Geschützt: DHBW 2018-04-06

Dieser Inhalt ist passwortgeschützt. Um ihn anzuschauen, gib dein Passwort bitte unten ein:

Veröffentlicht unter DHBW | Um die Kommentare zu sehen, musst du dein Passwort eingeben.

Vagrant issue Timed out while waiting for the machine to boot

vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'ubuntu/xenial64'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'ubuntu/xenial64' is up to date...
==> default: Setting the name of the VM: vagrant_default_1516452195026_53624
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 5000 (guest) => 5000 (host) (adapter 1)
default: 7474 (guest) => 7474 (host) (adapter 1)
default: 7687 (guest) => 7687 (host) (adapter 1)
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Resized disk: old 10240 MB, req 51200 MB, new 51200 MB
==> default: You may need to resize the filesystem from within the guest.
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.

If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.

If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.

If the box appears to be booting properly, you may want to increase
the timeout ("config.vm.boot_timeout") value.

Run
vagrant destroy

Upgrade Virtualbox and do the vagrant up again

Security API collection

While working on different stuff I was searching for a collection of APIs that are related of useful for security researchers, incident response people or threat intel.

Unable to find a good list of REST APIs decided to start it. The collection is hosted on a Security API list, and pull requests or issues mentioning missing APIs are highly welcome.

Why did I produce such a list? More and more people want to automate their workflows, Security Orchestration is the new Buzzword after last years Threat Intelligence, but basically containing the same, they both have in common to facilitate already available data, with Orchestration not storing that much data but enriching dots collected.

However the challenge is, what to integrate, everyone has their „go to“ tools they use on a daily base risking to miss some golden nuggets that are handy.

The list is divided (at the moment) in tools that are mostly on prem., online tools, SIEMs and various. With an increasing number of APIs that ordering might change of course.

So I really hope the list is useful and people can use it and that it can grow.

9Tageticket again a success

One day to go till the Backfischfest in Worms is starting and we can say, the 9TageTicket this year is again a big success. With more then 650 tickets pre ordered, we are on almost the same level as last year, showing that there is a constant interest in the free tickets that show other visitors the commitment to the Backfischfest.

For the first time we will have flyer for the showman explaining the idea behind 9TageTicket.

Ahoi

Zorrocarry DIY Gepäcktraeger

Einführung

Radreise geplant und noch unschlüssig wie das Gepäck transportiert werden soll? Wer sich etwas mit der Materie beschäftigt, insbesondere Radreise-Abenteuer mit dem MTB wird früher oder später über die Berichte von Alpenzorro aka Stuntzi aka Stefan Stuntz stoßen. Dieser berichtet im MTB Forum live von seinen Abenteuern, die ihn schon über den gesamten Erdball geführt haben.

Früher oder später kommt immer wieder die Frage nach der Ausrüstung die ihm diese Reisen ermöglicht. Ein besonderer Augenmerk ist dabei regelmäßig der von ihm scherzhaft getaufter „ZorroCarry“. In der neusten Evolutionsstufe wird dieser auch als „Goldicarry“ bezeichnet.

Ich habe mir mal die Mühe gemacht, Beiträge zu dem Thema zu recherchieren und Bildmaterial etc zusammen zu tragen um es dem geneigten Leser zu vereinfachen, ZorroCarry nachbauen zu können und ggf. sogar zu verbessern.

Die folgenden Infos sind komplett basierend auf der Arbeit von Stuntzi, auch die Fotos sind (soweit nicht anders angegeben) sein geistiges Eigentum, er hat lediglich einer Nutzung durch mich in diesem Blog Beitrag zugestimmt. Wenn ihr dem Ideengeber des Alpenzorro etwas gutes tun wollt, er sammelt immer wieder für seine Radreisen via Paypal.

Weiterlesen

MISP Issues with certificates

Recently I came a across some MISP issues with Certificates with remote servers. Even it is okay with Test connection, if you try to push or pull events it will not do anything. Also logs will not tell you anything. If you run tcpdump to debug and watch in Wireshark you will see something like the screen shot.

Before adding it to the documentation of MISP, here is a brain dump what I did:

Scenario:
Server 1 – running MISP
Server 2 – running MISP

Server 1 wants to push events to Server 2

Server 2 has a TLS / SSL certificate signed by an internal CA. Because cakephp is not respecting the OS CA store. This needs to be done manually.

Looking up the certificate with full chain in Firefox will not reveal the FULL cert patch because it is not showing the ROOT CA.

What you need to do is create a new text file and add all public certificates to that file and save it as a .pem file (including the sign of the Root CA)
This pem file then needs to be added as certificate to the MISP Server config.

Within gitter we had a discussion why it is not okay to simply mark the „self signed“ box. It appears that certificates that are signed by a CA (and not signed locally) have several indications for such signatures:

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
...

and

ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]

Useful:

keytool -printcert -file certificate.pem

And:

openssl s_client -showcerts -connect server2:443

OSX disk media is not present

Trying to mount an ext2 / ext3 / ext4 device using external drivers on OSX might bring up the following error:

disk media is not present

in:
sudo dmesg

To fix that a virtual machine helped.

Attaching the external drive using usb, creating a filter for that usb device to forward it to the ubuntu based VM.

Run
fdisk -l

to find the right device.
E.g. /dev/sdd

Now go with fsck.ext3 (for ext3 only)

fsck -y /dev/sdd

-y means answer every question with yes.

For a 2 TB HDD that might take up to several hours, but after that is finished, you can try to mount the drive again.

eSATA Drive in QNAP

If you want to use a eSATA drive in a QNAP device without plug and play, read the following.

Attach drive to eSATA drive.
ssh admin@yourip
#dmsg

Check for:

[11936.459226] ata5: SATA link up 1.5 Gbps (SStatus 113 SControl F310)
[11936.499252] ata5.00: ATA-8: WDC …., 04.05G09, max UDMA/133
[11936.499295] ata5.00: 3907029168 sectors, multi 0: LBA48 NCQ (depth 31/32)
[11936.539268] ata5.00: configured for UDMA/133
[11936.539323] ata5: EH complete
[11936.539646] scsi 4:0:0:0: Direct-Access WDC WD…. 04.0 PQ: 0 ANSI: 5
[11936.549494] Check proc_name[sata_mv].
[11936.559626] sd 4:0:0:0: [sdza] 3907…. 512-byte logical blocks: (2.00 TB/1.81 TiB)
[11936.559899] sd 4:0:0:0: [sdza] Write Protect is off

Important is sdza

Format the drive:

mke2fs -t ext3 /dev/sdza

Mount the device

mount /dev/sdza1 esata/

Be happy