From 9590794d6c84d0b7a2a53e1979c1936606b144aa Mon Sep 17 00:00:00 2001 From: user Date: Thu, 20 Oct 2022 11:02:58 +0200 Subject: [PATCH 1/6] windows hardening --- windows_hardening.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 windows_hardening.md diff --git a/windows_hardening.md b/windows_hardening.md new file mode 100644 index 0000000..988af18 --- /dev/null +++ b/windows_hardening.md @@ -0,0 +1,25 @@ +## Windows Hardening + +ref: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures?WT.mc_id=EM-MVP-5003177 +ref: https://pulsesecurity.co.nz/articles/TPM-sniffing +ref: https://dys2p.com/de/2021-12-tamper-evident-protection.html +ref: https://github.com/proninyaroslav/blink-comparison +ref: https://github.com/Aorimn/dislocker +ref: https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc + +ref: https://github.com/carlospolop/PEASS-ng + + +### Bitlocker PIN +1. activate Bitlocker on systemdrive +2. change gpo for TPM+PIN + Computerkonfiguration – Administrative Vorlagen – Windows-Komponenten – BitLocker-Laufwerksverschlüsselung – Betriebssystemlaufwerke + Zusätzliche Authentifizierung beim Start anfordern + TPM-Systemstart-PIN konfigurieren + Start-PIN bei TPM erforderlich + ggf Erweiterte PINs für Systemstart zulassen +3. `manage-bde -status` +4. `manage-bde -protectors -add c: -TPMAndPIN` ggf. ist auch die Bitlocker GUI dazu in der Lage +5. `manage-bde -changepin c:` +6. `manage-bde -protectors -add c: -TPM`` to 'remove' the PIN +7. `manage-bde -w Drive:` um den freien Speicherplatz zu löschen \ No newline at end of file From 30bc6c54088c02a5f15cde8ac243e00136d160a5 Mon Sep 17 00:00:00 2001 From: user Date: Fri, 21 Oct 2022 12:47:14 +0200 Subject: [PATCH 2/6] small challenges --- small_challenges.md | 46 ++++++++++++++++++++++++++++++++++++++++++++ windows_hardening.md | 20 ++++++++++++++----- 2 files changed, 61 insertions(+), 5 deletions(-) create mode 100644 small_challenges.md diff --git a/small_challenges.md b/small_challenges.md new file mode 100644 index 0000000..69e7ea2 --- /dev/null +++ b/small_challenges.md @@ -0,0 +1,46 @@ +## small challenges + +### overview +- QR Code hidden message +- C code with unicode/UTF8/UTF16 and ASCII formatted text + + +### qrcode hidden message + +Öffentliche Nachricht: BPol-OCO-Challenge-2022 +XOR-Key: Komm-zur-Bundespolizei. + +### mqtt password +ref: http://noahdavids.org/self_published/CRC_and_checksum.html + +old hex: 4e6f7453 6f536563 75726521 +new hex: 74534e6f 65636f53 65217572 + +`mosquitto_passwd OCO-Challenge NotSoSecure!` +`hashcat.exe -m 0 -t 32 -a 3 60633ab5688e6a58719e0e9150e333ba ?a?a?a?a?a?a?a?a?a?a?a?a` + +#### Aufgabe: +Es wurde eine mqtt Anmeldung mitgeschnitten. Das offensichtliche Passwort stimmt nicht, der Mitschnitt ist soweit ersichtlich, auch korrekt. +1. Erlangen sie das korrekte Passwort + - SHA256:d2216b2827375391da5bfa6113b61d5169b1f8d846ddc92fcb96e9ffe27bb214 (14 Jahre) + - SHA1:6a4ecbc6e2cdae087d14477a2d95cba02355cb73 (6 Jahre) + - MD5:60633ab5688e6a58719e0e9150e333ba (3 Jahre) +3. Dokumentieren Sie Ihren Gedankenweg + - Warum sie mit dem folgenden Ansatz weiter gemacht haben + - Welche Widersprüche sie feststellen konnten + - Welche Quellen sie wann wofür benötigt haben + - An welchen Punkten sie ratlos waren + - Was sie gelernt haben + - Wie viel Zeit sie zwischen den einzelnen Entscheidungen benötigt haben +4. Präsentieren sie ihren Lösungsweg + - in maximal 5 Minuten + - eine Folie: der persönlich größte Lerneffekt + - eine Folie: Einschätzung der technischen Hintergründe + +#### Ziel: +1. Passende Software für ein PCAP nutzen +2. Das Protokoll mqtt auswerten +3. Indizien bewerten; Notwendigkeit des Rücksprungs feststellen +4. Strukturiertes Herunterbrechen möglicher Fehlerquellen und Problembehandlungen +5. Selektieren und Anwenden möglicher Problembehandlungen +6. Anfertigen einer Verlaufsdokumentation mit Selbstreflektion sowie Aufbereitung für Andere diff --git a/windows_hardening.md b/windows_hardening.md index 988af18..1d9ec63 100644 --- a/windows_hardening.md +++ b/windows_hardening.md @@ -1,5 +1,10 @@ ## Windows Hardening +ref: https://github.com/carlospolop/PEASS-ng + + +### Bitlocker PIN +#### ref ref: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures?WT.mc_id=EM-MVP-5003177 ref: https://pulsesecurity.co.nz/articles/TPM-sniffing ref: https://dys2p.com/de/2021-12-tamper-evident-protection.html @@ -7,10 +12,7 @@ ref: https://github.com/proninyaroslav/blink-comparison ref: https://github.com/Aorimn/dislocker ref: https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc -ref: https://github.com/carlospolop/PEASS-ng - - -### Bitlocker PIN +#### guide 1. activate Bitlocker on systemdrive 2. change gpo for TPM+PIN Computerkonfiguration – Administrative Vorlagen – Windows-Komponenten – BitLocker-Laufwerksverschlüsselung – Betriebssystemlaufwerke @@ -22,4 +24,12 @@ ref: https://github.com/carlospolop/PEASS-ng 4. `manage-bde -protectors -add c: -TPMAndPIN` ggf. ist auch die Bitlocker GUI dazu in der Lage 5. `manage-bde -changepin c:` 6. `manage-bde -protectors -add c: -TPM`` to 'remove' the PIN -7. `manage-bde -w Drive:` um den freien Speicherplatz zu löschen \ No newline at end of file +7. `manage-bde -w Drive:` um den freien Speicherplatz zu löschen + + +### driver blocklist +#### ref +ref: https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md + + +#### guide \ No newline at end of file From 6fcf18efaf7c2a8d3887c4a0797176adfee949d7 Mon Sep 17 00:00:00 2001 From: coelner Date: Tue, 25 Oct 2022 13:31:29 +0200 Subject: [PATCH 3/6] minor add --- proxmox.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxmox.md b/proxmox.md index 80c7b80..f29a44a 100644 --- a/proxmox.md +++ b/proxmox.md @@ -1,7 +1,7 @@ ## Proxmox ### packages -tmux, powertop,htop, cryptsetup,vim +tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils ### 0-prepare ``` From 5cfa545b1a13a72a52df35b5b9cade6e5372dcfe Mon Sep 17 00:00:00 2001 From: coelner Date: Tue, 1 Nov 2022 16:55:51 +0100 Subject: [PATCH 4/6] acpi --- archlinux.md | 33 ++++++++++++++++++++++++++++++++- openwrt-selfbuild.md | 2 ++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/archlinux.md b/archlinux.md index 8b06456..91fb73f 100644 --- a/archlinux.md +++ b/archlinux.md @@ -24,8 +24,10 @@ solo2 gpa libfido2 solo1 efitools fprintd opensc nitrokey-app rhash keepassxc wl-clipboard element-desktop signal-desktop syncthing thunderbird thunderbird-i18n-de libreoffice-fresh libreoffice-fresh-de nextcloud-client chromium aria2 meld gimp esptool pinta tracker tracker-miner paperwork pdftricks -gnome-firmware dmidecode brasero clinfo opencl-mesa opencl-driver clpeak croc cups-pdf handbrake sdparm hdparm smartmontools openocd poke remmina gsmartcontrol partclone +gnome-firmware dmidecode brasero clinfo opencl-mesa opencl-driver clpeak croc cups-pdf handbrake sdparm hdparm smartmontools openocd poke remmina gsmartcontrol partclone ipp-usb radare2 cutter r2ghidra binwalk cabextract hashcat diffpdf ghex flashrom hwinfo i2c-tool nbd virtualbox bootterm veracrypt youtube-dl + +brscan5 ``` ### gparted flash usb stick with gparted.iso and dd. boot it @@ -79,3 +81,32 @@ https://support.system76.com/articles/fix-raw-image-previews/ 8. `mkinicpio -p linux` 9. sync, unmount boot and tmp 10. `cryptsetup luksClose luksdev` + +### acpi lid behaviour +the lid can cause wakeups or even prohibited sleep or hibernate. this is done through the acpi subsystem and needs to be fixed on each power up. +the pci devices are unknown, maybe NIC and WLAN wake on, SLPB should be the button, RESA +``` +cat /proc/acpi/wakeup +Device S-state Status Sysfs node +GPP4 S0 *enabled pci:0000:00:02.3 +RESA S3 *disabled +GP17 S0 *enabled pci:0000:00:08.1 +LID S4 *enabled platform:PNP0C0D:00 +SLPB S3 *enabled platform:PNP0C0E:00 +[user@user-think-yoga acpi]$ sudo echo LID > /proc/acpi/wakeup +bash: /proc/acpi/wakeup: Keine Berechtigung +[user@user-think-yoga acpi]$ sudo -i +[root@user-think-yoga ~]# echo LID > /proc/acpi/wakeup +[root@user-think-yoga ~]# cat /proc/acpi/wakeup +Device S-state Status Sysfs node +GPP4 S0 *enabled pci:0000:00:02.3 +RESA S3 *disabled +GP17 S0 *enabled pci:0000:00:08.1 +LID S4 *disabled platform:PNP0C0D:00 +SLPB S3 *enabled platform:PNP0C0E:00 + +cat /etc/tmpfiles.d/acpi-lid.conf +# Path Mode UID GID Age Argument +w /proc/acpi/wakeup - - - - LID + +``` \ No newline at end of file diff --git a/openwrt-selfbuild.md b/openwrt-selfbuild.md index 5bf5dad..df73fdf 100644 --- a/openwrt-selfbuild.md +++ b/openwrt-selfbuild.md @@ -145,6 +145,8 @@ mosquitto-client-ssl mosquitto-ssl stubby +wpad-wolfssl +hostapd-utils coreutils coreutils-sort addrwatch From c7aa8e6a4d22a8e4091e8f0b201be19ae9a9c342 Mon Sep 17 00:00:00 2001 From: coelner Date: Thu, 3 Nov 2022 19:01:58 +0100 Subject: [PATCH 5/6] adaligth --- ambilight.md | 244 +++++++++++++++++++++++++++++++++++++++++++++++++++ archlinux.md | 26 +++++- 2 files changed, 269 insertions(+), 1 deletion(-) create mode 100644 ambilight.md diff --git a/ambilight.md b/ambilight.md new file mode 100644 index 0000000..34f4fe5 --- /dev/null +++ b/ambilight.md @@ -0,0 +1,244 @@ +## ambilight +### adaligth fastLED sketch +[https://github.com/dmadison/Adalight-FastLED] +``` +/\* + \* Project Adalight FastLED + \* @author David Madison + \* @link github.com/dmadison/Adalight-FastLED + \* @license LGPL - Copyright (c) 2017 David Madison + \* + \* This program is free software: you can redistribute it and/or modify + \* it under the terms of the GNU Lesser General Public License as published by + \* the Free Software Foundation, either version 3 of the License, or + \* (at your option) any later version. + \* + \* This program is distributed in the hope that it will be useful, + \* but WITHOUT ANY WARRANTY; without even the implied warranty of + \* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + \* GNU Lesser General Public License for more details. + \* + \* You should have received a copy of the GNU Lesser General Public License + \* along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#include <Arduino.h> + +// \-\-\- General Settings +const uint16_t + Num_Leds = 80; // strip length +const uint8_t + Brightness = 255; // maximum brightness + +// \-\-\- FastLED Setings +#define LED_TYPE WS2812B // led strip type for FastLED +#define COLOR_ORDER GRB // color order for bitbang +#define PIN_DATA 6 // led data output pin +// #define PIN_CLOCK 7 // led data clock pin (uncomment if you're using a 4-wire LED type) + +// \-\-\- Serial Settings +const unsigned long + SerialSpeed = 115200; // serial port speed +const uint16_t + SerialTimeout = 60; // time before LEDs are shut off if no data (in seconds), 0 to disable + +// \-\-\- Optional Settings (uncomment to add) +#define SERIAL_FLUSH // Serial buffer cleared on LED latch +// #define CLEAR\_ON\_START // LEDs are cleared on reset + +// \-\-\- Debug Settings (uncomment to add) +// #define DEBUG_LED 13 // toggles the Arduino's built-in LED on header match +// #define DEBUG_FPS 8 // enables a pulse on LED latch + +// -------------------------------------------------------------------- + +#include <FastLED.h> + +CRGB leds\[Num_Leds\]; +uint8\_t * ledsRaw = (uint8\_t *)leds; + +// A 'magic word' (along with LED count & checksum) precedes each block +// of LED data; this assists the microcontroller in syncing up with the +// host-side software and properly issuing the latch (host I/O is +// likely buffered, making usleep() unreliable for latch). You may see +// an initial glitchy frame or two until the two come into alignment. +// The magic word can be whatever sequence you like, but each character +// should be unique, and frequent pixel values like 0 and 255 are +// avoided -- fewer false positives. The host software will need to +// generate a compatible header: immediately following the magic word +// are three bytes: a 16-bit count of the number of LEDs (high byte +// first) followed by a simple checksum value (high byte XOR low byte +// XOR 0x55). LED data follows, 3 bytes per LED, in order R, G, B, +// where 0 = off and 255 = max brightness. + +const uint8_t magic\[\] = { + 'A','d','a'}; +#define MAGICSIZE sizeof(magic) + +// Check values are header byte # - 1, as they are indexed from 0 +#define HICHECK (MAGICSIZE) +#define LOCHECK (MAGICSIZE + 1) +#define CHECKSUM (MAGICSIZE + 2) + +enum processModes_t {Header, Data} mode = Header; + +int16_t c; // current byte, must support -1 if no data available +uint16_t outPos; // current byte index in the LED array +uint32_t bytesRemaining; // count of bytes yet received, set by checksum +unsigned long t, lastByteTime, lastAckTime; // millisecond timestamps + +void headerMode(); +void dataMode(); +void timeouts(); + +// Macros initialized +#ifdef SERIAL_FLUSH + #undef SERIAL_FLUSH + #define SERIAL_FLUSH while(Serial.available() > 0) { Serial.read(); } +#else + #define SERIAL_FLUSH +#endif + +#ifdef DEBUG_LED + #define ON 1 + #define OFF 0 + + #define D\_LED(x) do {digitalWrite(DEBUG\_LED, x);} while(0) +#else + #define D_LED(x) +#endif + +#ifdef DEBUG_FPS + #define D\_FPS do {digitalWrite(DEBUG\_FPS, HIGH); digitalWrite(DEBUG_FPS, LOW);} while (0) +#else + #define D_FPS +#endif + +void setup(){ + #ifdef DEBUG_LED + pinMode(DEBUG_LED, OUTPUT); + digitalWrite(DEBUG_LED, LOW); + #endif + + #ifdef DEBUG_FPS + pinMode(DEBUG_FPS, OUTPUT); + #endif + + #if defined(PIN\_CLOCK) && defined(PIN\_DATA) + FastLED.addLeds<LED\_TYPE, PIN\_DATA, PIN\_CLOCK, COLOR\_ORDER>(leds, Num_Leds); + #elif defined(PIN_DATA) + FastLED.addLeds<LED\_TYPE, PIN\_DATA, COLOR\_ORDER>(leds, Num\_Leds); + #else + #error "No LED output pins defined. Check your settings at the top." + #endif + + FastLED.setBrightness(Brightness); + + #ifdef CLEAR\_ON\_START + FastLED.show(); + #endif + + Serial.begin(SerialSpeed); + Serial.print("Ada\\n"); // Send ACK string to host + + lastByteTime = lastAckTime = millis(); // Set initial counters +} + +void loop(){ + t = millis(); // Save current time + + // If there is new serial data + if((c = Serial.read()) >= 0){ + lastByteTime = lastAckTime = t; // Reset timeout counters + + switch(mode) { + case Header: + headerMode(); + break; + case Data: + dataMode(); + break; + } + } + else { + // No new data + timeouts(); + } +} + +void headerMode(){ + static uint8_t + headPos, + hi, lo, chk; + + if(headPos < MAGICSIZE){ + // Check if magic word matches + if(c == magic\[headPos\]) {headPos++;} + else {headPos = 0;} + } + else{ + // Magic word matches! Now verify checksum + switch(headPos){ + case HICHECK: + hi = c; + headPos++; + break; + case LOCHECK: + lo = c; + headPos++; + break; + case CHECKSUM: + chk = c; + if(chk == (hi ^ lo ^ 0x55)) { + // Checksum looks valid. Get 16-bit LED count, add 1 + // (# LEDs is always > 0) and multiply by 3 for R,G,B. + D_LED(ON); + bytesRemaining = 3L * (256L * (long)hi + (long)lo + 1L); + outPos = 0; + memset(leds, 0, Num_Leds * sizeof(struct CRGB)); + mode = Data; // Proceed to latch wait mode + } + headPos = 0; // Reset header position regardless of checksum result + break; + } + } +} + +void dataMode(){ + // If LED data is not full + if (outPos < sizeof(leds)){ + ledsRaw\[outPos++\] = c; // Issue next byte + } + bytesRemaining--; + + if(bytesRemaining == 0) { + // End of data -- issue latch: + mode = Header; // Begin next header search + FastLED.show(); + D_FPS; + D_LED(OFF); + SERIAL_FLUSH; + } +} + +void timeouts(){ + // No data received. If this persists, send an ACK packet + // to host once every second to alert it to our presence. + if((t - lastAckTime) >= 1000) { + Serial.print("Ada\\n"); // Send ACK string to host + lastAckTime = t; // Reset counter + + // If no data received for an extended time, turn off all LEDs. + if(SerialTimeout != 0 && (t - lastByteTime) >= (uint32_t) SerialTimeout * 1000) { + memset(leds, 0, Num_Leds * sizeof(struct CRGB)); //filling Led array by zeroes + FastLED.show(); + mode = Header; + lastByteTime = t; // Reset counter + } + } +} +``` +### arduino nano clone +- use the old bootloader (or update it) +- sometimes the sketch get lost?, reflash it diff --git a/archlinux.md b/archlinux.md index 91fb73f..9bb889e 100644 --- a/archlinux.md +++ b/archlinux.md @@ -109,4 +109,28 @@ cat /etc/tmpfiles.d/acpi-lid.conf # Path Mode UID GID Age Argument w /proc/acpi/wakeup - - - - LID -``` \ No newline at end of file +``` + +### usbguard gnome +``` +/etc/polkit-1/rules.d/70-allow-usbguard.rules + +// Allow users in wheel group to communicate with USBGuard +polkit.addRule(function(action, subject) { + if ((action.id == "org.usbguard.Policy1.listRules" || + action.id == "org.usbguard.Policy1.appendRule" || + action.id == "org.usbguard.Policy1.removeRule" || + action.id == "org.usbguard.Devices1.applyDevicePolicy" || + action.id == "org.usbguard.Devices1.listDevices" || + action.id == "org.usbguard1.getParameter" || + action.id == "org.usbguard1.setParameter") && + subject.active == true && subject.local == true && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); +``` +to activate it for gnome: +`$ gsettings set org.gnome.desktop.privacy usb-protection true` +and to harden it further: +`$ gsettings set org.gnome.desktop.privacy usb-protection-level always` \ No newline at end of file From 8d5da9bdc0829e2641850d608534d765c2fd36b9 Mon Sep 17 00:00:00 2001 From: user Date: Fri, 4 Nov 2022 08:44:54 +0100 Subject: [PATCH 6/6] challenges --- small_challenges.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/small_challenges.md b/small_challenges.md index 69e7ea2..e0830ca 100644 --- a/small_challenges.md +++ b/small_challenges.md @@ -18,10 +18,13 @@ new hex: 74534e6f 65636f53 65217572 `mosquitto_passwd OCO-Challenge NotSoSecure!` `hashcat.exe -m 0 -t 32 -a 3 60633ab5688e6a58719e0e9150e333ba ?a?a?a?a?a?a?a?a?a?a?a?a` +`hashcat.exe -m 12100 -t 32 -a 3 sha512:101:N6oCsQeTjFtRH39s:5MTpO3DLuK+5y53daI0WA9RZ5U49KCy+QMcqM5dXrE46SpBbuACJZAQvrqejk5rXSyvRwc2CplAv0PASnor+kw== ?a?a?a?a?a?a?a?a?a?a?a?a` +`hashcat.exe -m 12100 -t 32 -a 3 --custom-charset1=NotSoSecure! sha512:101:N6oCsQeTjFtRH39s:5MTpO3DLuK+5y53daI0WA9RZ5U49KCy+QMcqM5dXrE46SpBbuACJZAQvrqejk5rXSyvRwc2CplAv0PASnor+kw== ?1?1?1?1?1?1?1?1?1?1?1?1` #### Aufgabe: Es wurde eine mqtt Anmeldung mitgeschnitten. Das offensichtliche Passwort stimmt nicht, der Mitschnitt ist soweit ersichtlich, auch korrekt. 1. Erlangen sie das korrekte Passwort + - `OCO-Challenge:$7$101$N6oCsQeTjFtRH39s$5MTpO3DLuK+5y53daI0WA9RZ5U49KCy+QMcqM5dXrE46SpBbuACJZAQvrqejk5rXSyvRwc2CplAv0PASnor+kw==` - SHA256:d2216b2827375391da5bfa6113b61d5169b1f8d846ddc92fcb96e9ffe27bb214 (14 Jahre) - SHA1:6a4ecbc6e2cdae087d14477a2d95cba02355cb73 (6 Jahre) - MD5:60633ab5688e6a58719e0e9150e333ba (3 Jahre)