Announcing restic-PyBM v0.1
A Python 3 wrapper to manage restic repositories and monitor them with Nagios-compliant outputs, created by yours truly.
Yubikey & Raspberry Pi based 2-tier CA with step-ca
An affordable solution to set up a basic root CA with physical security for your sensitive keys.
Some notes on a privacy-minded Pi-Hole deployment
Pi-Hole is an excellent solution to block ads, trackers and malware network-wide at the DNS level. With a few tweaks, it can be a great asset for privacy on the…
unbound DNS-over-TLS forwarding server on Debian Buster
Setting up unbound is simple. Getting it to work on Debian Buster with DNS-over-TLS is no rocket science either but does require some fine-tuning explained in this article.
Splitting the IPS from the routing function with pfSense
Following performance issues with my all-in-one IPS/Router setup on my home network, I decided to split it between a pfSense-based IPS and a Linux-based router. This article explains why I…
A subjective list of useful cybersecurity resources
In this (supposedly) frequently updated article, I list websites and publications that I find useful as a referential/background for my cybersecurity activities. Basically, this is a dump of my Feedly…
Icinga 2 with InfluxDB & Grafana on CentOS 7
Icinga started out as a Nagios refactor. It has now become so much more, and is a pretty solid tool to monitor efficiently an heterogeneous system with minimal effort. Along…
Isolation Access Point with CentOS 7
If you read this, you've probably been there: you're the family's IT guy, and every now and then you fix a computer. Potentially full of malware and other nasty stuff.…
Setting up the Suricata IDPS
Firewalls are a good thing, but they're not enough anymore. Ports don't define traffic anymore, we must have a look at the applicative level to enforce policies and block malicious…
Where are you hidden, hotel access point ?!
While staying at an hotel for Hack.lu 2016, I stumbled upon a weird WiFi setup, that lead to weirder discoveries. Or, how an innocent and pragmatic setup can actually be…