Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 0 Posts
  • 60 Comments
Joined 8 months ago
cake
Cake day: March 27th, 2024

help-circle




  • This is very anecdotal, but both myself and the vast majority of my peers use macOS as their base host system. I work in cybersecurity, specifically offensive penetration testing. Myself, most of my coworkers, and probably half of my peers I’m competing against at local conference CTFs or that I know at local meetups are using a MacBook host with VMs spun up to need.

    Something like 75% of my job is done in a Linux VM. Doing it on a MacBook is infinitely more pleasant than any other laptop I’ve ever tried using, regardless of what OS it’s running.

    Also, and again extremely anecdotal, the most technical people I’ve ever known were all using hackintoshes when I knew them, and would use MacBooks when away from the home/office.

    I really don’t understand where this “Mac products are for non-technical people who want to appear technical” trope comes from. MacOS is a phenomenal product for non-technical people. My partner is the least technical person in the world, but they started using macOS in art school and found it intuitive and easy to use. As a technical person, I appreciate the polished UI built on top of the Unix kernel and that I can do everything I need to do from a terminal shell. The fact that the product is excellent for both wildly disparate types of users is testament to how great it is imo.











  • I’m a huge proponent of Yubikeys, and I use them every day. I use it for every account I have that supports non-resident FIDO2. I have my ssh keys set up on there so i can just sit down at any computer and ssh in to my remote servers without having to rely on being on a computer with its pub key already on the server. I use it for my pgp keys. I use it for TOTP on a few of my more sensitive accounts that don’t support anything better.

    In addition to my regular w2 9-5 pen testing job I do pen testing as a contractor for a place like hacker one on steroids. I am forced to use Duo by them. Can’t use another TOTP app, can’t use a yubikey. While in most cases you can use another TOTP instead of duo, it is not always possible. That said, I highly doubt a school system has set up Duo in a way that prevents you from using alternate TOTP apps.


  • I can’t quite get a read on if you’re being sarcastic or not, but if you are you should know that there are curated porn blocklists for pihole. This obviously won’t stop anyone from accessing porn via nsfw channels on sites that are not exclusively nsfw, like lemmy, Reddit, tumblr, or whatever.


  • borari@lemmy.dbzer0.comtoLinux@lemmy.mlParental controls?
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    2 months ago

    Run pihole with a MikroTik router at your houses demarc.

    Set up firewall rules in the tik to redirect any packet with dst tcp/udp 53 outbound on wan to the pihole. If you’re worried about dns when pihole is down, create disabled rules to allow the dns traffic as well, then set up a scheduler script using if blocks to toggle the sets of rules depending on status. This will force any client on your network, even one with hardcoded dns IPs, to use the pihole.

    If the client is configured for DoH you’ll just have to build out an ip block list in the MikroTik and block all known DoH IPs.

    Create firewall rules to drop all vpn traffic you can, combining port based rules and similar IP lists as for DoH, but subbing in VPN provider IPs. If you want to route your home traffic over a vpn, set up a vpn client in the router itself and basically site-to-site your home to the vpn provider you use.

    This would block the vast majority of kids trying to bypass parents blocks, but it’s asking quite a lot from the parents who don’t have experience configuring this stuff already.