Home | FyhTech

HackADay: Let's make a Nukestation

Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...

Wipe a disk using nwipe

Darkik's Boot and Nuke(DBAN) is an open-source programm for securely wipe hard drives but reached it's end of life. There is a fork called nwipe. On Debian it can be easily installed by calling "apt-get install nwipe" and works almost the same like dban.

What if dnsmasq and ubound marry?

Dnsmasq is a great piece of software. Described in few words I would say that it is a dns-forwarder, dhcp-server and tftp-server. I like the way dnsmasq can be configured. A-Records can be created by simply adding entries in /etc/hosts and I define dhcp-hosts by adding lines in /etc/ethers. But we live in very strange times. Google-DNS, Cloudflare-DNS and QUAD9 are open dns servers, but might spy on us(if a service is free to use in the internet, then we might not be the customer but the product). All the DNS-resolvers of our ISP aren't trustworthy either since the EU already decided to force ISP's to block sites. But blocking sites might not be the only problem. The one who controlls your dns-requests, is also able to route your traffic which could be used for Man-in-the-middle-attacks to gain control. So I decided to install a dns-recursor in my network. Dnsmasq does its jobs satisfyingly but it needs another dns-recursor. That's why I want to add a recursor and use it together with dnsmasq. A very handy dns-recursor is unbound. It's easy to configure and does DNSsec.

Suricata: stack-based buffer-overflow in ParseFilename

Overview

System affected: suricata
Software-Version: prior to 4.1
Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.

Remote-Code-Execution in Suricata-Update

Overview

System affected: Suricata-Update
Software-Version: 1.0.0a1
User-Interaction: Not required
Impact: Remote-Code-Execution

Detailed Description

The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function which could lead to remote code execution.

34c3: TUWAT!

34c3

Merry Christmas

I wish you a merry Christmas, beautiful holidays and a happy new year.

Suricata-Update: a smart update-script for suricata-rules

Last week OISF announced a new tool called suricata-update. It's a smart tool for updating suricata rules from remote sources like Emerging Threats. It's works similar to oinkmaster or pulledpork. The main advantage is that it works great with suricata, makes backup of previous rulesets and tests the rules before applying them. Yesterday it reminded me about deprecated options in my suricata-configuration because of the tests it runs(suricata -T).

Improving suricatas configuration-parser

I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.

Bash-Insulter: insults you after typing a wrong command

If you type in a wrong command, bash-insulter will insult you badly.