Radovan Brezula
Author Archives: Radovan Brezula
- Home → Author's archive:
Radovan Brezula
VyControl – Web UI for VyOS Firewall
VyControl project is a single frontend interface to manage a single or multiple VyoS servers. It was developed by Roberto Berto and is written in Django/Python. It currently supports firewall and static routes configuration. Additional features are planned such as IPSEC, openvpn and basic dynamic routing. My goal is to provide easy-to-reproduce installation steps so […]Continue reading...
Docker Installation on VyOS
Docker really makes it easier to create, deploy, and run applications by using containers, and containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package [1]. I would like to share the script vyos-docker-install.sh, which […]Continue reading...
Cracking WPA/WPA2 Pre-shared Key
This tutorial illustrates cracking of pre-shared key which is needed to gain an access to a WPA/WPA2 network. Instead of explaining the theory behind the attack, I focus on providing commands that you can easily copy and paste and penetrate the network. However, I strongly recommend getting a background to this topic by studying online […]Continue reading...
Fence Rail Transposition and Caesar Ciphers in Python
Recently I wrote simple encryption and decryption programs in Python to practice my coding skills. The first cipher_encrypt utility takes the clear_text.txt file as input. It first capitalizes all letters and then encrypts the text with the Rail fence cipher. The number of rows can be set using the variable k. The result of the […]Continue reading...
Playing with Python Ransomware
I recently came across the Python script pokus.py which implements a ransomware function. The code is written for demonstration purposes only, so it completely lacks obfuscation techniques. The goal is to identify the vulnerability that is intentionally implemented in the code so we can restore the attached file - private.gif.rsw (the file is compressed by […]Continue reading...
Remotely Triggered Black Hole Filtering as Service
Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. It is commonly used for the mitigation of distributed-denial-of-service (DDoS) and DoS attacks. We have covered a configuration of source and destination RTBH for Cisco IOS-XR in a previous tutorial. A trigger […]Continue reading...
Remotely Triggered Black Hole Filtering
Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. It is used for the mitigation of distributed-denial-of-service (DDoS) and DoS attacks. We will show configuration of destination and source RTBH for Cisco IOS-XR in a network depicted on the Picture 1. […]Continue reading...
BGP FlowSpec on Arista vEOS
BGP FlowSpec is an another Multiptocol-BGP extension with SAFI 133. Created for the purpose of DoS and DDoS attacks mitigation, it brings a new NLRI that collects 12 types of L3 and L4 information. These information creates a flow which defines criteria used for matching DDoS parameters. For instance, a flow can match victim's IP, […]Continue reading...
LXC as Virtual Service Container on IOS XE
In the last tutorial, we have discussed Cisco open service container based on Kernel Virtual Machine (KVM). Virtual machines include the application, binaries and libraries along with entire guest OS. As a result, we can run any guest OS supported by KVM hypervisor. Containers, however share the same kernel with; each container still acts as […]Continue reading...
Hosting KVM Apps Inside IOS XE Virtual Service Container
Service Containers are applications that can be hosted directly on Cisco IOS XE routing platforms. Service containers are either Linux Virtual Containers (LXC) or Kernel Virtual Machine( KVM) based virtual machines. A typical Cisco service container carries a digital signature that verifies it as an authentic application from Cisco. An open service (unsigned) container is […]Continue reading...
Urban Terror Server on Cisco CSR1000v
We have discussed the configuration of Guest Shell on Cisco CSR 1000v platform in a previous tutorial. The guest shell is a built-in Linux container with CentOS 7 installed, which can be activated on the fly when Linux applications are needed. Our lives are currently affected by SARS-CoV-2 and long-standing quarantine, so why not do […]Continue reading...
Legacy Open Switch 0.4.0 Image
The Open Switch 0.4.0 is the legacy Open Switch version with Cisco like CLI that I used to use in my tutorials. As it can be downloaded anymore, I share the VMDK image below. Please, use the image for learning or demonstration purpose only because this Open Switch version is discontinued. Instead, use the Open Switch […]Continue reading...
Guest Shell Built-in Linux Container on Cisco IOS-XE
IOx (IOs + linuX) is Cisco's Application Hosting Infrastructure for Cisco IOS XE devices (e.g. CSR1000v). IOx enables hosting of applications and services developed by Cisco and third-party developers in network edge devices across diverse hardware platforms. The Guest Shell is a built-in Linux container (LXC) with a CentOS 7 running on Cisco IOS-XE platforms […]Continue reading...
Virtual eXtensible LANs -VXLANs
The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium. VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within […]Continue reading...
Virtual eXtensible LANs – VXLANs
The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium. VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within […]Continue reading...
Cloning Remote Linux Machines
I would like to share the second version (1.1) of the Bash script backup_images-1.1.sh which you can use for cloning disks of remote Linux machines. The script reads IP addresses of the hosts from a file and copy the disks with dd command over SSH connection. The disks are stored on a local machine, compressed […]Continue reading...
BGP on Cisco IOS XRv – Prefix-Sets and Route-Policies
The goal of this tutorial is to practice BGP configuration and filtering incoming and outgoing updates on Cisco IOS XRv. In order to do it, we configure prefix-sets and route-policy that will be applied to a particular BGP neighbor. Let's have a network topology depicted on the Picture 1. The ISP1 (AS number 64500) has […]Continue reading...
Use TheGreenBow VPN Client to Connect with VyOS
The site-to-site Virtual Private Networks (VPN) connect two or more remote locations. Thanks to it, computers located inside locations can communicate securely over the public Internet as they were located on the same private network. This is accomplished by tunnels that interconnect remote locations. Tunnels add extra layer security, encrypting user traffic carried inside tunnels. […]Continue reading...
Cuckoo Installation and Configuration on Debian 10 Buster
The tutorial covers installation and configuration of Cuckoo Malware Sandbox on Debian 10 Buster. Once you complete successfully all steps, your Cuckoo installation will be ready to perform analysis of malware uploaded to guest VM. It is Windows 7 x64 SP1 VM running on Oracle VirtualBox. The tutorial is based on an excellent YouTube videos […]Continue reading...
How to Configure BurpSuite to use Tor as Proxy
BurpSuite is a manual toolkit for investigating web security. Burp Proxy allows manual testers to intercept all requests and responses between the browser and the target application, even when HTTPS is being used. The tutorial discusses configuration of Burp to use connection over Tor network. 1. BurpSuite Community Edition We can find BurpSuite Community Edition […]Continue reading...