Creating expired X.509 certificates

Last week as I was preparing a the material for a workshop about TLS for developers, for one of the exercises, I needed to create an expired certificate. To do that I thought that when creating my certificate (self signed) all I had to do was to pass a negative number when specifying the numbers of days for the certificate validity. So there I went and run the following command:
Read more

Docker image generator for infosec

This is a project I have entertained in my head for a while with my brother in arms Fran Ramírez, and finally I have found some time to work on it. The idea is pretty simple. Basically it is to create a Docker image with number of tools of your choice, without having to create or know how to create a Docker image itself. For instance, let’s say we want to run sqlmap, and we don’t have with us our lovely Kali distro, and we don’t want to install it in our system.
Read more

Extending kubectl

As you probably already know, kubectl is the official tool to interact with Kubernetes from the command line. This tool, besides all the functionality that it already provides, allows us to extend its functionality through plugins. A kubectl plugin is nothing but a file with the following three requirements: It has to be an executable (binary or script) It must be in your system’s PATH Its name must start with kubectl- (including the dash!
Read more

How kubectl uses Kubernetes API

As you probably already know, any type of query or command that you run against Kubernetes, it is done by sending an API request to a component called API server. This component lives in the master node/s. The most common way to interact with a Kubernetes cluster, although you have several graphical options, it is through a command line tool called kubectl. This tool provides a quite extended number of options, but in this entry I’m going to focus on verbosity, which is a very handy option if we want to learn more how kubectl interacts with the component mentioned previously: the API server.
Read more

Moving the blog images from Flickr to Digital Ocean Spaces

In this blog we have been using Flickr as our main images repository since 2008. We even paid for a pro account for a couple of years back in 2015 and 2016, however I can’t recall the benefits of a pro account versus the free one. Our experience with Flickr has been always very positive and never had an issue with them, but after the acquisition of Flickr by SmugMug, they recently changed the policies, and they announced that the free accounts will be limited to 1,000 images, the rest will be removed.
Read more

Controlling your garage doors with an ESP32 - Part 3

Now that we have our ESP32 ready to rock and roll it is deployment time! The first thing we need to do is to use an MQTT broker with authentication. So far we have done all our tests using the free io.eclipse.org server without any kind of authentication, this means, if somebody knows the topics you are using, could open/close your garage door. Not good! There are plenty of options out there you can use, but I personally roll out my own broker, so I am going to explain what I have done.
Read more

Controlling your garage doors with an ESP32 - Part 2

In this second post of this series, we’ll see how to connect a couple of magentic switches, one for each door, that will allow us to see if a door is closed or not. I’m using this one in particular: https://www.adafruit.com/product/375. This sensor has two wires, one goes to ground (GND) and the second one to an output GPIO pin. In my case I’m using pins 25 and 26 for the left and right door respectively.
Read more

Controlling your garage doors with an ESP32 - Part 1

Four years ago, I got to wire up a Raspberry Pi to a 2 channel relay and a couple of sensors, and hook it up to my garage door openers. This allowed me to open/close any of the doors, as well as to see if the doors were open or closed. Here is blog post I wrote then explaining all I did: https://www.cyberhades.com/2014/02/04/controlando-las-puertas-del-garaje-con-un-raspberry-pi/ (Spanish). This setup suffered a couple evolutions, adding into the picture an MQTT broker (mosquitto), an Android app and even an application for my good old Pebble watch.
Read more

Size matters, but it is not all about the size

If you are familiar with Docker, and have been using Docker for some time, you will probably already know or have read, that it is important and a good practice to reduce as much as you can the size of your images. Crafting your Dockerfile carefully to reduce the number of layers, using a minimalist base image to create small images, etc. Sure, this is very important in order to save some space on disk.
Read more