): Generate Mozilla Security Recommended Web Server Configuration Files.
At the time of writing, these were supported by the generator (* were not supported by certbot for letsencrypt yet):
–jeroen
via: Feature request: admin web interface over HTTPS · Issue #630 · pi-hole/pi-hole
Posted in *nix, *nix-tools, Apache2, Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »
Posted by jpluimers on 2017/03/06
I needed the current IP-addresses of the gmail MX server (don’t ask the details; but it has to do with the brain-dead TP-LINK ER5120 configuration possibilities).
This is the command I finally used:
dig @8.8.8.8 +short MX gmail.com | sed "s/^[0-9]* //g" | sed "s/.$//" | xargs -I {} dig @8.8.8.8 +short {} | uniq | sort
Basically it’s a three stage sequence which had to work on OS X as well as Linux using a bash shell:
The basics of the above are about using dig to get short (or terse) answers with as little (but still to the point) information as possible.
Read the rest of this entry »
Posted in *nix, *nix-tools, Power User | 1 Comment »
Posted by jpluimers on 2017/03/06
DNS traffic within corporate networks should also be considered a channel that an attacker can use to implement a fully functional, bidirectional C2 infrastructure.
Source: [WayBack] Cisco’s Talos Intelligence Group Blog: Covert Channels and Poor Decisions: The Tale of DNSMessenger
–jeroen
Posted in DNS, Internet, Power User, Security | Leave a Comment »
