The Transformative Power of Blockchain Technology

2024-03-122026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In recent years, blockchain technology has emerged as a revolutionary force with the potential to reshape industries, streamline processes, and enhance security. Originally developed as the underlying technology for cryptocurrencies like Bitcoin, blockchain has evolved far beyond its initial application. Today, it stands as a cornerstone for innovation across various sectors, offering transparency, security, and efficiency.

Continue reading →

PicoCTF: Cookies [CTF Write Up]

2024-03-082026-01-15 ~ Tom's IT Cafe ~ Leave a comment

The PicoCTF web exploitation tasks are fun and you can learn a lot about the web and about the tools you can use as a white hat hacker or penetration tester. Knowing about the possible security issues can help you avoid them as well as a developer. Let’s see another web security challenge!

Continue reading →

The Vigenère Cipher

2024-03-062026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In the realm of cryptography, the Vigenère cipher stands as a testament to the ingenuity and complexity of early encryption methods. I have to admit that it is my personal favorite of the “old” ciphers. The Vigenère cipher, often attributed to Blaise de Vigenère, was actually first described by Giovan Battista Bellaso in 1553. Bellaso’s description of a polyalphabetic substitution cipher, which later became known as the Vigenère cipher, predated de Vigenère’s work by over a century. De Vigenère’s contribution was the development of a text autokey cipher, which was misattributed to him due to his association with the Vigenère cipher. The Vigenère cipher itself was not invented by de Vigenère but rather by Bellaso and later misattributed to him.

Continue reading →

PicoCTF: GET aHEAD [CTF Write Up]

2024-03-042026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In the following CTF game the player looks into the HTTP communication and its request methods. It is a great opportunity to learn about what happens behind the scenes during loading a web page. The game is on PicoCTF.

Continue reading →

A Beginner’s Guide to Ciphers, Cryptography, and Encryption

2024-03-012026-01-15 ~ Tom's IT Cafe ~ Leave a comment

The use of secret codes and ciphers dates back to ancient civilizations, where rulers, generals, and diplomats employed various techniques to encode their messages. The Spartans, for example, used a device called the scytale, a rod of a particular diameter around which a strip of parchment was wound to reveal the hidden message. As societies progressed, so did the sophistication of these methods, leading to the birth of classical ciphers and, eventually, modern cryptographic techniques.

Continue reading →

PicoCTF: “where are the robots” [CTF Write Up]

2024-02-272026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Have you ever thought about joining the forces of white hat hackers and penetration testers? Don’t you know where to start or how to practice some skills? Though capture the flag games, or CTFs in short, are not the most life-like situations, they can help you to build a way of thinking and to learn the basic tools. PicoCTF is a great site to start as a beginner.

Continue reading →

Debian’s APT: Package Management

2024-02-232026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In the Linux-based operating systems, Debian stands out, renowned for its stability and reliability. At the heart of Debian’s package management system lies APT (Advanced Package Tool), a sophisticated tool that ensures seamless installation, upgrade, and removal of software packages.

Continue reading →

Tor Hidden Services: Reaching The First Entry Point

2024-02-202026-01-15 ~ Tom's IT Cafe ~ Leave a comment

You learned about the hidden part of the internet, the Tor hidden services. Then you downloaded and configured your Tor browser for the first deep dive into this unknown territory. As I mentioned before, the hidden services is a region of the internet that is not crawled and indexed by ordinary search engines like Google and Bing. You have to know the .onion URL of the site that you are looking for. These URLs are not the usual easy-to-remember domain names you see in the clear web. The hidden services URLs are generated text with the .onion ending. Luckily there are popular link collections and wiki sites as your entry points to the hidden services.

Continue reading →

Tor Hidden Services: Preparing For Reaching The Hidden Area

2024-02-162026-01-15 ~ Tom's IT Cafe ~ 1 Comment

After my previous article about the deep web and the Tor hidden services you know just enough to be curious: what lies behind the gates of the Onion Routing protocol? To figure it out you need an instance of the Tor browser connected to the Tor network. Before you jump right to a download link, please do a bit of research yourself about the Tor project and its tools and affiliates. It is interesting to take a look at the Tor metrics and understand its data. The growing usage of Tor relays talks about a constantly growing user base. At a peak time in the beginning of February, 2024 there were more than 7.5 million users online on the relays. It was only about 4 million in the end of 2023. Before you continue this journey into the hidden services read about information safety and be notified that this area of the internet is dangerous!

Continue reading →

Tor Hidden Services: Privacy On The Internet And Dark Things

2024-02-132026-01-15 ~ Tom's IT Cafe ~ 2 Comments

As a child in the ’90s I was fascinated by the internet. That tiny browser window in a flashing CRT display became a portal to an exciting world. Not much later, in the early 2000s I realized that the online land of possibilities has another side. The hidden part of the internet is protected by a chain of relays and a tool that is specially developed to reach this area. No ordinary web browser can surf this web, nor the search engines like Google can index and show them in search results. The Tor hidden services was all over in the news in the 2010s because of its dark and lawless side. The Silk Road was taken down by the authorities in October 2013. Ross Ulbricht, the alleged founder and operator of the Silk Road, was arrested and later convicted on multiple charges. The case drew significant attention due to its connection to the dark web and the use of cryptocurrency (particularly Bitcoin) for transactions on the platform. The hidden services and the onion routing was developed for a very different purpose: to help people stay anonymous from governments, dictatorship and to help whistleblowers, journalists and the free speech.

Continue reading →

Securing Your Data: Using LUKS to Encrypt a Partition

2024-02-092026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Data security is paramount in today’s digital age. Whether you’re concerned about personal privacy or safeguarding sensitive work-related information, encrypting your data is an effective way to protect it from unauthorized access. In this blog post, we’ll explore how to use LUKS (Linux Unified Key Setup) to encrypt a partition, /dev/nvme0n1p3, on a Debian Bookworm desktop. LUKS is a widely-used disk encryption specification for Linux systems that provides robust security for your data.

Continue reading →

Podman Secrets for Secure Service Config

2024-02-062026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In the world of the containerization, security and efficient service configuration are serious concerns. Podman, a container management tool, provides a solution for orchestrating containers and includes a feature known as “secrets” to enhance the security of sensitive information within containerized applications. This article explores the use of Podman secrets for configuring services securely, ensuring that sensitive data such as passwords and API keys remain confidential.

Continue reading →

How To Become a Master Hacker in 2024

2024-02-022026-01-15 ~ Tom's IT Cafe ~ Leave a comment

As technology breaks in to more fields and professions, as the age of the AI is in our doorstep and the information technology (IT) is unquestionable part of our everyday life the attack surface for malicious actors is exponentially growing. With the age of home office and remote work the importance of cyber security just accelerated. More and more people want to get their share from this now popular cyber world. They are from different experience levels and age. Here are my suggestions and ideas for 2024 to learn cyber security and dip a pinky into ethical hacking.

Continue reading →

Setting Up a Root Certificate Authority with OpenSSL

2024-01-302026-01-15 ~ Tom's IT Cafe ~ Leave a comment

In secure communication establishing a secure channel is very important. One way to achieve this is by setting up a Root Certificate Authority (CA) to sign and manage digital certificates. In this article, we’ll guide you through the process of creating your own Root CA and signing service certificates using OpenSSL, a versatile open-source tool for cryptography.

Continue reading →

How To Set Up 2FA With TOTP For OpenSSH Servers

2024-01-262026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Implementing robust authentication mechanisms is crucial to safeguard sensitive information. One such method gaining popularity for its effectiveness is Time-based One-Time Passwords (TOTP). In this article, we set up TOTP with OpenSSH, a widely used and versatile protocol for secure remote access. By integrating TOTP into your OpenSSH configuration, you enhance the security of your system by adding an additional layer of authentication, strengthening defenses against unauthorized access and potential cyber threats. Follow along as we guide you through the steps to fortify your OpenSSH environment with TOTP, ensuring a resilient defense against security breaches.

Continue reading →