Discover and read the best of Twitter Threads about #SSH
Most recents (12)
SSH local port forwarding, explained to humans:
ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.🌐💻 Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.🛣️📬 Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Few days ago I sent a PR to the caddy-ssh to properly handle 2 aspects of PTY sessions:
1- properly channeling of std{in,out} to remote when user sends commands
2- user details lookup on macOS
Buckle up! We have a can of worms in hand 🥫🪱 🧵
#golang
github.com/mohammed90/cad…
1- properly channeling of std{in,out} to remote when user sends commands
2- user details lookup on macOS
Buckle up! We have a can of worms in hand 🥫🪱 🧵
#golang
github.com/mohammed90/cad…
Issue 1:
The issue was recognized when a friend reported `scp` and `rsync` not working. I found the culprit to be not hooking up the session's/channel's I/O to spawned process, otherwise the new process assumed the null devices as its std{in,out,err}.
The issue was recognized when a friend reported `scp` and `rsync` not working. I found the culprit to be not hooking up the session's/channel's I/O to spawned process, otherwise the new process assumed the null devices as its std{in,out,err}.
In other words, the newly created process was not reading/writing to/from the client's shell, rather from, e.g., secondary tty device (pair of the pty device). Thus the I/O was not channeled from the client to the process, rather to the PTY session.
dev.to/napicella/linu…
dev.to/napicella/linu…
Need help monitoring the health and security of your @cosmos network?
Wondering how to manage roles and backup secrets?
We've got you...
Day 6 of our #OpenSource-athon - today we're sharing tools and methods we use to manage the @cheqd_io network
github.com/cheqd/infra
🧵
Wondering how to manage roles and backup secrets?
We've got you...
Day 6 of our #OpenSource-athon - today we're sharing tools and methods we use to manage the @cheqd_io network
github.com/cheqd/infra
🧵
First up, @datadoghq, a tool that provides monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform.
You can think it like a task manager on your laptop
You can think it like a task manager on your laptop
Using @datadoghq we keep an eye on metrics from @Tendermint_Core (e.g. if a validator double signs a transaction) and the @cosmossdk (e.g. transactions / day) to ensure the network runs smoothly & any security vulnerabilities/issues that may impact consensus are quickly resolved
🧵 Backdooring #SSH daemons (sshd) via simple patches probably exists since the dawn of time. Typically, a patched and recompiled version of #OpenSSH allows a threat actor to:
1⃣ login with master password
2⃣ logging all credentials to file
3⃣ hiding logons from "last"
1/4
1⃣ login with master password
2⃣ logging all credentials to file
3⃣ hiding logons from "last"
1/4
‼️Especially, the logging of further credentials potentially enables threat actors to maintain access in the case the backdoored #SSH daemon is detected and removed or to move laterally in the network due to password reuse.
2/4
2/4
Some lines of source code say more than thousands lines of prose 📚. Therefore, I recommend to have a look at an example github.com/QAX-A-Team/ope…. The changes are minimal, the impact is potentially huge.
3/4
3/4
#NoCode #buildinpublic
Many people think that free #OpenSource software is only for #Linux.
But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!
These are some of my faves!
25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
Many people think that free #OpenSource software is only for #Linux.
But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!
These are some of my faves!
25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
7-Zip (@7zip)
Great archiver supporting
Packing/unpacking:
7z
XZ
BZIP2
GZIP
TAR
ZIP
WIM
Unpacking only:
AR
ARJ
CAB
CHM
CPIO
CramFS
DMG
EXT
FAT
GPT
HFS
IHEX
ISO
LZH
LZMA
MBR
MSI
NSIS
NTFS
QCOW2
RAR
RPM
SquashFS
UDF
UEFI
VDI
VHD
VHDX
VMDK
WIM
XAR
Z
7-zip.org
Great archiver supporting
Packing/unpacking:
7z
XZ
BZIP2
GZIP
TAR
ZIP
WIM
Unpacking only:
AR
ARJ
CAB
CHM
CPIO
CramFS
DMG
EXT
FAT
GPT
HFS
IHEX
ISO
LZH
LZMA
MBR
MSI
NSIS
NTFS
QCOW2
RAR
RPM
SquashFS
UDF
UEFI
VDI
VHD
VHDX
VMDK
WIM
XAR
Z
7-zip.org
Audacity (@getaudacity)
If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.
Tons of features & useful tools!
audacityteam.org
If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.
Tons of features & useful tools!
audacityteam.org
(1/14) Hey #StarshipAddicts , @CSI_Starbase has concluded that #B4 is NEVER going to leave the ground under its own power & #B5 is just a massive lawn ornament.
#StarshipSuperHeavy #B7 is up next, lets look at some of the difference we have noticed so far!
📷:@RGVaerialphotos
#StarshipSuperHeavy #B7 is up next, lets look at some of the difference we have noticed so far!
📷:@RGVaerialphotos
(2/14) Fwd Dome Section:
On the FWD dome we see a new design for the stage separation clamps. These may have not been completed yet on #B7 but the initial shape of them is a departure from the previous boosters.
📷:@StarshipGazer | @CosmicalChief
On the FWD dome we see a new design for the stage separation clamps. These may have not been completed yet on #B7 but the initial shape of them is a departure from the previous boosters.
📷:@StarshipGazer | @CosmicalChief
I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.
This thread is dedicated to Tunneling/PortForwarding tricks.
#infosec #pentest #tunneling #security #bugbounty
This thread is dedicated to Tunneling/PortForwarding tricks.
#infosec #pentest #tunneling #security #bugbounty
Local Port2Port
Open new Port in SSH Server --> Other port
ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere
ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere
Open new Port in SSH Server --> Other port
ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere
ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere
Port2hostnet (proxychains)
Local Port --> Compromised host(SSH) --> Wherever
ssh -f -N -D <attacker_port> <username>@<ip_compromised>
#pentest #security #infosec #bugbounty
Local Port --> Compromised host(SSH) --> Wherever
ssh -f -N -D <attacker_port> <username>@<ip_compromised>
#pentest #security #infosec #bugbounty
La info de ayer te desperto el bichito de meterte en #ciberseguridad? ¿Querés ser hacker? te cuento un poco de como arranque y algunos consejos para que logres progreso y te vayas enamorando. En el hilo anterior mencione aprender de sistemas operativos. Acá hay principalmente 2
Sé que estas pensando! sí! #Mac y #Windows, pero NO. Me refiero a #linux y a #windows. otro día hablamos de Mac. Es importante que conozcas a detalle como funcionan estos sistemas operativos. Para esto te podes bajar #virtualbox y crear dentro una virtual machine con un @ubuntu
y otra con #windows10 o el que tengas licencia. Hay que entender como funciona por dentro, cual es el tipo de file system que utiliza cada uno, porque se utilizan permisos, que tipo de archivos hay en cada directorio, que hacen esos archivos? cuales son ejecutables y cuales
After the negotiators have come to a final deal on the budget of #HorizonEurope, we can look at the programme and its different aspects.
So what’s in for #SocialSciences and #Humanities?
So what’s in for #SocialSciences and #Humanities?
In fact, #SocialSciences & #Humanities are prominently featured in the regulation, which will be the political and legal foundation of #HorizonEU
era.gv.at/object/documen…
era.gv.at/object/documen…
Art 4 of #HorizonEU regulation on the general structure states:
"#SocialSciences and #Humanities (#SSH) shall play an important role across all clusters”
There will be Clusters on Health, Society, Security, Digital, Climate/Energy/Mobility & Food/Agri/Env
"#SocialSciences and #Humanities (#SSH) shall play an important role across all clusters”
There will be Clusters on Health, Society, Security, Digital, Climate/Energy/Mobility & Food/Agri/Env
Update. Publishers may choose English because it's a lingua franca for science, intelligible to a larger audience. Or they may do it to increase their #JIF. (And of course the two motives may be related.) Research from Brazil.
scielo.br/scielo.php?scr…
scielo.br/scielo.php?scr…
Update. Confirmation that writing outside your native language (unless you are extremely proficient) triggers linguistic bias from native speakers.
sciencedirect.com/science/articl…
sciencedirect.com/science/articl…
1/ Update. Most email solicitations from predatory journals use weak English. This study confirms my experience.
paperity.org/p/174009175/ma…
But...
paperity.org/p/174009175/ma…
But...
Bir yazılım geliştiricinin bilmesi gerekenlerle ilgili 15 maddelik flood geliyor.. Mümkün olduğunca fazla keywordü bir araya toplamaya çalıştım.
Hadi Başlıyoruz!
#Developer #Software #Java #code #kod #yazılım #development #computer #bilgisayar #tool #PC #IT #web #tech #data
Hadi Başlıyoruz!
#Developer #Software #Java #code #kod #yazılım #development #computer #bilgisayar #tool #PC #IT #web #tech #data
1-Temel veri yapıları (linkedList, map, tree vb) ve temel algoritmalar (sıralama, arama vb)
Sıfırdan kodlama ihtiyacınız büyük ihtimalle hiç olmayacak. Ancak ihtiyaç anında doğru yerde doğrusunu seçebilmek için o veri yapısının veya algoritmanın nasıl çalıştığını bilmeniz şart
Sıfırdan kodlama ihtiyacınız büyük ihtimalle hiç olmayacak. Ancak ihtiyaç anında doğru yerde doğrusunu seçebilmek için o veri yapısının veya algoritmanın nasıl çalıştığını bilmeniz şart
#prod365 #fr Les Plans de Continuité d'Activité (#PCA) ont pour but de retablir le SI après un "désastre". Un tel événement est aussi appelé "Disaster Recovery" (#DR) et inclus de nombreux événements graves, notamment la perte de #datacenter ou de données.
Citons quelques exemples: corruption silencieuse, destruction du medium de stockage (par erreur ou par nuisance: piratage ou rogue employee), isolation réseau (coup de pelleteuse dans la fibre), script d'administration mal fait / boucle foireuse, clause WHERE oubliée...
Pour de multiples raisons, certaines applications ne peuvent pas être disponibles en Actif/Actif, seulement Actif/Passif.
Cela implique de pouvoir répliquer les données live et de les réutiliser sur une autre machine.
Cela implique de pouvoir répliquer les données live et de les réutiliser sur une autre machine.
