Creating Tailscale Subnet Routes

Posted on by Brody Rethy

Single:

tailscale up --advertise-routes=192.168.2.0/24

Multiple:

tailscale up --advertise-routes=192.168.2.0/24,198.51.100.0/24

Note: Tailscale on Mac and Linux likely run as root, so it would have to be run via your superuser. Besides that, the process is the same for Mac, Linux, and Windows.

Note: Tailscale subnet routes must be approved via the Admin dashboard after adding them.

Understanding SQL Injections

Posted on by Brody Rethy

Definition

SQL injection attacks occur when an input field is able to be escaped allowing for direct execution of user defined queries.

Example

Having an age field that doesn’t check if the input is an integer or contains special characters is one example where this can occur. Protection can be as simple as checking if it’s a valid number prior to running the SQL command, or better yet, creating pre-made queries when using a language like PHP.

Enabling TWM-Like Keybinds In PopOS 22.04 LTS

Posted on by Brody Rethy

# Clear all keybinds.
gsettings set org.gnome.shell.keybindings switch-to-application-1 []
gsettings set org.gnome.shell.keybindings switch-to-application-2 []
gsettings set org.gnome.shell.keybindings switch-to-application-3 []
gsettings set org.gnome.shell.keybindings switch-to-application-4 []
gsettings set org.gnome.shell.keybindings switch-to-application-5 []
gsettings set org.gnome.shell.keybindings switch-to-application-6 []
gsettings set org.gnome.shell.keybindings switch-to-application-7 []
gsettings set org.gnome.shell.keybindings switch-to-application-8 []
gsettings set org.gnome.shell.keybindings switch-to-application-9 []

# Bind keys to move to workspace.
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-1 “[‘1′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-2 “[‘2′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-3 “[‘3′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-4 “[‘4′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-5 “[‘5′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-6 “[‘6′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-7 “[‘7′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-8 “[‘8′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-9 “[‘9′]”
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-10 “[‘0′]”

# Bind keys to move window to workspace.
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-1 “[‘1′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-2 “[‘2′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-3 “[‘3′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-4 “[‘4′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-5 “[‘5′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-6 “[‘6′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-7 “[‘7′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-8 “[‘8′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-9 “[‘9′]”
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-10 “[‘0′]”

Common Malware Obfuscation Techniques

Posted on by Brody Rethy

Disclaimer

As is with any Cybersecurity related information, it can be used to strengthen your systems, or potentially to harm them. Do not use this information to break any laws applicable in your country. If you misuse this information, I will not be held responsible.

Techniques

  • Base64 Encoding
    • Take the entire codebase (meaning each individual source file), and run it through a base64 encoder. Optimally, each file would be placed in different strings in the destination as a variable. These should be run in another program as a sort of base64 executor, which would decode the base64 strings and run them as the original program.
    • Most mainstream programming languages have pre-existing modules to do this.
  • Variable Name Obfuscation
    • Ideally, you would rename the variables and functions to generic things, like f1, f2, f3, v1, v2, v3, etc. The use of a premade algorithm or an LLM to do this for you would be better.
    • Example LLM prompt:

      • {code base goes here}

      Replace all variable and function names by randomly generated character and number combinations.

  • Function Cramming
    • This would be the act of adding decoy/useless functions that get called throughout the code in order to further obfuscate what the program is really doing. Once again, an algorithm or LLM would be the easiest way to accomplish this.

Independently and on their own, these are useful. In conjunction, these are effective. They aren’t hard things to do. Test it for yourself (in a legal setting) and see.

Data Storage Safety

Posted on by Brody Rethy
  • Use BitLocker Drive Encryption on all hard drives (including secondary), or LUKS for Linux.
  • For very significant/sensitive data that cannot risk being stolen, use a VeraCrypt container on an encrypted hard drive.
    • This ensures there’s a secondary layer of encryption with a different password to unlock it. This also makes it so that it can’t be leaked to CLOUD BACKUP SERVICES which have a tendency to be a dangerously unlooked vector.
  • Ensure you use a backup service that supports native encryption using private keys you control (iDrive is the best).
    • This is a secondary layer in case your username/password -> Authenticator is compromised. Additionally, ensure that the backup service does not save the private keys themselves.
    • One negative of iDrive is the terrible Linux support. I recommend running a QEMU/KVM VM that runs the Windows version of the program, then sharing your desired locations to backup to the VM. I have a note on this here.
    • If you aren’t using a backup service already, you’re NGMI…
  • Use an encrypted notepad program, such as encNotepad -> never use plaintext notes for anything.
    • (I’m not here to plug my basic software, but encNotepad is a basic notepad-like program to get you up and running, and with high-enough security methods)

iDrive Backups Through QEMU/KVM

Posted on by Brody Rethy

The iDrive script/program for Linux is messed up. Sometimes it works, other times you have to reconnect multiple times before it runs on a schedule, only to fail again upon reboot. The alternative is to run the iDrive Windows program inside a QEMU/KVM Virtual Machine.

Steps

  • Install QEMU/KVM / libvirtd and virt-manager.

    • sudo apt install virt-manager
      sudo systemctl enable –now libvirtd
      sudo usermod -aG libvirt $USER

  • Download Windows 10 LTSC IoT (the smallest possible Windows image).
  • Setup Windows 10 Guest Tools for QEMU/KVM.
  • Install the iDrive application on the Windows VM.

VMware Workstation Download Post-Broadcom

Posted on by Brody Rethy

In case you didn’t hear, VMware has been sold to Broadcom. Unfortunately, this has come with a couple of site issues during the migration. As of now 2024-05-28, there’s no way to “publically” download the VMware Workstation product. I’ll show you how to download it the alternative way.

In addition, VMware Workstation Pro is now rebranded as a free product for consumers and paid for enterprise users.

qBittorrent Setup Guide 2024

Posted on by Brody Rethy
  • Click the Settings icon.
    • Click the Advanced option.
      • Go to the Network interface section, and choose your VPN interface. If you’re using Mullvad, there should be an entry for Mullvad.
        • This will make sure to bind your qBittorrent connection directly to your VPN. There will be no possibility of mistakenly opening qBittorrent without your VPN on, leaking your gateway IP to the world. If you don’t have a VPN and are living in Germany, Western European nations, or North America, you need one… Unless you’re only downloading ISOs or legal, non-copywritten material, that is.
    • Click the BitTorrent option.
      • Go to the Encryption mode: section. Make sure it’s set to Require encryption.
      • Check the checkbox for Enable anonymous mode.
      • Make sure that the value 30 is set for all of the following options:
        • Maximum active checking torrents:
        • Maximum active downloads:
        • Maximum active uploads:
        • Maximum active torrents:
      • Modify the values for the following areas:
        • Download rate threshold: 35 KiB/s
        • Torrent inactivity timer: 15 sec
      • Under Seeding Limits, ensure When ratio reaches is checked, and the value is set to 0.00.
      • Under the then area, make sure the value is set to Pause torrent.
    • Click the Downloads option.
      • Navigate to the Saving Management subsection. Set the following options: Default Torrent Management Mode: Automatic, When Torrent Category changed: Relocate torrent, When Default Save/Incomplete Path changed: Relocate affected torrents, and When Category Save Path changed: Relocate affected torrents.
      • Nativate to the Saving Management subsection. Ensure that the Use Subcategories checkbox is checked.
      • Nativate to the Saving Management subsection. Ensure that the Copy .torrent files to: checkbox is checked. Be sure to set a default value via the file picker option on the right.