Infosec Scribbles

December 21, 2018

The sad state of font rendering on Linux


As it turns out, font rendering is a highly controversial topic. If you don’t see anything wrong with Linux font rendering, please disregard this as a shitpost. Thanks.

I spent the first 25 years of my life on Windows and therefore I am biased towards Windows font rendering with ClearType. I also agree with research which suggests that this rendering approach makes reading easier on the eyes. There are also some facts you can’t argue with, such as non-linear rendering without anti-aliasing looking awful.

With that out of the way, let’s proceed.

... Read more

December 20, 2018

How to (offline) update standalone ESXi in your homelab

Say you have a homelab and, like me, you don’t have the space for a 42U rack and an enterprise vSphere license. Your options are Hyper-V, Xen, Proxmox or… a standalone ESXi machine on a free license.

Every now and then VMware releases updates for it, but there is no way to get them automatically on a standalone ESXi host. Thankfully, it’s not too hard to do by hand and here is a step-by-step that I wrote down for my own purposes.

Outdated ESXi hosts also may or may not be one of the most common findings in network security tests.

... Read more

March 25, 2018

Ubuntu Update Notifications via SMTP Relay

One thing I really wanted to have on my server was the ability for system packages to send mail externally. This is useful for upgrade notifications or any kind of monitoring alerts that systems may emit. One the other hand, I have better things to do than worry about a private mail server. The solution I came up with is setting up postfix to act as an SMTP-relay, using an SMTP account at a third-party mail server for outgoing mail.

... Read more

March 25, 2018

Bluetooth on Linux: Getting QC35 to work

This is a continuation to my series of migrating to Linux posts.

If you try to pair Bose QC35 with an Ubuntu 16.04 LTS box, you will notice that it always pairs in headset mode, acts as if a call has just started and then disconnects. If you try to manually select A2DP Sink in sound settings, it will fail without any warning message displayed. Next time you open sound settings you will find that i has reset itself to HSP/HFP. Time to check journalctl output and find out that something isn’t right.

Below are the steps I managed to compile based on numerous other blog posts and AskUbuntu questions that didn’t work on their own, but worked in this combination.

... Read more

March 1, 2018, updated on July 28, 2018

Solving Ubuntu issues on a Dell XPS 15 9560

Being more happy than not with the experience I had at work with a Dell Precision 5520 running Ubuntu, I looked closer at Project Sputnik when time came to replace my beaten up Inspiron 17R. I decided to get myself an XPS 15 based on Intel’s 7th gen platform. Of course, given the opportunity to pick, I decided against a 4K UHD screen, against a touchscreen and picked a matte cover too instead of a glossy one. That solved my biggest woes right away.

In short, I’ve never had such a good experience with a power user laptop and the Project Sputnik team deserves all the fame, praises and customer money that they are getting. To all those engineers and hackers unhappy with Windows 10 and looking into Apple or Linux-based alternatives, I suggest that you look into Dell’s offering.

Below you will find workarounds for a few software issues that I had to resolve with it to get my perfect machine. As of March 2018, this applies to Ubuntu 16.04 LTS.

... Read more

October 14, 2017, updated on July 28, 2018

Linux Woes and 4K Hell

Note: this post has now been updated for 18.04 LTS.

Recently I got a new Dell Precision 5520 and a TB16 dock. It came with Windows 10, and as I was quick to learn, “10” is the number of minutes it took me to decide that I would rather use anything else. This is coming from someone who has been using Windows on all non-server machines since age 7. Given the available options, I went for Ubuntu Linux.

As it turned out, Linux came with its own set of problems, and 4K or HiDPI has below usable support no matter which OS you choose.

I will maintain this post with status updates on the issues listed so that others can reuse my solutions. Another reason is that a bunch of my coworkers have decided to follow suit upon seeing Windows 10 and this is the most efficient way of helping them with the issues they are about to face.

Current setup: Ubuntu GNOME 18.04 LTS, 4.15 kernel.

... Read more

May 24, 2014

Logitech Z506 10-pin connector pinout

Had to pop open my Logitech Z506 speaker the other day because reasons. Thought that this may come in handy to someone looking for which wire goes to which pin on the 10-pin connector aka connector pinout. On the picture below I marked every pin with the color of the corresponding wire. It may be hard to see on the preview but the black one is ground. Happy tinkering!

Logitech Z506 10-pin connector pinout

February 13, 2014

Writing a RickRoll shellcode

I was sitting in the lab the other day ~socializing~ with other students and we all agreed it was sad that there was no shellcode out there that would open a RickRoll. Making one seemed like a good way to procrastinate from preparing a talk on privacy while learning how to write shellcodes and the challenge was accepted. The application to have fun with was Chasys Media Player 1.1 on Windows XP SP3, no DEP or ASLR.



... Read more

February 9, 2014

Debugging MBRLockers on Windows

Ever met MBRLockers? Yes, those nasty pieces of malware which replace your Master Boot Record with malicious code and ransom you. Good news here, most of them just backup your original MBR somewhere and put one asking for ransom in its place. Today I’m going to tell you how to debug these things easily for ehmm, scientific purposes.

Simple MBR Locker

... Read more