The Ghost Operator's Signal
Security-Enhanced Linux (SELinux) is a robust security mechanism that provides mandatory access control (MAC) for Linux. When deploying web services on Enterprise Linux, SELinux helps ensure the system’s security by enforcing strict access policies. This article guides you through hosting a website in the /opt/cafe/www directory, highlighting how to debug, analyze, and solve SELinux-related issues when it is in enforcing mode.
Encrypting storage volumes ensures that sensitive information is protected, even if physical devices are lost or stolen. This post will guide you through encrypting KVM volumes as LVM logical volumes on Debian 12. We’ll cover setting up LVM, encrypting the volumes with LUKS (Linux Unified Key Setup), and integrating them into your KVM setup.
Continue reading “Encrypting KVM Volumes as LVM Logical Volumes with LUKS”
An important aspect of virtualization is ensuring the security of the disk images used by VMs. Encrypting these disk images helps protect sensitive data from unauthorized access. This post will guide you through the process of encrypting a KVM QCOW2 disk image using LUKS (Linux Unified Key Setup).
Continue reading “Encrypting KVM QCOW2 Disk Images with LUKS”
Access Control Lists (ACLs) provide a more flexible permission mechanism for file systems compared to traditional Unix file permissions. They allow you to set permissions for individual users or groups beyond the standard owner/group/others model. This makes ACLs particularly useful in environments where you need fine-grained access control. In this article, we’ll explore the basics of using Linux ACLs to set default and user/group rules.
Continue reading “Understanding Linux ACLs: Setting Default and User/Group Rules”In our always connected world where data flows freely and digital footprints accumulate, the concepts of privacy and anonymity have become increasingly relevant. While they share common ground in protecting personal information, they diverge in their underlying principles and implications.
Continue reading “Privacy vs Anonymity”
Managing sensitive data securely is very important. Whether it’s passwords, API keys, or other confidential information, properly storing and accessing these secrets is crucial for maintaining the integrity and security of your systems. Ansible Vault is a powerful tool to address this challenge.
Continue reading “Ansible Basics 08: Ansible Vault”
In the blockchain technology, Ethereum stands out as a groundbreaking platform that has transformed the landscape of decentralized applications (DApps) and smart contracts. Launched in 2015 by Vitalik Buterin, Ethereum introduced a revolutionary concept: the ability to build decentralized applications on its blockchain, using smart contracts to execute code automatically when predetermined conditions are met. Over the years, Ethereum has evolved into a powerhouse, fueling the growth of decentralized finance (DeFi), non-fungible tokens (NFTs), and a myriad of other innovative projects.
Continue reading “Ethereum: The Future of Decentralized Finance”
Proton Mail, a renowned provider of secure email services, has recently released its new desktop client, setting a new standard for email security and usability. This innovative client offers a range of features that make it a top choice for individuals and businesses looking to enhance their email communication experience. I have just installed and tried it out for some days.
Continue reading “Proton Mail’s New Desktop Client: A Secure and User-Friendly Email Solution”
This is a 50 points task in PicoCTF to solve this puzzle. I have to admit that I sat on it for a while because I suspected a complex solution like using stenography or any other hidden clues in the image file. Finally I just sat down and it became obvious immediately.
Continue reading “PicoCTF: The Numbers [CTF Write Up]”
In recent years, blockchain technology has emerged as a revolutionary force with the potential to reshape industries, streamline processes, and enhance security. Originally developed as the underlying technology for cryptocurrencies like Bitcoin, blockchain has evolved far beyond its initial application. Today, it stands as a cornerstone for innovation across various sectors, offering transparency, security, and efficiency.
Continue reading “The Transformative Power of Blockchain Technology”
The PicoCTF web exploitation tasks are fun and you can learn a lot about the web and about the tools you can use as a white hat hacker or penetration tester. Knowing about the possible security issues can help you avoid them as well as a developer. Let’s see another web security challenge!
Continue reading “PicoCTF: Cookies [CTF Write Up]”
In the realm of cryptography, the Vigenère cipher stands as a testament to the ingenuity and complexity of early encryption methods. I have to admit that it is my personal favorite of the “old” ciphers. The Vigenère cipher, often attributed to Blaise de Vigenère, was actually first described by Giovan Battista Bellaso in 1553. Bellaso’s description of a polyalphabetic substitution cipher, which later became known as the Vigenère cipher, predated de Vigenère’s work by over a century. De Vigenère’s contribution was the development of a text autokey cipher, which was misattributed to him due to his association with the Vigenère cipher. The Vigenère cipher itself was not invented by de Vigenère but rather by Bellaso and later misattributed to him.
Continue reading “The Vigenère Cipher”
In the following CTF game the player looks into the HTTP communication and its request methods. It is a great opportunity to learn about what happens behind the scenes during loading a web page. The game is on PicoCTF.
Continue reading “PicoCTF: GET aHEAD [CTF Write Up]”
The use of secret codes and ciphers dates back to ancient civilizations, where rulers, generals, and diplomats employed various techniques to encode their messages. The Spartans, for example, used a device called the scytale, a rod of a particular diameter around which a strip of parchment was wound to reveal the hidden message. As societies progressed, so did the sophistication of these methods, leading to the birth of classical ciphers and, eventually, modern cryptographic techniques.
Continue reading “A Beginner’s Guide to Ciphers, Cryptography, and Encryption”
Have you ever thought about joining the forces of white hat hackers and penetration testers? Don’t you know where to start or how to practice some skills? Though capture the flag games, or CTFs in short, are not the most life-like situations, they can help you to build a way of thinking and to learn the basic tools. PicoCTF is a great site to start as a beginner.
Continue reading “PicoCTF: “where are the robots” [CTF Write Up]”
Tom's IT Cafe 