Cyber Security, DevOps, DevSecOps and Technology
Managing sensitive data securely is very important. Whether it’s passwords, API keys, or other confidential information, properly storing and accessing these secrets is crucial for maintaining the integrity and security of your systems. Ansible Vault is a powerful tool to address this challenge.
Continue reading “Ansible Basics 08: Ansible Vault”
In the blockchain technology, Ethereum stands out as a groundbreaking platform that has transformed the landscape of decentralized applications (DApps) and smart contracts. Launched in 2015 by Vitalik Buterin, Ethereum introduced a revolutionary concept: the ability to build decentralized applications on its blockchain, using smart contracts to execute code automatically when predetermined conditions are met. Over the years, Ethereum has evolved into a powerhouse, fueling the growth of decentralized finance (DeFi), non-fungible tokens (NFTs), and a myriad of other innovative projects.
Continue reading “Ethereum: The Future of Decentralized Finance”
Proton Mail, a renowned provider of secure email services, has recently released its new desktop client, setting a new standard for email security and usability. This innovative client offers a range of features that make it a top choice for individuals and businesses looking to enhance their email communication experience. I have just installed and tried it out for some days.
Continue reading “Proton Mail’s New Desktop Client: A Secure and User-Friendly Email Solution”
This is a 50 points task in PicoCTF to solve this puzzle. I have to admit that I sat on it for a while because I suspected a complex solution like using stenography or any other hidden clues in the image file. Finally I just sat down and it became obvious immediately.
Continue reading “PicoCTF: The Numbers [CTF Write Up]”
In recent years, blockchain technology has emerged as a revolutionary force with the potential to reshape industries, streamline processes, and enhance security. Originally developed as the underlying technology for cryptocurrencies like Bitcoin, blockchain has evolved far beyond its initial application. Today, it stands as a cornerstone for innovation across various sectors, offering transparency, security, and efficiency.
Continue reading “The Transformative Power of Blockchain Technology”
The PicoCTF web exploitation tasks are fun and you can learn a lot about the web and about the tools you can use as a white hat hacker or penetration tester. Knowing about the possible security issues can help you avoid them as well as a developer. Let’s see another web security challenge!
Continue reading “PicoCTF: Cookies [CTF Write Up]”
In the realm of cryptography, the Vigenère cipher stands as a testament to the ingenuity and complexity of early encryption methods. I have to admit that it is my personal favorite of the “old” ciphers. The Vigenère cipher, often attributed to Blaise de Vigenère, was actually first described by Giovan Battista Bellaso in 1553. Bellaso’s description of a polyalphabetic substitution cipher, which later became known as the Vigenère cipher, predated de Vigenère’s work by over a century. De Vigenère’s contribution was the development of a text autokey cipher, which was misattributed to him due to his association with the Vigenère cipher. The Vigenère cipher itself was not invented by de Vigenère but rather by Bellaso and later misattributed to him.
Continue reading “The Vigenère Cipher”
In the following CTF game the player looks into the HTTP communication and its request methods. It is a great opportunity to learn about what happens behind the scenes during loading a web page. The game is on PicoCTF.
Continue reading “PicoCTF: GET aHEAD [CTF Write Up]”
The use of secret codes and ciphers dates back to ancient civilizations, where rulers, generals, and diplomats employed various techniques to encode their messages. The Spartans, for example, used a device called the scytale, a rod of a particular diameter around which a strip of parchment was wound to reveal the hidden message. As societies progressed, so did the sophistication of these methods, leading to the birth of classical ciphers and, eventually, modern cryptographic techniques.
Continue reading “A Beginner’s Guide to Ciphers, Cryptography, and Encryption”
Have you ever thought about joining the forces of white hat hackers and penetration testers? Don’t you know where to start or how to practice some skills? Though capture the flag games, or CTFs in short, are not the most life-like situations, they can help you to build a way of thinking and to learn the basic tools. PicoCTF is a great site to start as a beginner.
Continue reading “PicoCTF: “where are the robots” [CTF Write Up]”
In the Linux-based operating systems, Debian stands out, renowned for its stability and reliability. At the heart of Debian’s package management system lies APT (Advanced Package Tool), a sophisticated tool that ensures seamless installation, upgrade, and removal of software packages.
Continue reading “Debian’s APT: Package Management”
You learned about the hidden part of the internet, the Tor hidden services. Then you downloaded and configured your Tor browser for the first deep dive into this unknown territory. As I mentioned before, the hidden services is a region of the internet that is not crawled and indexed by ordinary search engines like Google and Bing. You have to know the .onion URL of the site that you are looking for. These URLs are not the usual easy-to-remember domain names you see in the clear web. The hidden services URLs are generated text with the .onion ending. Luckily there are popular link collections and wiki sites as your entry points to the hidden services.
Continue reading “Tor Hidden Services: Reaching The First Entry Point”
After my previous article about the deep web and the Tor hidden services you know just enough to be curious: what lies behind the gates of the Onion Routing protocol? To figure it out you need an instance of the Tor browser connected to the Tor network. Before you jump right to a download link, please do a bit of research yourself about the Tor project and its tools and affiliates. It is interesting to take a look at the Tor metrics and understand its data. The growing usage of Tor relays talks about a constantly growing user base. At a peak time in the beginning of February, 2024 there were more than 7.5 million users online on the relays. It was only about 4 million in the end of 2023. Before you continue this journey into the hidden services read about information safety and be notified that this area of the internet is dangerous!
Continue reading “Tor Hidden Services: Preparing For Reaching The Hidden Area”
As a child in the ’90s I was fascinated by the internet. That tiny browser window in a flashing CRT display became a portal to an exciting world. Not much later, in the early 2000s I realized that the online land of possibilities has another side. The hidden part of the internet is protected by a chain of relays and a tool that is specially developed to reach this area. No ordinary web browser can surf this web, nor the search engines like Google can index and show them in search results. The Tor hidden services was all over in the news in the 2010s because of its dark and lawless side. The Silk Road was taken down by the authorities in October 2013. Ross Ulbricht, the alleged founder and operator of the Silk Road, was arrested and later convicted on multiple charges. The case drew significant attention due to its connection to the dark web and the use of cryptocurrency (particularly Bitcoin) for transactions on the platform. The hidden services and the onion routing was developed for a very different purpose: to help people stay anonymous from governments, dictatorship and to help whistleblowers, journalists and the free speech.
Continue reading “Tor Hidden Services: Privacy On The Internet And Dark Things”
Data security is paramount in today’s digital age. Whether you’re concerned about personal privacy or safeguarding sensitive work-related information, encrypting your data is an effective way to protect it from unauthorized access. In this blog post, we’ll explore how to use LUKS (Linux Unified Key Setup) to encrypt a partition, /dev/nvme0n1p3, on a Debian Bookworm desktop. LUKS is a widely-used disk encryption specification for Linux systems that provides robust security for your data.
Tom's IT Cafe 