4
Protecting OpenWrt using CrowdSec (via Syslog) (kroon.email)
submitted 1 week ago by 0bs1d1an@infosec.pub to c/netsec@lemmy.world
0 comments fedilink

cross-posted from: https://infosec.pub/post/36928579

Here's how to set up CrowdSec to protect your OpenWrt router.

Running the Security Engine in Docker (server), forwarding logs via Syslog, and using the lightweight firewall bouncer on the router.

Result: community-powered IPS on tiny hardware 🚀

24
Protecting OpenWrt using CrowdSec (via Syslog) (kroon.email)
submitted 1 week ago by 0bs1d1an@infosec.pub to c/selfhosted@lemmy.world
0 comments fedilink

cross-posted from: https://infosec.pub/post/36928579

Here's how to set up CrowdSec to protect your OpenWrt router.

Running the Security Engine in Docker (server), forwarding logs via Syslog, and using the lightweight firewall bouncer on the router.

Result: community-powered IPS on tiny hardware 🚀

4
Protecting OpenWrt using CrowdSec (via Syslog) (kroon.email)
submitted 1 week ago* (last edited 1 week ago) by 0bs1d1an@infosec.pub to c/openwrt@lemdro.id
0 comments fedilink

Here's how to set up CrowdSec to protect your OpenWrt router.

Running the Security Engine in Docker (server), forwarding logs via Syslog, and using the lightweight firewall bouncer on the router.

Result: community-powered IPS on tiny hardware 🚀

Tunneling WireGuard over HTTPS using Wstunnel by 0bs1d1an in c/netsec@lemmy.world
[-] 0bs1d1an@infosec.pub 2 points 2 weeks ago

Does https://pq.cloudflareresearch.com/ confirm your browser is using X25519MLKEM768?

Tunneling WireGuard over HTTPS using Wstunnel by 0bs1d1an in c/netsec@lemmy.world
[-] 0bs1d1an@infosec.pub 1 points 2 weeks ago

Are you sure you're using an up to date browser? My server is using TLS 1.3 with x25519mlkem768. Most browsers should support this KEM already.

18
Tunneling WireGuard over HTTPS using Wstunnel (kroon.email)
submitted 2 weeks ago by 0bs1d1an@infosec.pub to c/netsec@lemmy.world
8 comments fedilink

WireGuard is a great VPN protocol. However, you may come across networks blocking VPN connections, sometimes including WireGuard. For such cases, try tunneling WireGuard over HTTPS, which is typically (far) less often blocked. Here's how to do so, using Wstunnel.

Using Molly (Signal) with UnifiedPush by 0bs1d1an in c/selfhosted@lemmy.world
[-] 0bs1d1an@infosec.pub 3 points 2 weeks ago

I sadly haven't tracked precise battery usage for both Signal and Molly, to properly compare. I do believe it easily saves me 10 percent on my daily battery life, though.

Thanks for subscribing! :-)

Using Molly (Signal) with UnifiedPush by 0bs1d1an in c/selfhosted@lemmy.world
[-] 0bs1d1an@infosec.pub 3 points 2 weeks ago

Of course, Signal will be unlinked when using Molly. Molly however supports multiple devices.

88
Using Molly (Signal) with UnifiedPush (kroon.email)
submitted 2 weeks ago* (last edited 2 weeks ago) by 0bs1d1an@infosec.pub to c/selfhosted@lemmy.world
17 comments fedilink

When not using Google Play services (e.g. GrapheneOS, LineageOS users), Signal can be a real battery drain. Molly with UnifiedPush on the other hand is extremely battery efficient.

Here's how to set this up, using Nextcloud as the UnifiedPush provider.

12
Ofermod - Drakosophia (regainrecords.bandcamp.com)
submitted 1 month ago by 0bs1d1an@infosec.pub to c/black_metal@sopuli.xyz
0 comments fedilink
2
Active Directory Certificate Tester (gitlab.com)
submitted 4 months ago by 0bs1d1an@infosec.pub to c/windows_security@infosec.pub
0 comments fedilink

Hello all,

I developed a tool that scans for certificate issues in GPO, AD CS, and Active Directory. I couldn't find another tool that consolidates these checks—PingCastle catches some, but not all—so I figured I'd try filling the gap.

Big shoutout to Locksmith! This isn’t intended as a clone (aside from maybe the ASCII art nod). That tool is incredibly helpful in securing AD CS. ADCT's focus is more on certificate issues itself, as opposed to misconfigurations in certificate templates and such.

Would love your thoughts, feedback, or feature suggestions.

Android Password Store is back on F-Droid by 0bs1d1an in c/selfhosted@lemmy.world
[-] 0bs1d1an@infosec.pub 2 points 5 months ago

I was too! I almost migrated to Vaultwarden, but I'm very thankful this fork is continuing the original maintainer's work.

Android Password Store is back on F-Droid by 0bs1d1an in c/selfhosted@lemmy.world
[-] 0bs1d1an@infosec.pub 6 points 5 months ago

APS moved away from OpenKeychain to PGPainless some time ago, from before this fork started. While not perfect either (see https://github.com/agrahn/Android-Password-Store/issues/287), PGPainless is being maintained, and from what I can tell from this APS fork's git log, is automatically bumped via their renovate bot (e.g. https://github.com/agrahn/Android-Password-Store/commit/9a6b596199d7eb87b40b53c4cb111ba7a5b48188)

Android Password Store is back on F-Droid by 0bs1d1an in c/selfhosted@lemmy.world
[-] 0bs1d1an@infosec.pub 4 points 5 months ago

Did you see the Documentation section in the README.md? You basically initialise a password store on your server, and you use an implementation like this to sync (SSH + git) your passwords, which are encrypted via your GPG key.

https://www.passwordstore.org/ has some instructions how to initialise a password store on, for example, your server. Then refer to https://github.com/android-password-store/Android-Password-Store/wiki/First-time-setup to configure the app.

55
Android Password Store is back on F-Droid (github.com)
submitted 5 months ago by 0bs1d1an@infosec.pub to c/selfhosted@lemmy.world
12 comments fedilink

Rejoice! Our beloved password manager, ZX2C4's pass, sees its Android implementation back on F-Droid. This APS fork has been pushing development forward since some time already, and has finally been published on the aforementioned app store earlier this month.

0bs1d1an

joined 2 years ago