archiveren

internet

Quick version to improve client-side browser behaviour… (client-side best effort, so nothing is enforced…)

  • remove asp info
  • enforce https
  • specify thumbprint of known expected certificates and intermediate, and root for website
  • whitelist content security sources
  • set x-frame, aka preventing your site can be used in an iframe
  • enable xss protection
  • disable content type niffing

Add the following to your website’s web.config
(yes, web.config needs that ‘"’ around the thumbprints…)


 <httpProtocol>
  <customHeaders>
   <remove name="X-Powered-By" />
   <add name="Strict-Transport-Security" value="max-age=31536000" />
   <add name="Public-Key-Pins" value="pin-sha256=&quot;thumbprintofcertificate1&quot;; pin-sha256=&quot;thumbprintofcertificate2-intermediate&quot;; pin-sha256=&quot;thumbprintofcertificate3-rootcert&quot;; max-age=31536000" />
   <add name="Content-Security-Policy" value="default-src https: data: 'unsafe-inline' 'unsafe-eval'" />
   <add name="X-Frame-Options" value="DENY" />
   <add name="X-Xss-Protection" value="1; mode=block" />
   <add name="X-Content-Type-Options" value="nosniff" />
   </customHeaders>
  </httpProtocol>
 

Long version: https://scotthelme.co.uk/hardening-your-http-response-headers/

Check via https://securityheaders.io/?q=https%3A%2F%2Fhome.mendelonline.be&hide=on

 

 

Get yourself a cheap cloud host running Windows Server.
Add ssl based SSTP vpn
Add ssl based Remote Desktop Gateway.
Put let’s encrypt on all of it.

For quick access to blocked url’s, put a glype php proxy somewhere (maybe on that same iis)

 

My current setup, a host in azure running vpn and rdp-gateway, mostely connecting to rdpgateway on home server connecting to vm-guest… You know… RDP-ception!

Now you can go everywhere!

 

My Vaio died…
For all the ones that will be pointing “hahahahaha, told you so”: whatever =)
In the end, it was the Samsung SSD inside that died…

Anyway, needed to reinstall my laptop. Quick list of essential tools!

And since the sudden disappearance of wallbase -> http://alpha.wallhaven.cc/ for a new wallpaper! 🙂

desktopAnd for the first time I didn’t make my account localadmin 🙂 Let’s see how that turns out 🙂

http://www.hdkn.net/ is pretty awesome for a headless torrent client! It even has a native PowerShell module! But it doesn’t implement everything you want. (runs only in x86 shell, no magnets support, …)

Here a quick (and very dirty) PoSh snippet to add magnets to the download engine using its REST API… (don’t judge me on code quality!)

Accesstoken is the “api key” from the upper right corner, id is whatever you want it to be, and the convertto-json can probably be used as well.. But it was late, and this works :-).


$accesstoken="111111-11111111-11111"
$url="http://host.ext:port/jsonrpc"
while($magnet = read-host "gimme magnets")
{
$body = @"
{"id":74,"jsonrpc":"2.0","method":"torrents.addUrl","params":["$magnet",{"name":"","savePath":"E:\\ServerFolders\\Linuxes"}]}
"@
Invoke-RestMethod -Method Post -Uri $url -Header @{ "Authorization" = "Token $accesstoken" } -Body $body -ContentType "application/json"
}
$body = @"
{"id":1,"jsonrpc":"2.0","method":"torrents.getAll","params":[]}
"@
$res=Invoke-RestMethod -Method Post -Uri $url -Header @{ "Authorization" = "Token $accesstoken" } -Body $body -ContentType "application/json"
$res.result |ft

WP_20141026_18_16_40_Pro WP_20141026_18_16_33_Pro

 

 

 

 

 

 

 

 

 

 

My first time TechEd and it was awesome!
Much more heavy that anticipated: went to sessions everyday from 8.30 ‘till 18.15 sucking up all available knowledge!
Talked to a bunch of interesting people, tried to learn as much as possible, saw cool demo’s and was impressed by the huuuge amount of people there!

 

Things to remember!

REST

Further, I saw Mimikatz come by like 10 times, got the colours of ProcessExplorer explained to me for 3 times, learned how to set a filter in ProcessMonitor 2 times…

Had great fun with speakers @samilaiho and @andymalone

Got back with cool presents from @tycotic and @tintri_emea

Sometimes, you just want to store files in the cloud. This because you want your data to be available everywhere. Or you want a offsite backup. Or you want to share it with someone.

Anyway, you have to put it SOMEWHERE.
And preferable, somewhere secure, and not to expensive.

Now, you have the classic hosting providers. Providing you with an http/ftp capable webspace.But, as always, that’s a bit expensive…storage_azurestorage_googlestorage_amazon

When you start looking around, for backup, archive or file hosting services, you stumble upon the classic tools like dropbox, skydrive, backblaze, crashplan, …

But, in my case, that’s also not something I’m looking for.
I just want to mount a “cloud-drive” via a webservice, ftp or webdav. It can even has it own tool, as long as the actual files stay in the cloud…

So, into “the big three”: Amazon S3, Google Cloud Storage and Windows Azure Storage blobs… Pricing is on the right of this blogpost.

Still… They’re like 5-10€/month for 100GB… That’s 100€ per year.
With 100€ you can buy yourself a 1000GB hard disk, and put it on your desk and revproxy the thing?
Even with the electricity cost you’re not going to hit that 100€ limit…

Or buy a new hard drive each year, and put the old one somewhere safe! At a friend’s house, in your basement, you can even bury it in your garden ^^

I was considering getting an Azure subscription, now not any more 🙂