Discover and read the best of Twitter Threads about #ssh

Most recents (12)

SSH local port forwarding, explained to humans:

ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.🌐💻 Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.🛣️📬 Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Read 7 tweets
Few days ago I sent a PR to the caddy-ssh to properly handle 2 aspects of PTY sessions:

1- properly channeling of std{in,out} to remote when user sends commands

2- user details lookup on macOS

Buckle up! We have a can of worms in hand 🥫🪱 🧵

#golang

github.com/mohammed90/cad…
Issue 1:

The issue was recognized when a friend reported `scp` and `rsync` not working. I found the culprit to be not hooking up the session's/channel's I/O to spawned process, otherwise the new process assumed the null devices as its std{in,out,err}.
In other words, the newly created process was not reading/writing to/from the client's shell, rather from, e.g., secondary tty device (pair of the pty device). Thus the I/O was not channeled from the client to the process, rather to the PTY session.

dev.to/napicella/linu…
Read 9 tweets
Need help monitoring the health and security of your @cosmos network?

Wondering how to manage roles and backup secrets?

We've got you...

Day 6 of our #OpenSource-athon - today we're sharing tools and methods we use to manage the @cheqd_io network

github.com/cheqd/infra

🧵 Image
First up, @datadoghq, a tool that provides monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform.

You can think it like a task manager on your laptop Image
Using @datadoghq we keep an eye on metrics from @Tendermint_Core (e.g. if a validator double signs a transaction) and the @cosmossdk (e.g. transactions / day) to ensure the network runs smoothly & any security vulnerabilities/issues that may impact consensus are quickly resolved
Read 8 tweets
🧵 Backdooring #SSH daemons (sshd) via simple patches probably exists since the dawn of time. Typically, a patched and recompiled version of #OpenSSH allows a threat actor to:

1⃣ login with master password
2⃣ logging all credentials to file
3⃣ hiding logons from "last"

1/4
‼️Especially, the logging of further credentials potentially enables threat actors to maintain access in the case the backdoored #SSH daemon is detected and removed or to move laterally in the network due to password reuse.

2/4
Some lines of source code say more than thousands lines of prose 📚. Therefore, I recommend to have a look at an example github.com/QAX-A-Team/ope…. The changes are minimal, the impact is potentially huge.

3/4
Read 4 tweets
#NoCode #buildinpublic

Many people think that free #OpenSource software is only for #Linux.

But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!

These are some of my faves!

25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
7-Zip (@7zip)

Great archiver supporting

Packing/unpacking:
7z
XZ
BZIP2
GZIP
TAR
ZIP
WIM

Unpacking only:
AR
ARJ
CAB
CHM
CPIO
CramFS
DMG
EXT
FAT
GPT
HFS
IHEX
ISO
LZH
LZMA
MBR
MSI
NSIS
NTFS
QCOW2
RAR
RPM
SquashFS
UDF
UEFI
VDI
VHD
VHDX
VMDK
WIM
XAR
Z

7-zip.org
Audacity (@getaudacity)

If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.

Tons of features & useful tools!

audacityteam.org
Read 28 tweets
(1/14) Hey #StarshipAddicts , @CSI_Starbase has concluded that #B4 is NEVER going to leave the ground under its own power & #B5 is just a massive lawn ornament.

#StarshipSuperHeavy #B7 is up next, lets look at some of the difference we have noticed so far!

📷:@RGVaerialphotos
(2/14) Fwd Dome Section:

On the FWD dome we see a new design for the stage separation clamps. These may have not been completed yet on #B7 but the initial shape of them is a departure from the previous boosters.

📷:@StarshipGazer | @CosmicalChief
(3/14) Fwd Dome (cont):

Autogenous pressurization lines have been moved higher up towards the top of the #CH4 tank dome instead of below the stringers like the #Block1 #SSH's (Sorry not sorry for making new acronyms)

Anyone else wish this was related to Hot Gas Thrusters?
Read 14 tweets
I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.

This thread is dedicated to Tunneling/PortForwarding tricks.

#infosec #pentest #tunneling #security #bugbounty
Local Port2Port

Open new Port in SSH Server --> Other port

ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere

ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere
Port2hostnet (proxychains)

Local Port --> Compromised host(SSH) --> Wherever

ssh -f -N -D <attacker_port> <username>@<ip_compromised>

#pentest #security #infosec #bugbounty
Read 13 tweets
La info de ayer te desperto el bichito de meterte en #ciberseguridad? ¿Querés ser hacker? te cuento un poco de como arranque y algunos consejos para que logres progreso y te vayas enamorando. En el hilo anterior mencione aprender de sistemas operativos. Acá hay principalmente 2
Sé que estas pensando! sí! #Mac y #Windows, pero NO. Me refiero a #linux y a #windows. otro día hablamos de Mac. Es importante que conozcas a detalle como funcionan estos sistemas operativos. Para esto te podes bajar #virtualbox y crear dentro una virtual machine con un @ubuntu
y otra con #windows10 o el que tengas licencia. Hay que entender como funciona por dentro, cual es el tipo de file system que utiliza cada uno, porque se utilizan permisos, que tipo de archivos hay en cada directorio, que hacen esos archivos? cuales son ejecutables y cuales
Read 16 tweets
After the negotiators have come to a final deal on the budget of #HorizonEurope, we can look at the programme and its different aspects.

So what’s in for #SocialSciences and #Humanities?
In fact, #SocialSciences & #Humanities are prominently featured in the regulation, which will be the political and legal foundation of #HorizonEU

era.gv.at/object/documen…
Art 4 of #HorizonEU regulation on the general structure states:

"#SocialSciences and #Humanities (#SSH) shall play an important role across all clusters”

There will be Clusters on Health, Society, Security, Digital, Climate/Energy/Mobility & Food/Agri/Env
Read 11 tweets
Update. Publishers may choose English because it's a lingua franca for science, intelligible to a larger audience. Or they may do it to increase their #JIF. (And of course the two motives may be related.) Research from Brazil.
scielo.br/scielo.php?scr…
Update. Confirmation that writing outside your native language (unless you are extremely proficient) triggers linguistic bias from native speakers.
sciencedirect.com/science/articl…
1/ Update. Most email solicitations from predatory journals use weak English. This study confirms my experience.
paperity.org/p/174009175/ma…

But...
Read 99 tweets
Bir yazılım geliştiricinin bilmesi gerekenlerle ilgili 15 maddelik flood geliyor.. Mümkün olduğunca fazla keywordü bir araya toplamaya çalıştım.
Hadi Başlıyoruz!

#Developer #Software #Java #code #kod #yazılım #development #computer #bilgisayar #tool #PC #IT #web #tech #data
1-Temel veri yapıları (linkedList, map, tree vb) ve temel algoritmalar (sıralama, arama vb)

Sıfırdan kodlama ihtiyacınız büyük ihtimalle hiç olmayacak. Ancak ihtiyaç anında doğru yerde doğrusunu seçebilmek için o veri yapısının veya algoritmanın nasıl çalıştığını bilmeniz şart
2- Network Temelleri

OSI Modelini ve 7 katmanı; temel protokolleri(#TCP-IP, TCP-UDP, #HTTP, #FTP), güvenlik protokollerini(#HTTPS, #SFTP, #SSL), monitoring protokolleri(#SNMP, ICMP) bilmekte fayda var. Ayrıca ağ ekipmanlarının görevlerini tanımak ve 7Layer yerlerini bilmek lazım
Read 16 tweets
#prod365 #fr Les Plans de Continuité d'Activité (#PCA) ont pour but de retablir le SI après un "désastre". Un tel événement est aussi appelé "Disaster Recovery" (#DR) et inclus de nombreux événements graves, notamment la perte de #datacenter ou de données.
Citons quelques exemples: corruption silencieuse, destruction du medium de stockage (par erreur ou par nuisance: piratage ou rogue employee), isolation réseau (coup de pelleteuse dans la fibre), script d'administration mal fait / boucle foireuse, clause WHERE oubliée...
Pour de multiples raisons, certaines applications ne peuvent pas être disponibles en Actif/Actif, seulement Actif/Passif.
Cela implique de pouvoir répliquer les données live et de les réutiliser sur une autre machine.
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!