alex_02

@alex_02@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

Just a hardware nerd.

Mastodon: @alex_02@infosec.pub

⁨Comment⁩ on ⁨Off-Topic Friday⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I have a freezer full of ice cream again.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
A bit late again, but I’ve been busy and dealing with life… I finally got my PinePhone up and running, mostly. I’m quite proud. I ended up going with Arch + Phosh image and not disappointed. Found a bunch of apps that work well on it as well. I’m definitely happy for once since it is basically usable now as a regular smartphone and as a mobile device for uh more nerdy things.

I am also debating which smartphone to buy to have as a backup phone, and there are three I looked at. All three have official Lineage OS support and one has Calyx OS support. I might end up buying 2 out of the 3.

Also been brainstorming and experimenting with a few ideas in labs and on my devices. Have a lot written down as a rough draft of what I want, and just need to go through my list to figure out what to prioritize to code and test in labs first. I am glad I wasted way too long figuring out this stuff because things are starting to turn out a lot better quality. I also have a nice list of hardware I want to buy… looking forward to being able to explore RF more and play with a lot of interesting hardware toys.

I have a lot of plans right now and just taking everything a bit each day.
⁨Comment⁩ on ⁨Off-Topic Friday⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I just accept I’m an asshole, and I’m an emo furry.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Make it more usable without having to do too many mental backflips. I’m going to try to see if I could make a better DE with XFCE + Openbox + dmenu + the sxmo gesture daemon. Have a rough draft in my head.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I’m late, but been wrestling with the PinePhone. I’ve ultimately decided on Mobian with Phosh + TLP + UFW and probably other stuff. I have decided to take a bit of a short break from most of my projects, but will probably be back to them in a week or so. Just exhausted right now, but something’s are starting to look up for once.
⁨Comment⁩ on ⁨Off-Topic Friday (experimental)⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I was told there were furries on Fridays.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Brainstorming ways to deal with the overheating on PinePhone and have a few ideas to try. Been coding a lot in various different languages that are mostly newer to get a feel for them to see if they’re interesting enough. At some point, I want to try to get into developing some stuff with the Pogo pins on the PinePhone. Need to get to emulating firmware on QEMU to start playing with IoT and whatnot…

I have a lot going on. xD
⁨Comment⁩ on ⁨Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Idk what I read because it is so stupid.
⁨Comment⁩ on ⁨Microsoft is a national security threat, says ex-White House cyber policy director⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Are you a child or just dense?
⁨Comment⁩ on ⁨Microsoft is a national security threat, says ex-White House cyber policy director⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
You mean It’s a bad idea to put government secrets in the cloud of a large company whose only working department is their PR department?

Image
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
The syntax reminds me of what python, javascript, c# would look like combined if they somehow mated and had a child in their threeway relationship. The community also has very stupid people that think it is great making everything twenty times harder because of some hypothetical insecurity introduced by the user or something dumb like that when Rust is supposed to be a memory safe language and the hand holding has allowed some very dumb but arrogant asshats get it to their head.

It just seems over all like a cobbled up, overhyped mess that is driven a lot by pseudo-intellects and ego. A lot of the articles I’ve read have the author throwing around a bunch of fancy words that don’t really make sense and just make them look dumb, also a lot of times it seems unneededsly complicated with how someone does x and explain it overcomplicated. This is especially with when I tried to look at the state of encryption and cryptography in rust. The issue is that crypto is easy to get wrong even by very, very smart people, so what I saw just from glancing and trying to figure out tf I’m looking at with the libraries and also the focus on more of “X is faster than other much better audited crypto library or whatever” and made me unable to trust the libraries to use in my programs since I did not want to introduce possibly vulnerabilities that could be catastrophic.

Also, ironically not long after idiots touted C/C++ being dead or something after the federal gov here decided to make the announcement of moving to memory safe languages, there was some silly cve that allowed rce via some weird batch script. I think it is just better for me to be cautious right now with the language since right now I’m very, very skeptical and from experience if I have doubts about something in tech, I’m probably right.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Yeah. Life keeps getting in the way, but I’ve been having plans to at least start emulating firmware with QEMU and poke around a bunch of publicly available firmware. The biggest problem I do see with the learning curve is the machine language, but I don’t see it being too much of trouble once I grasp the basics enough to get a better idea what is going on. Finally got around to getting qemu up and running, so will try to get started with firmware once I get other more important things taken care of first.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I have. I hate Rust. I think it is overhyped. I have heard good things about Zig, and it looks more promising. Crystal and Dart also look promising, but unfortunately the hype is fucking Rust, which I think is a garbage language.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
You mean taking hardware apart or reverse engineering the software/firmware? Been planning on getting into reverse engineering firmware, but I take hardware apart a lot to figure out how they work because most of the time I can build something better and cheaper.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I wanted to do red teaming when I was 18/19, but it is so niche that I don’t think I can get my foot in the door, but I’m a hardware nerd and the past several months I have also started looking at overlooked protocols. I do plan on getting into more embedded and designing my own boards. Thing is, hardware is very overlooked which I feel like nobody is taking it serious enough. I still have an interest in the tech industry, but kind of just letting life do its thing and wherever I end up, I end up there.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I’m a huge fan of Golang, but I’ve started looking at writing in Java because a lot of APIs have Java SDK. Before, I have coded a lot more in C/C++. I also love shell scripting and have written a lot of scripts in bash and sh. I’m planning on coding more stuff in various different languages and for Windows I’ve started dabbling in C# because it is specifically built for Windows, so I tolerate it.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Well, currently I’m open to anything, but I go back to school in the fall and should get workstudy so was thinking of checking the IT Helpdesk first at the school, but think I have enough personal experience that I could in theory do something like Junior Sysadmin or Junior Pentester. The main issue is that I live in a dead end state right now, and any job would have to be remote for the most part, which most companies won’t do. Another problem is that I don’t exactly have a great reputation because of assholes that I’ve had the displeasure of dealing with since I was a teenager. There is also the dumb case of my record with an online article that basically defames me and doxxes me. Also, a lot of misinfo. That article shows up when you google my name and also the stupid case, so idiots in HR get weird about it which ruined several job opportunities, and also I was harassed for months online which cost me my last job along with that dumb article… So think I’m going to just look for something outside the tech industry because so far the way I’ve been treated has been foul.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I cleaned up my room, which took a total of five hours. I’m proud of that one. I just need to vacuum and call it a day. Also been doing a lot of research and coding again. Hoping some of these interview line up so I can start making money to waste all on new hardware toys.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
OSINT and trying to take care of myself.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I do have a GitHub, but nothing impressive, me thinks. Also have a blog, but can’t be arsed to write on it often. Mostly been writing tools and scripts to help me with my osint which can get extremely tedious especially when gathering data. The flipper is definitely stupid useful, but I have yet to use it for more things. Already wrote a bunch of BadUSB scripts for it and working on figuring out how access controls work.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Well, my Flipper Zero is finally getting delivered today (It got delayed twice). Been writing a bunch of scripts and programs to help me with my projects and research. Mostly just getting and handling data properly. Hoping to get back to writing and building what I enjoy more because it has been a bit boring and tedious.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
A bit late (sorry, been busy and distracted), but my new toy came in, and it is all pimped out. Only thing missing is a type c to USB female OTG or whatever, so I can plug in an external Wi-Fi adapter. Been writing way too many scripts in Golang and python, so been losing my sanity, but hey shit works.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Been needing to take a step back from a project and focus on other things. Thinking while taking the break I’m going to focus on writing some scripts and take some old code and make it better. I wrote a bunch of tools for windows a while ago, but I think I can write them better now.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Well just got done with fixing a few annoyances in some of my github utils and added a few things. Overall been pretty busy… I think.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
So been working on several things, but I am hoping to soon share some of them with the documentation and hopefully start exploring other ideas I have.

Finally got around to setting up the labs on digital ocean and bought domains that I’ve been itching to get for a while. Been taking a look at different kind of boards and hardware devices to see if usable for what I want. I am tired, so I think I’m going to take a short break on my current things and focus on other projects I’ve been meaning to do.

I think it is good to rotate between projects, so things don’t become dull and tedious or whatever.
⁨Comment⁩ on ⁨Linux Hardening - what are you must-haves?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
For personal homelab, I keep it really simple, and I try to think realistically. Which means, using keys with ssh, setting up ufw and keep as little exposure for ports as possible, fail2ban, only really using user accounts with sudo instead of root, use containers and vms when I can to help keep things contained if I am working on something that might have links or files that are malicious, run something like a PiHole or AdGuard Home, etc.

I do plan on adding pfsense + security onion once I can get the proper hardware that has enough ram, but this is probably the only “overkill” I plan on running.

For stuff like VPS usually just UFW + SSH keys is mostly what I need, but add as I needed.

If I ever end up as a Linux Sysadmin, I would use a much more robust and proper setup for the company which means something like grsec, try to do something like setup a much better EDR/SIEM, rotate ssh keys if possible, etc.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
My Keychron came in so going to use it as my first modded mechanical keyboard.
⁨Comment⁩ on ⁨Training Tuesday - Discussions for certs, training and learning-at-home⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Been working on a generic rpi4 pentest device and it is slowly coming together. Think overtime Imma add other adapters and whatnot. Been debating about adding a screen once I get everything in a pelican case, but I don’t want to add yet another thing that can eat up the power bank and the whole idea is to run headless.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Got my rpi4 bettercap wifi stuff done and been busy with work. Soon I’m going to try to go back to coding and hopefully my stuff I ordered gets here asap. Trying to get hardware upgraded.
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I like Obsidian and before I just used notebooks. I just needed a good note software that could run on multiple platforms and I could sync across devices. I still use notebooks.