To search

Stephan Rickauer's Hacking Lab

A random guy on IT Security, Hacking, Unix and Whatnot.

Sunday, July 16 2017 16:51

OpenBSD rtables and rdomains

Today I was playing with OpenBSD routing domains the first time. Traditionally, multiple interfaces are connected to one routing table. A global switch called 'IP forwarding' will turn packet flows between all interfaces on or off. A more fine-grained control requires some kernel level packet filtering, usually done by PF on OpenBSD. However, with rdomains one can easily isolate traffic to specific routing domains, to separate networks in kernel space.

Continue reading

Monday, January 30 2017 20:08

Recovery boot encrypted macOS Sierra

While playing with ulimit, launchd and friends I've recently shot myself into the foot. But since it's Unix I did this very efficiently. You might know this old quote from Terry Lambert:

It is not UNIX’s job to stop you from shooting your foot. If you so choose to do so, then it is UNIX’s job to deliver Mr. Bullet to Mr. Foot in the most efficient way it knows.

Continue reading

Saturday, October 15 2016 13:23

OpenVPN and OpenBSD 6.0

Over the last decade I have been installing and using OpenVPN several times, for professional and home use. However, I didn't follow its development over the last 5 years and now got interested in it again. In this blog post I will cover those features which were either new to me or made me struggle.

Continue reading

Monday, August 15 2016 11:32

OpenBSD and PCEngine's APU

For quite a while, PCEngine's devices have been known to work well under OpenBSD. In the meantime, their famous Alix boards have been superseded by the next generation systems called APU. At work, we wanted to build a cheap sniffing device that could be used to tap and investigate 'interesting' traffic. An ideal use case to learn about the current state of affairs: OpenBSD on APU.

Continue reading

Thursday, July 14 2016 16:45

Let's Encrypt on OpenBSD

UPDATE: letskencrypt has been merged into the base system of OpenBSD and renamed to acme-client

When Let's Encrypt has hit the planet and euphoria calmed down, I decided to give it a spin as soon as a clean, secure and simple OpenBSD client would be available. I may be late some months: letskencrypt has been published on Github on May 12th, 2016 and is currently available in version 0.18. I won't go into the merits of "why yet another client". Read Kristaps Dzonsons page on his beautiful design using isolated independent components. No Python. No Ruby. No Bash.

Continue reading

Thursday, June 16 2016 16:00

Taking the Red Pill - Incident Response outside the Matrix

For the sake of completeness I'll add the slides of my talk at FIRST 28th Annual Conference in Seoul here.

Continue reading

Tuesday, December 22 2015 09:46

SSH Backdoor in Juniper Devices

​​Have you ever seen yourself in trouble arguing for the sake of OpenSource when it comes to transparency, ​​​security and correctness? Well, the quality of Software isn't defined by whether it is conventional (aka "closed") or OpenSource. There is good/secure closed source software around, as well as there is terrible OpenSource. And vice versa. However, there's a difference.

Continue reading

Thursday, January 1 1970 00:01

Hello World!

Yet another blog :/ Well, it's my personal tech blog where I mostly make notes to myself. Enjoy or ignore :)