Andreas Happe: security

How (NOT) to hide OpenVPN behind HTTPS/SSL

Update 2017: Sadly I found out (thanks due to the comments on this blog post) that using port-share does not encapsulates subsequent traffic in normal TLS. So using this method will not fool Deep-Package Inspection Firewalls. If you need to mask all your traffic, this is not an option – you might need to investigate stunnel, information can be found here, here or here. I assume, that the higher success rate of this method could be related to some firewalls checking the target of the initial https request.

December 1, 2016 in tech security linux

Secret-sharing described by Prismacloud

One important part of the European Prismacloud project is dissemination: make ordinary people understand some of our cryptographic directives. Out of this, the following clip originated: The technique in question is called secret-sharing and was originally detailed in 1979.

February 27, 2016 in security

Firejail: Chroot on Speed

Firejail describes itself as a SUID program that reduces the risk of security breaches by restricing the running environment of running programs. We’ll just call it chroot or jail (for the BSDers out there).So, it’s SUID? First things first: it’s SUID, so if there’s an error within the firejail binary an attacker can gain root rights. This comes with the territory. How large is Firejail and how many dependencies does it have?

February 25, 2016 in security linux tech

OSCP: Check!

I have just received my OSCP exam success notification. This is a penetration-testing certification by Offensive Security with focus on hands-on-training.You get an eBook and a week’s worth of video lectures with guided exercises; access to a virtual lab with approximately 55 machines that you should gain full control over and will finish with an 24 hour exam in which you are supposed to root five target machines. All this should be documented and submitted at last 24 hours after your exam is over – my documentation had 264 pages.

February 7, 2016 in life security

Capybara for automating Pen-Tests

After a successful penetration test a re-test is performed. The common approach is that the customer fixes the code and I perform the necessary steps to confirm that that initial security breach was closed. Sometimes it takes the customer a couple of tries to achieve that. Most security problems (XSS, CSRF, SQLi) can easily be automated tested, but I had problems automating server-side authentication and authorization problems. The test would have to emulate multiple parallel user sessions.

September 9, 2014 in linux security rails tech

Review: Penetration Testing with BackBox

Full-disclosure: I was asked by PacktPublishing to provide a review of Penetration Testing with BackBox by Stefan Umit Uygur. They offered me a free copy of the ebook; otherwise I have not been compensated by any means for this review. The book aims to be an introduction to penetration-testing for experienced Unix/Linux users or administrators (seems like there are Linux users that aren’t administrators by now). After reading the book I believe that the assumed use-case is an administrator that wants to gain some insight into the tools that might be used against his server.

September 9, 2014 in security

Rogue Access Point and SSL Man-in-the-Middle the easy way

After I’ve tried setting up a rogue access point using squid and hostapd I’ve seen that KDE’s network-manager offers host access-point functionality. How easy is it to combine this with BURP for an SSL man-in-the-middle attack? Well some GUI clicking and 3 command line invocations.. The Hardware I bought two USB 802.11n wireless adaptorts on deal extrem, so far both of them work as an access point: a small whitish one for $5.

March 20, 2014 in linux security

How-to setup a rogue access point with a transparent HTTP(s) proxy

I’m always reading about dangerous rogue access points but never actually have seen one in action. So what better than create a test setup.. Hardware for this test setup will be my old linux notebook (a macbook pro) as fake access point a small deal extreme network card (Ralink 5070 chipset). I’ve actually bought three differnet wireless cards for under $20 and am trying out the different chipsets. This card is rather small (like an usb stick), so it isn’t to conspicous The basic idea is to use hostap to create a virtual access point.

February 24, 2014 in tech linux security

Git with transparent encryption

This is part three of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. git was originally written by Linus Torvalds as SCM tool for the Linux Kernel. It’s decentralized approach fits well into online OSS projects, it slowly got the decentralized OSS of choice for many.

October 10, 2013 in tech security linux

Encrypted S3 storage filesystems

This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. This post tries some filesystems that directly access S3. I’ll focus on Amazon’s S3 offering, but there should be many alternatives, i.

June 27, 2013 in security tech