0ut3r SpaceNews From Outer Space2024-02-27T13:05:34.000Zhttp://0ut3r.space/hoekHexoGemini server for 0ut3r.spacehttp://0ut3r.space/2024/02/27/gemini-server/2024-02-27T13:00:00.000Z2024-02-27T13:05:34.000Z<p>Another strange thing I decided to do with 0ut3r.space was to serve it via Gemini, I mean not the full copy, but a frontage only (full copy maybe if there will be someone who wants to read it in the Gemini world). As always, I wanted to learn something new while discovering something new. Also, only real hackers serve content over Gemini (lol),TLS Certificate for Onion domainhttp://0ut3r.space/2024/02/09/tls-cert-for-onion/2024-02-09T12:45:00.000Z2024-02-09T12:51:08.000Z<p>I had completely forgotten about this topic. I remembered that I was interested in it in the past, but when the topic of TLS certificates for onion domains came up, it was only available from DigiCert and that was not a financially viable option for me. Ultimately, these are solutions more for business. Fortunately, Harica came along, which IFuzz the worldhttp://0ut3r.space/2024/01/20/fuzz-the-world/2024-01-20T18:57:00.000Z2024-01-20T19:06:05.000Z<p>At the beginning of my pentesting journey, I was not quite sure what fuzzing was. Even though I used it all the time. </p>
<p>Being an amateur guitarist myself, fuzz to me was just a guitar effect that sounded like overdrive, but broken, like the amp had broken down and something was whining. As I didn’t have many colleagues, and still don’t,Worth checking ep.2http://0ut3r.space/2023/12/17/worth-checking-2/2023-12-17T19:00:00.000Z2023-12-17T18:58:10.000Z<p>I hope you haven’t forgotten about the Worth Checking series. <a href="/2023/07/04/worth-checking-1/">Here</a> you can check out the latest one. I thought I’d post monthly in this format, but it would turn out that I’d have more entries like this than my own :) If there were maybe 10 articles a month, it would make as much sense as possible.Miyoo Mini Plushttp://0ut3r.space/2023/11/23/miyoo-mini-plus/2023-11-23T14:16:00.000Z2023-12-09T15:24:48.000Z<p>Howdy motherf… dear readers of this wonderful blog. Sometimes I spend money on things that waste my time. I hate doing this, I mean, buying consoles to play games and then realizing that I do nothing but play games for weeks on end. But what the heck, after all, you have to relax sometimes, better this kind of entertainment than partying andMining cryptocurrency - don't do it at homehttp://0ut3r.space/2023/10/27/minig-cryptocurrency/2023-10-27T10:07:00.000Z2023-10-27T10:10:20.000Z<p>More of a curiosity than a full-blown article, but I was mining a cryptocurrency for a while this week on an average computer. I mean, a long time ago, when Bitcoin was <a href="https://en.wikipedia.org/wiki/History_of_bitcoin">worth so much as nothing</a>, I mined Bitcoins too. This week I just happened to have a computer with a good CPU,OpenSSH hardeninghttp://0ut3r.space/2023/10/24/openssh-hardening/2023-10-24T14:50:00.000Z2023-10-24T15:01:47.000Z<p>If you manage or administer a server, you need secure access to it. In Windows it’s RDP (<a href="https://en.wikipedia.org/wiki/Remote_Desktop_Protocol">Remote Desktop Protocol</a>), usually configured with VPN or a jump host (<a href="https://en.wikipedia.org/wiki/Jump_server">jump server, jump box</a>). On Linux it is the <aTest web server for VirtualBoxhttp://0ut3r.space/2023/09/24/test-web-server/2023-09-24T14:20:00.000Z2023-09-24T14:18:42.000Z<p>It is very important to have a development or test environment for whatever you are working on. It does not matter if it is your home made project, your personal website, your school project or your work stuff. You should always follow good practice and have a test environment (with backup) for all changes and experiments before going intoWindows security and privacyhttp://0ut3r.space/2023/08/20/windows-security-and-privacy/2023-08-20T14:10:00.000Z2023-08-21T08:29:18.000Z<p>I guess for this article I will be again hanged, burned at the stake and executed by firing squad at the same time, but fortunately comments are disabled, so all ugly words and curses will not affect me directly. Also, please, do not think this is a step-by-step guide to make your system secure. It is just a general overview of what to do, andLearning to hackhttp://0ut3r.space/2023/07/24/learning-to-hack/2023-07-24T16:38:00.000Z2023-07-24T16:36:58.000Z<p>Everyone wants to be a hacker. Just like that. For fame or for money, and preferably for both. I even heard being a SOC member is sexy.</p>
<p>In 2019 I wrote an article <a href="https://0ut3r.space/2019/05/31/ethical-hacking/">Ethical Hacking - How to start</a>. Check it as an introduction or supplement to this article.</p>
<p>I work in ITWorth checking ep.1http://0ut3r.space/2023/07/04/worth-checking-1/2023-07-04T17:45:00.000Z2023-12-17T17:33:39.000Z<p>Welcome to the first article of never ending (or till I die) series called <strong>Worth checking</strong> episode 1.</p>
<h2 id="Weird-introduction"><a href="#Weird-introduction" class="headerlink" title="Weird introduction"></a>Weird introduction</h2><p>Being a security researcher or pentester, red teamer, hacker, or other specialist in aAds, analytics, comments, dns, privacy ...http://0ut3r.space/2023/06/15/analytics/2023-06-15T18:15:00.000Z2023-06-15T18:23:45.000Z<p>In the past I tested <a href="/2021/04/12/goaccess/">GoAccess as solution to monitor page views, visitors activity and technology</a>. I also compared it to the Google Analytics. When I wrote article about <a href="/2023/05/02/anonymous-tor-phone/">Anonymous Tor Phone</a> I received one comment like:</p>
<blockquote>
<p>How fucking ironic isCVE-2023-32784 - KeePasshttp://0ut3r.space/2023/05/22/cve-2023-32784/2023-05-22T18:33:00.000Z2023-06-03T10:03:01.000Z<p>New interesting vulnerability <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784">CVE-2023-32784</a> was discovered for <a href="https://keepass.info/">KeePass</a> app last days. In this article I tested it, provided examples how to use it, and how to brute-force password vault with crafted dictionary attack. To not act asAnonymous Tor Phonehttp://0ut3r.space/2023/05/02/anonymous-tor-phone/2023-05-02T14:06:00.000Z2023-06-03T10:03:34.000Z<p>I was always curious about all that bad guys (criminals, drug dealers, hitman’s, thief’s etc.) using not very good and secure communication channels. Forgetting about whole OPSEC stuff. There is a lot of stories about mafia or other criminals where people get caught because of mobile phone tracking, or because using unencrypted communication.Server Upgradehttp://0ut3r.space/2023/04/25/server-upgrade/2023-04-25T09:38:00.000Z2023-11-11T16:34:15.000Z<p>It’s hard to admit, but <a href="https://0ut3r.space/">0ut3r.space</a> was running on Debian 9 (shame on me, on the 30 June 2022, Debian 9 “Stretch” went End of Life). A few days ago, I upgraded it to Debian 11. I thought it may be useful for someone to provide steps I did. Here it is, short article about upgrading 0ut3r.space from Debian 9 toHow ChatGPT helped me to code stuffhttp://0ut3r.space/2023/04/10/chatgpt/2023-04-10T10:28:00.000Z2023-06-03T10:03:45.000Z<p>As we live in the era of <a href="meme_ai_simpson.jpg">AI specialist everywhere</a>, I thought ok lets do some experiment with ChatGPT, to become another <a href="meme_ai_buzz.jpg">AI specialist</a>… nah I am too stupid to understand all the stuff with AI, but I love how it works, and I keep an eye on it since many years. I guess I do not needVirtualenvhttp://0ut3r.space/2023/03/13/virtualenv/2023-03-13T17:15:00.000Z2023-03-13T17:20:45.000Z<p>Everyone who is using Kali Linux, also uses a lot of Python tools. If you have recently installed or updated something in the last few days you might have received an error like:</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><tdHealthy mind and body of hackerhttp://0ut3r.space/2023/02/27/healthy-hacker/2023-02-27T14:29:00.000Z2023-03-13T15:57:29.000Z<p>Yeah, tittle sounds a little like coach, who want to tell (sell) you how to live healthy. As this blog is my personal place, I would like to mix sometimes technical topics with the reflections on life, and tips for other people like me. I got a lot of questions, how to become a hacker, where to find a knowledge, how to develop skills and otherPenetration test report templatehttp://0ut3r.space/2023/01/29/pentest-report-template/2023-01-29T17:13:00.000Z2023-01-29T17:12:41.000Z<p>No matter if you are experienced penetration tester, or beginner red teamer, if you have technical skills better than anyone on earth, or you’re just a script kiddie. All what maters is how you will present your findings. Especially if you are not only a bug hunter, but when you work in a corporation, and the results of your test needs to beEnd of the...http://0ut3r.space/2022/12/31/end-of-the/2022-12-31T10:44:00.000Z2022-12-31T10:43:13.000Z<p>…year :P</p>
<p>Howdy!</p>
<p>As this is the last day in 2022, I decided to share some thoughts, about my website, projects, upcoming ideas, even about myself and also, to say sorry that there was no post last month. No worries dear readers, I do not close the website or end sharing what I know, this is no “good bye” article. I just had to takeSecurity Roadmaphttp://0ut3r.space/2022/10/31/security-roadmap/2022-10-31T21:03:00.000Z2022-10-31T21:01:20.000Z<p>Today I’ll share with you my thoughts on a career in IT security and give some hints on how to get started.</p>
<p>People fresh out of IT-related studies, or those who are just going to study IT more or less know what they want to do or will learn from lecturers and colleagues. More difficult is for those who change their careers completely.Downloading big files from Torhttp://0ut3r.space/2022/09/30/big-files-from-tor/2022-09-30T18:45:00.000Z2024-01-28T18:12:59.000Z<p>Some time ago I had to download some large files from the website, of one of the ransomware groups, in order to analyze the published (stolen) data. The leak was huge, hundreds of gigabytes, split in many large files and all published on the website hosted in Tor network.</p>
<p><img src="/2022/09/30/big-files-from-tor/downloading.jpg"Short story about my Steam Deckhttp://0ut3r.space/2022/08/25/steam-deck/2022-08-25T08:50:00.000Z2022-08-25T08:48:18.000Z<p>Hello 0ut3r Space visitors! Today short article about my Steam Deck. Last year I preordered <a href="https://store.steampowered.com/steamdeck">highest version</a> (512GB NVMe SSD) and on 27th of June it arrived! Of course with my luck it has screen issue and I had to send it back and wait for exchange. About two weeks later I received new one,I am not that hacker you are looking forhttp://0ut3r.space/2022/08/08/i-am-not/2022-08-08T12:43:00.000Z2022-08-08T12:43:15.000Z<p>This article is an information for people who bother me on various groups, social media and messengers. And also for the people who doesn’t understand who am I and what about is this website. It’s not that I don’t like to give a hint or discuss something with someone, but let’s get a few things straight, for the sake of respecting my time andCool Command Line Apps for Linuxhttp://0ut3r.space/2022/07/31/cool-cmd-apps/2022-07-31T11:50:00.000Z2022-07-31T11:46:03.000Z<p>Using system text console, you can do everything. Each system has it own commands and tools. It is amazing how developers building great command line apps that fully replace graphical user interface.</p>
<p><img src="/2022/07/31/cool-cmd-apps/command-line-apps.jpg" alt="Command Line Apps"></p>
<p>Today I will show you very cool command lineLet's hack some SMBhttp://0ut3r.space/2022/06/16/smb-hacking/2022-06-16T17:20:00.000Z2022-06-16T17:31:02.000Z<p><a href="https://en.wikipedia.org/wiki/Server_Message_Block">Server Message Block (SMB)</a>, also known as Common Internet File System (CIFS), is a network protocol mainly used for providing shared access to files, printers, serial ports and miscellaneous communications between nodes on a network.</p>
<p>Versions of Windows SMB<br>CIFS: The oldXubuntu as custom Whonix workstationhttp://0ut3r.space/2022/05/05/xubuntu-whonix/2022-05-05T11:08:00.000Z2022-05-05T11:04:08.000Z<p>If you are a <a href="https://www.whonix.org/">Whonix</a> user this guide may be useful for you. Sometimes when I want to torify whole traffic from a virtual system I am using Whonix Gateway virtual machine. For people who haven’t use Whonix yet here is a short description with links:</p>
<blockquote>
<p>Whonix ™ consists of two VMs: the <aMS Designer keyboard right control keyhttp://0ut3r.space/2022/05/04/ms-designer-ctrl/2022-05-04T18:45:00.000Z2024-03-05T11:35:02.000Z<p>Sometimes simple things require complex solutions. Today’s article is sponsored by Right Control key.</p>
<p>Funny situation… some time ago I bought another keyboard, this time <a href="https://www.microsoft.com/en-us/d/microsoft-designer-compact-keyboard/8zhrtr7zcswq?rtc=3&activetab=pivot:overviewtab">Microsoft Designer Compact Keyboard</a>.Ransomware simulationhttp://0ut3r.space/2022/04/18/ransomware-simulation/2022-04-18T13:05:00.000Z2022-04-18T13:03:33.000Z<p>In one company my boss asked me: “hey, is it possible to check whether we are well protected against ransomware, and whether we are able to detect infected devices, so that we can isolate them from the network fairly quickly?” </p>
<p>When a manager asks you a question like that, you know the next month is going to be tough.</p>
<p>I’ve spentWindows Defender is enough, if you harden ithttp://0ut3r.space/2022/03/06/windows-defender/2022-03-06T19:25:00.000Z2022-03-07T08:06:30.000Z<p>This article is not intended to convince you to abandon your current antivirus solutions. In this post I would like to share my observations and ways to improve the effectiveness of Defender.</p>
<p>You don’t need to buy expensive antivirus software. If you are a standard user, surfing the web, you don’t want to install additional software (eg.CMS Vulnerability Scannershttp://0ut3r.space/2022/02/26/cms-vulnerability-scanners/2022-02-26T16:52:00.000Z2022-02-26T16:51:01.000Z<p>CMS (<a href="https://en.wikipedia.org/wiki/Content_management_system">Content Management System</a>) is very popular, easy to install and mostly setup once and forget by “admins”.</p>
<p>In general, there are quite serious vulnerabilities in popular CMS, as is the case with any software. Bugs are patched fairly quickly. Responsible companiesCVE-2021-4034 - gimme roothttp://0ut3r.space/2022/01/26/cve-2021-4034/2022-01-26T19:52:00.000Z2022-01-26T19:54:03.000Z<p>Hell yeah! Finally, new category on 0ut3r Space! This is the first article in <a href="/categories/vulnerability/">vulnerability</a> category. I’ve been planning this for some time. I will describe shortly the most spectacular, popular and interesting vulnerabilities from perspective of blue and red teams, with some examples. Let start withA little bit about Nmaphttp://0ut3r.space/2021/12/21/nmap/2021-12-21T17:45:00.000Z2023-10-14T07:27:37.000Z<p><a href="https://nmap.org/">Nmap</a> is powerful tool. Mostly used for network discovery and security auditing. If you want to know more about what assets are in your network and what services they are running, Nmap is best choice. I will also describe few other similar tools like <a href="https://linux.die.net/man/1/arp-scan">arp-scan</a> orBlack Friday - Cyber Mondayhttp://0ut3r.space/2021/11/22/black-friday/2021-11-22T12:13:00.000Z2023-06-03T10:02:12.000Z<p>Just short info for all cybersecurity fans.</p>
<p>The day of the year is coming, when people kill each other in shop lines and tread on the way to dream material goods. The American craze of promotion, pointless spending of money on something that we do not need at all, but it is cheap. Willingness to possess, materialism and other wiseUseful Linux Commandshttp://0ut3r.space/2021/10/30/useful-linux-commands/2021-10-30T16:15:00.000Z2023-12-14T14:40:05.000Z<p>There is a lot of infographics about basic Linux commands. They are useful to start journey with Linux terminal. In this article I will show you basic commands with their extended usage and how I am using them. Using <code>ls -l</code> command with basic parameter is cool for directory listing, but it can do a lot more! </p>
<p><imgHow to report a vulnerability and not go to jailhttp://0ut3r.space/2021/09/28/how-to-report-vulnerability/2021-09-28T18:35:00.000Z2021-09-28T18:34:59.000Z<p>This article is more like something to think about rather than technical guide. It contains my thoughts with which you do not necessarily agree, but I will be happy to hear your opinion, maybe I will be able to improve my approach on the subject.</p>
<p>The topic may seem simple in general. You find a bug, a hole, a vulnerability. You report itYet Another Ridiculous Acronymhttp://0ut3r.space/2021/08/26/yara/2021-08-26T10:50:00.000Z2021-08-26T10:49:33.000Z<p><a href="https://virustotal.github.io/yara/">Yara</a> is mostly recognized as a tool to detect, identify and classify malware samples. In general it allows you to identify any binary or textual pattern, such as hexadecimal and strings contained within a file. If you started your journey, as a SOC member, sooner or later you will need to knowRemote connection for Linuxhttp://0ut3r.space/2021/07/25/remote-connection-linux/2021-07-25T13:37:00.000Z2021-07-25T13:38:18.000Z<p>Remote connection for Windows is pretty easy. Built in RDP server and client allows you to connect to remote Windows machine without any additional software. It is of course not too safe, to allow remote connection from the Internet, without any additional security layer, but this is not the topic for today. Today we are talking about localLinux laptopshttp://0ut3r.space/2021/06/15/linux-laptops/2021-06-15T15:25:00.000Z2021-07-11T10:07:09.000Z<p>I started from desktop machines, like everyone who was born in 1980’s. I was tired of desktop computers and Windows operating system, wanted to have small notebook with Linux. After many years my first laptop was, used <a href="https://www.notebookcheck.net/Review-Dell-Vostro-V131-Notebook.60602.0.html">Dell Vostro V131</a> with Intel Core i3,OS, apps and services for privacy and anonymityhttp://0ut3r.space/2021/06/07/privacy-and-anonymity/2021-06-07T13:25:00.000Z2021-06-07T13:31:20.000Z<p>There are few systems that ensure privacy. Even fewer of those who ensures anonymity. Even when we configure our system well, we must remember about the right application selection, so that our entire secure configuration is not compromised by one unfortunate program. We must also remember about our own behavior on the Internet and what we put