Maikel.pro Blog

From S3 Bucket to entire login infrastructure compromise

TL;DR I discovered an unclaimed AWS S3 bucket, which was still actively used to load JavaScript across multiple domains belonging to a major Brazilian media group, GJC Corp. This JavaScript was included even on their Keycloak-based authentication portals. If an attacker had taken over the bucket and served malicious

Roundcube and SMTP Error (-1) : Connection to server failed

In case you are having problems to configure Roundcube to send mail, please note the following: If you are connecting on port 587 you should probably use tls://mail.mydomain.org instead of ssl://mail.mydomain.org because (by default) STARTTLS is used on port 587. In case you are

software-security

NIS2 and Software Engineering

Last week I watched a presentation about the new European directive about Network and Information Security 2 (NIS2). The essence of this presentation was that current regulations are still not sufficient enough to make companies resilient against cyber security threats. The current trend is that cyber security criminals (e.g.

censorship

Using Team Fortress 2 game-servers to circumvent censorship

Around two years ago, I checked out the pluggable transports system of Tor. This mechanism can be used to circumvent network censoring done by network administrators / authoritarian governments which deny their citizens to certains parts of the internet. In most censoring situations there will be a blacklist of website, e.

whatsspy-public

PoC WhatsSpy Public support ending today

Note: attempting to run this from now on might result (eventually) in a ban of your phone number used in the PoC of using WhatsApp. The code has not been updated for over a month now, which results in easier detection by WhatsApp. In February 2015 I released the Proof

tor

Progress in censorship circumvention: overview of Tor and Pluggable transports

Publish date: 28-Feb-2016 Prior knowledge required: Technical understanding of Tor Article in PDF Format: https://maikel.pro/published/progress-tor-pluggable-transports.pdf Direct link to article in PDF format. 1. Internet Censorship Internet Censorship comes in many forms: black listing websites, whitelisting websites, physically shutting it down, denying access based on status

FTS

Dovecot full text search (Squat) indexer memory tip

Not so long ago Squat was announced, an integrated full text search engine within Dovecot with basically no additional software required. This makes the use of FTS much easier within dovecot. But, there is something that cannot be found elsewhere on the internet. That is the fact that by default

crl

The current state of certificate revocation (CRLs, OCSP and OCSP Stapling)

Publish date: 15-Jan-2016 Prior knowledge required: Abstract understanding of PKI. Article in PDF Format: https://maikel.pro/published/crls-ocsp-stapling.pdf Direct link to article in PDF format. OCSP and its PKI aspects Public Key Infrastructure is crucial in today’s use of the internet. PKI is a infrastructure with the

hotmail

The troubles of Hotmail/Gmail with your own mailserver (postfix) and how to fix them!

So you have setup your own mailserver with Dovecot and Postfix and it's working fine (DKIM, SPF etc), except for sending mails to Hotmail and Gmail. The problem: Sending mail to Hotmail/Gmail Guess what, you are not the exception, many people with self small hosted mailservers complain

remarkable/funny death poses in TF2

This is my collection of remarkable/funny ways of dead people lying around in TF2 public servers. I will keep updating this post for more funny death scenes :D. Unique death poses Dramatic death spy That one second too late sprint death Keep hangin' in there mate death Nailing

rpi

Where are my Raspberry Pi's at?

Downloading Media and fooling around It all started with 1 Raspberry Pi model B as an alternative to a server in the basement. There is no room in the basement for an server, and I don't like running fans/HDD's in my bedroom (because of the

fix

WhatsApp Privacy problem explained in detail

I released a tool this Saturday, which will give you some insight of what a “hacker” (or in fact any stranger with some programming knowledge) can conclude of your WhatsApp behavior. This tool visualizes the following properties of any phone number that uses WhatsApp: * Online/Offline status (even with privacy

whatsspy-public Featured

WhatsApp privacy is broken!

So there is this menu called "privacy" in WhatsApp. Here you can edit your "last seen", "profile picture" and "status" privacy options. You may think now that you've set all options to "nobody" you are privacy-wise safe. But

sarcasm

[NL] Software ontwikkelmethode MEME

MEME staat voor Minimum Effort, Maximum Efficiency. Dit ontwikkelmodel gaat uit van de volgende principes: * Het opleveren van een product met zo weinig mogelijk functionaliteiten en kwaliteiten in een zo kort mogelijke tijdsperiode. * Het ontwijken van de echte benodigheden van de klant om extra kosten aan de kant van de

USB hubs make the difference for powering Raspberry Pi's and multiple Harddisks

The old setup In februari I posted some information about my Raspberry Pi as an Media Service (downloading and streaming). This setup is visible in the following image: An Conceptric USB 2.0 HUB was powering the external HDD and two Raspberry Pi's. The RPi on the left

bashing

My experience so far with my Nexus 5

So you're telling me theres free Wifi here? Well, why the fuck aren't you connecting then? No i'm not there, what are you doing!?! I seem to have a GPS fix but this is anything but near my real location. So yeah, lets just

iceland

3G/4G internet in Iceland as a tourist

With most cellular subscriptions you can use internet abroad, but the costs involed are usually much higher than in your own country. If your country is a member of the EU this has become significantly cheaper over time, but you can still get a much better deal than 20 cents

rpi

How to backup your Raspberry Pi (complete OS+Personal Files)

There are many reasons to backup: * Write cycles of an SD card are much worse that an HDD or SSD (usally around ~1000 times). * Setting up all the OS with all your preferences can be time consuming. * Personal data can be lost once an SD card is corrupt. It'

raspberry

This might just fix your corrupt SD card of your Raspberry Pi

This week i tried booting my Raspberry Pi, but this showed up: end_request: I/O error, dev mmcblk0, sector 148225 mmcblk0: error -110 transfering data, sector 148226, nr 254, response 0x900, card status 0xb00 Internet did not gave me solution, but (for the first time) Windows did! Solution It

GOT

Game of Thrones S04 set in Iceland (july 2013)

Update: Added screenshots of the episodes. During my vacation in Iceland I stumbled upon the filmset of Game Of Thrones. You guys might enjoy these pictures of the set. These pictures are from july 2013 and are probably for Season 4 (airing right now). There were two trailerparks, one in