TLS Certificate for Onion domain

2024-02-09T12:45:00.000Z

I had completely forgotten about this topic. I remembered that I was interested in it in the past, but when the topic of TLS certificates for onion domains came up, it was only available from DigiCert and that was not a financially viable option for me. Ultimately, these are solutions more for business. Fortunately, Harica came along, which I

Fuzz the world

2024-01-20T18:57:00.000Z

At the beginning of my pentesting journey, I was not quite sure what fuzzing was. Even though I used it all the time.

Being an amateur guitarist myself, fuzz to me was just a guitar effect that sounded like overdrive, but broken, like the amp had broken down and something was whining. As I didn’t have many colleagues, and still don’t,

Worth checking ep.2

2023-12-17T19:00:00.000Z

I hope you haven’t forgotten about the Worth Checking series. Here you can check out the latest one. I thought I’d post monthly in this format, but it would turn out that I’d have more entries like this than my own :) If there were maybe 10 articles a month, it would make as much sense as possible.

Miyoo Mini Plus

2023-11-23T14:16:00.000Z

Howdy motherf… dear readers of this wonderful blog. Sometimes I spend money on things that waste my time. I hate doing this, I mean, buying consoles to play games and then realizing that I do nothing but play games for weeks on end. But what the heck, after all, you have to relax sometimes, better this kind of entertainment than partying and

Mining cryptocurrency - don't do it at home

2023-10-27T10:07:00.000Z

More of a curiosity than a full-blown article, but I was mining a cryptocurrency for a while this week on an average computer. I mean, a long time ago, when Bitcoin was worth so much as nothing, I mined Bitcoins too. This week I just happened to have a computer with a good CPU,

OpenSSH hardening

2023-10-24T14:50:00.000Z

If you manage or administer a server, you need secure access to it. In Windows it’s RDP (Remote Desktop Protocol), usually configured with VPN or a jump host (jump server, jump box). On Linux it is the

Test web server for VirtualBox

2023-09-24T14:20:00.000Z

It is very important to have a development or test environment for whatever you are working on. It does not matter if it is your home made project, your personal website, your school project or your work stuff. You should always follow good practice and have a test environment (with backup) for all changes and experiments before going into

Windows security and privacy

2023-08-20T14:10:00.000Z

I guess for this article I will be again hanged, burned at the stake and executed by firing squad at the same time, but fortunately comments are disabled, so all ugly words and curses will not affect me directly. Also, please, do not think this is a step-by-step guide to make your system secure. It is just a general overview of what to do, and

Learning to hack

2023-07-24T16:38:00.000Z

Everyone wants to be a hacker. Just like that. For fame or for money, and preferably for both. I even heard being a SOC member is sexy.

In 2019 I wrote an article Ethical Hacking - How to start. Check it as an introduction or supplement to this article.

I work in IT

Worth checking ep.1

2023-07-04T17:45:00.000Z

Welcome to the first article of never ending (or till I die) series called Worth checking episode 1.

Weird introduction

Being a security researcher or pentester, red teamer, hacker, or other specialist in a

Ads, analytics, comments, dns, privacy ...

2023-06-15T18:15:00.000Z

In the past I tested GoAccess as solution to monitor page views, visitors activity and technology. I also compared it to the Google Analytics. When I wrote article about Anonymous Tor Phone I received one comment like:

How fucking ironic is

CVE-2023-32784 - KeePass

2023-05-22T18:33:00.000Z

New interesting vulnerability CVE-2023-32784 was discovered for KeePass app last days. In this article I tested it, provided examples how to use it, and how to brute-force password vault with crafted dictionary attack. To not act as

Anonymous Tor Phone

2023-05-02T14:06:00.000Z

I was always curious about all that bad guys (criminals, drug dealers, hitman’s, thief’s etc.) using not very good and secure communication channels. Forgetting about whole OPSEC stuff. There is a lot of stories about mafia or other criminals where people get caught because of mobile phone tracking, or because using unencrypted communication.

Server Upgrade

2023-04-25T09:38:00.000Z

It’s hard to admit, but 0ut3r.space was running on Debian 9 (shame on me, on the 30 June 2022, Debian 9 “Stretch” went End of Life). A few days ago, I upgraded it to Debian 11. I thought it may be useful for someone to provide steps I did. Here it is, short article about upgrading 0ut3r.space from Debian 9 to

How ChatGPT helped me to code stuff

2023-04-10T10:28:00.000Z

As we live in the era of AI specialist everywhere, I thought ok lets do some experiment with ChatGPT, to become another AI specialist… nah I am too stupid to understand all the stuff with AI, but I love how it works, and I keep an eye on it since many years. I guess I do not need

Virtualenv

2023-03-13T17:15:00.000Z

Everyone who is using Kali Linux, also uses a lot of Python tools. If you have recently installed or updated something in the last few days you might have received an error like:

1
2

Healthy mind and body of hacker

2023-02-27T14:29:00.000Z

Yeah, tittle sounds a little like coach, who want to tell (sell) you how to live healthy. As this blog is my personal place, I would like to mix sometimes technical topics with the reflections on life, and tips for other people like me. I got a lot of questions, how to become a hacker, where to find a knowledge, how to develop skills and other

Penetration test report template

2023-01-29T17:13:00.000Z

No matter if you are experienced penetration tester, or beginner red teamer, if you have technical skills better than anyone on earth, or you’re just a script kiddie. All what maters is how you will present your findings. Especially if you are not only a bug hunter, but when you work in a corporation, and the results of your test needs to be

End of the...

2022-12-31T10:44:00.000Z

…year :P

Howdy!

As this is the last day in 2022, I decided to share some thoughts, about my website, projects, upcoming ideas, even about myself and also, to say sorry that there was no post last month. No worries dear readers, I do not close the website or end sharing what I know, this is no “good bye” article. I just had to take

Security Roadmap

2022-10-31T21:03:00.000Z

Today I’ll share with you my thoughts on a career in IT security and give some hints on how to get started.

People fresh out of IT-related studies, or those who are just going to study IT more or less know what they want to do or will learn from lecturers and colleagues. More difficult is for those who change their careers completely.

Downloading big files from Tor

2022-09-30T18:45:00.000Z

Some time ago I had to download some large files from the website, of one of the ransomware groups, in order to analyze the published (stolen) data. The leak was huge, hundreds of gigabytes, split in many large files and all published on the website hosted in Tor network.

Short story about my Steam Deck

2022-08-25T08:50:00.000Z

Hello 0ut3r Space visitors! Today short article about my Steam Deck. Last year I preordered highest version (512GB NVMe SSD) and on 27th of June it arrived! Of course with my luck it has screen issue and I had to send it back and wait for exchange. About two weeks later I received new one,

I am not that hacker you are looking for

2022-08-08T12:43:00.000Z

This article is an information for people who bother me on various groups, social media and messengers. And also for the people who doesn’t understand who am I and what about is this website. It’s not that I don’t like to give a hint or discuss something with someone, but let’s get a few things straight, for the sake of respecting my time and

Cool Command Line Apps for Linux

2022-07-31T11:50:00.000Z

Using system text console, you can do everything. Each system has it own commands and tools. It is amazing how developers building great command line apps that fully replace graphical user interface.

Today I will show you very cool command line

Let's hack some SMB

2022-06-16T17:20:00.000Z

Server Message Block (SMB), also known as Common Internet File System (CIFS), is a network protocol mainly used for providing shared access to files, printers, serial ports and miscellaneous communications between nodes on a network.

Versions of Windows SMB
CIFS: The old

Xubuntu as custom Whonix workstation

2022-05-05T11:08:00.000Z

If you are a Whonix user this guide may be useful for you. Sometimes when I want to torify whole traffic from a virtual system I am using Whonix Gateway virtual machine. For people who haven’t use Whonix yet here is a short description with links:

Whonix ™ consists of two VMs: the

MS Designer keyboard right control key

2022-05-04T18:45:00.000Z

Sometimes simple things require complex solutions. Today’s article is sponsored by Right Control key.

Funny situation… some time ago I bought another keyboard, this time Microsoft Designer Compact Keyboard.

Ransomware simulation

2022-04-18T13:05:00.000Z

In one company my boss asked me: “hey, is it possible to check whether we are well protected against ransomware, and whether we are able to detect infected devices, so that we can isolate them from the network fairly quickly?”

When a manager asks you a question like that, you know the next month is going to be tough.

I’ve spent

Windows Defender is enough, if you harden it

2022-03-06T19:25:00.000Z

This article is not intended to convince you to abandon your current antivirus solutions. In this post I would like to share my observations and ways to improve the effectiveness of Defender.

You don’t need to buy expensive antivirus software. If you are a standard user, surfing the web, you don’t want to install additional software (eg.

CMS Vulnerability Scanners

2022-02-26T16:52:00.000Z

CMS (Content Management System) is very popular, easy to install and mostly setup once and forget by “admins”.

In general, there are quite serious vulnerabilities in popular CMS, as is the case with any software. Bugs are patched fairly quickly. Responsible companies

CVE-2021-4034 - gimme root

2022-01-26T19:52:00.000Z

Hell yeah! Finally, new category on 0ut3r Space! This is the first article in vulnerability category. I’ve been planning this for some time. I will describe shortly the most spectacular, popular and interesting vulnerabilities from perspective of blue and red teams, with some examples. Let start with

A little bit about Nmap

2021-12-21T17:45:00.000Z

Nmap is powerful tool. Mostly used for network discovery and security auditing. If you want to know more about what assets are in your network and what services they are running, Nmap is best choice. I will also describe few other similar tools like arp-scan or

Black Friday - Cyber Monday

2021-11-22T12:13:00.000Z

Just short info for all cybersecurity fans.

The day of the year is coming, when people kill each other in shop lines and tread on the way to dream material goods. The American craze of promotion, pointless spending of money on something that we do not need at all, but it is cheap. Willingness to possess, materialism and other wise

Useful Linux Commands

2021-10-30T16:15:00.000Z

There is a lot of infographics about basic Linux commands. They are useful to start journey with Linux terminal. In this article I will show you basic commands with their extended usage and how I am using them. Using ls -l command with basic parameter is cool for directory listing, but it can do a lot more!

How to report a vulnerability and not go to jail

2021-09-28T18:35:00.000Z

This article is more like something to think about rather than technical guide. It contains my thoughts with which you do not necessarily agree, but I will be happy to hear your opinion, maybe I will be able to improve my approach on the subject.

The topic may seem simple in general. You find a bug, a hole, a vulnerability. You report it

Yet Another Ridiculous Acronym

2021-08-26T10:50:00.000Z

Yara is mostly recognized as a tool to detect, identify and classify malware samples. In general it allows you to identify any binary or textual pattern, such as hexadecimal and strings contained within a file. If you started your journey, as a SOC member, sooner or later you will need to know

Remote connection for Linux

2021-07-25T13:37:00.000Z

Remote connection for Windows is pretty easy. Built in RDP server and client allows you to connect to remote Windows machine without any additional software. It is of course not too safe, to allow remote connection from the Internet, without any additional security layer, but this is not the topic for today. Today we are talking about local

Linux laptops

2021-06-15T15:25:00.000Z

I started from desktop machines, like everyone who was born in 1980’s. I was tired of desktop computers and Windows operating system, wanted to have small notebook with Linux. After many years my first laptop was, used Dell Vostro V131 with Intel Core i3,

OS, apps and services for privacy and anonymity

2021-06-07T13:25:00.000Z

There are few systems that ensure privacy. Even fewer of those who ensures anonymity. Even when we configure our system well, we must remember about the right application selection, so that our entire secure configuration is not compromised by one unfortunate program. We must also remember about our own behavior on the Internet and what we put

Backup your data

2021-05-18T13:23:00.000Z

Few months ago I bought Synology DiskStation DS720+. I was using Synology DS218j for about 5 years and wanted to buy something more efficient. This article is a small review and a reminder for you to backup your data. If you think about NAS, you care about your data, and you want