Radovan Brezula
Author Archives: Radovan Brezula
- Home → Author's archive:
Radovan Brezula
Collect hashes from remote computers
I was recently asked to create a script that should calculate the hash values of all files on remote computers. The collection must be done in parallel on all computers. My choice fell on Bash because it allows to quickly collect hashes using a combination of SSH, sshpass, find and hash (coreutils package). The collect_hashes.sh script […]Continue reading...
Wi-Fi 5 Vs. Wi-Fi 6
Wi-Fi 6 also known as 802.11ax is the latest generation of 802.11 WiFi standard and the successor of Wi-Fi 5 aka 802.11ac. Wi-Fi 6 increases user throughput by more efficient spectrum usage, provides larger signal coverage and reduces the power consumption. In the following section, we will discuss the significant improvements of Wi-Fi 6 over […]Continue reading...
MikroTik RouterOS Advanced Configuration
In the previous tutorial, we installed and configured a brand new MikroTik hAP ac³ router for connection to the Internet. We also improved the overall security of the router by implementing simple steps to harden it. These include things like disabling unused services, enabling HTTPS for device management, updating RouterOS, and reconfiguring the firewall rules. […]Continue reading...
Initial Setup of MikroTik hAP ac³ Router
This tutorial will help you install and configure the MikroTik hAP ac³ dual-band wireless router for home use. In terms of hardware, the router is an excellent device offerening 5 Gigabit Ethernet ports and has two high gain wireless antennas with outstanding coverage. Operating system - RouterOS is preinstalled and licensed (Layer 4) which never […]Continue reading...
Cracking WPA/WPA2 Pre-shared Key Using GPU
The WPA/WPA2 4-way authentication handshake between AP (authenticator) and client (supplicant) is used to generate encryption keys. These keys are then used to encrypt data sent over wireless medium. In the previous tutorial, we installed the aircrack-ng suite to capture and crack the 4-way authentication handshake to obtain passphrase needed to access a wireless network. […]Continue reading...
VyControl Installation on Standalone VyOS Router
So far, we have discussed both the manual and Docker methods of installing VyControl. The manual method consists of cloning the VyOS git repository and installing Python dependencies in a virtual environment. The Docker method is based on downloding VyControl Docker image from Docker hub and launching the container. In both cases, VyOS controller is […]Continue reading...
VyControl – Web UI for VyOS Firewall
VyControl project is a single frontend interface to manage a single or multiple VyoS servers. It was developed by Roberto Berto and is written in Django/Python. It currently supports firewall and static routes configuration. Additional features are planned such as IPSEC, openvpn and basic dynamic routing. My goal is to provide easy-to-reproduce installation steps so […]Continue reading...
Docker Installation on VyOS
Docker really makes it easier to create, deploy, and run applications by using containers, and containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package [1]. I would like to share the script vyos-docker-install.sh, which […]Continue reading...
Cracking WPA/WPA2 Pre-shared Key
This tutorial illustrates cracking of pre-shared key which is needed to gain an access to a WPA/WPA2 network. Instead of explaining the theory behind the attack, I focus on providing commands that you can easily copy and paste and penetrate the network. However, I strongly recommend getting a background to this topic by studying online […]Continue reading...
Fence Rail Transposition and Caesar Ciphers in Python
Recently I wrote simple encryption and decryption programs in Python to practice my coding skills. The first cipher_encrypt utility takes the clear_text.txt file as input. It first capitalizes all letters and then encrypts the text with the Rail fence cipher. The number of rows can be set using the variable k. The result of the […]Continue reading...
Playing with Python Ransomware
I recently came across the Python script pokus.py which implements a ransomware function. The code is written for demonstration purposes only, so it completely lacks obfuscation techniques. The goal is to identify the vulnerability that is intentionally implemented in the code so we can restore the attached file - private.gif.rsw (the file is compressed by […]Continue reading...
Remotely Triggered Black Hole Filtering as Service
Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. It is commonly used for the mitigation of distributed-denial-of-service (DDoS) and DoS attacks. We have covered a configuration of source and destination RTBH for Cisco IOS-XR in a previous tutorial. A trigger […]Continue reading...
Remotely Triggered Black Hole Filtering
Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. It is used for the mitigation of distributed-denial-of-service (DDoS) and DoS attacks. We will show configuration of destination and source RTBH for Cisco IOS-XR in a network depicted on the Picture 1. […]Continue reading...
BGP FlowSpec on Arista vEOS
BGP FlowSpec is an another Multiptocol-BGP extension with SAFI 133. Created for the purpose of DoS and DDoS attacks mitigation, it brings a new NLRI that collects 12 types of L3 and L4 information. These information creates a flow which defines criteria used for matching DDoS parameters. For instance, a flow can match victim's IP, […]Continue reading...
LXC as Virtual Service Container on IOS XE
In the last tutorial, we have discussed Cisco open service container based on Kernel Virtual Machine (KVM). Virtual machines include the application, binaries and libraries along with entire guest OS. As a result, we can run any guest OS supported by KVM hypervisor. Containers, however share the same kernel with; each container still acts as […]Continue reading...
Hosting KVM Apps Inside IOS XE Virtual Service Container
Service Containers are applications that can be hosted directly on Cisco IOS XE routing platforms. Service containers are either Linux Virtual Containers (LXC) or Kernel Virtual Machine( KVM) based virtual machines. A typical Cisco service container carries a digital signature that verifies it as an authentic application from Cisco. An open service (unsigned) container is […]Continue reading...
Urban Terror Server on Cisco CSR1000v
We have discussed the configuration of Guest Shell on Cisco CSR 1000v platform in a previous tutorial. The guest shell is a built-in Linux container with CentOS 7 installed, which can be activated on the fly when Linux applications are needed. Our lives are currently affected by SARS-CoV-2 and long-standing quarantine, so why not do […]Continue reading...
Legacy Open Switch 0.4.0 Image
The Open Switch 0.4.0 is the legacy Open Switch version with Cisco like CLI that I used to use in my tutorials. As it can be downloaded anymore, I share the VMDK image below. Please, use the image for learning or demonstration purpose only because this Open Switch version is discontinued. Instead, use the Open Switch […]Continue reading...
Guest Shell Built-in Linux Container on Cisco IOS-XE
IOx (IOs + linuX) is Cisco's Application Hosting Infrastructure for Cisco IOS XE devices (e.g. CSR1000v). IOx enables hosting of applications and services developed by Cisco and third-party developers in network edge devices across diverse hardware platforms. The Guest Shell is a built-in Linux container (LXC) with a CentOS 7 running on Cisco IOS-XE platforms […]Continue reading...
Virtual eXtensible LANs -VXLANs
The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium. VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within […]Continue reading...