Nov 11, 2019

How To Setup A L2TP/SSTP Client Access RRaS Server In Azure

Some of us still haven't outgrown the use of Microsoft RRaS as a VPN server. Why should we? It is simple to setup, easy to configure and just plain works!

The other day I decided to setup a RRaS server in Azure to replace an old one we had on premise. It turns out that RRaS isn't officially supported in Azure, but that isn't going to stop us is it?

The reason it apparently isn't supported is because of how routing is configured in Azure. At least, that's the Cliffs Notes version I gathered. I read an article from Richard Hicks that says that you can make it work by enabling IP forwarding on your RRaS VM, then adding a routing table to your vnet to make it work. He's half right, you should enable IP forwarding on your VM's NIC like this:




You'll also want to allow ports 443, 1701, 500 and 4500 to your VPN server in your Network Security Group:



That being said, the rest is easy!

  • Install the Remote Access role, and select Direct Access and VPN (RAS) and Routing.




  • After the install, run the getting started wizard and select the Deploy VPN only option (Unless you need direct access, but that is outside the scope of this post)
  • When you open the RRaS console, right click your server name and select Configure and Enable Routing and Remote Access.
  • Click Next, then select Custom Configuration (Since we're setting this up with a single NIC host)


  • Next select all options, then click Next again and follow the rest of the prompts to install RRaS. 


Now you're ready to configure everything. The only two things you need to know about setting up RRaS in Azure:

  1. You can't point RRaS to an internal DHCP server in Azure, and you can't point RRaS to Azure's DHCP services, so you have to assign IP's from a static address pool in the IPv4 tab under your RRaS server properties. This IP range can't be one that exists in Azure, or matches the host that you're using as your RRaS server.

  2. Since we're not using a custom routes, we need to configure NAT by adding both the Ethernet interface and the internal interface under NAT in the RRaS console.


The Ethernet properties should look like this under NAT:


The Internal interface properties should look like this:


After that, configure your SSL certificate, authentication, etc the way you normally would for RRaS. You'll find that this method is pretty easy and works pretty well. With the NAT setup, you are translating your static pool of RRaS addresses to the network interface of the Azure VM, so you don't have to worry about routes!

I originally setup the route table method way without NAT that was suggested in Richard Hick's post, but when I connected with my client, I couldn't access the internet. In order to access the internet through the VPN tunnel, I had to enable NAT. With NAT enabled, you don't need the routes! 

Did this post help you out? Did you did it a different way? Let us know in the comments!

Oct 21, 2019

How To Hack A Local Windows Password Offline With CHNTPW Live CD/USB


Many moons ago I used to make my own custom version of Ubuntu called Bauer-Puntu that had lots of useful tools already built in. One of the tools I would always install was an offline Windows password rest tool called chntpw.

I once made an awful how to video about using Bauer-Puntu and chntpw. You can watch it below:


The other day I was helping this really gorgeous cop I started dating reset the password on her laptop. Her ex-husband is kind of petty and changed her password just to piss her off. I went to use my trusty Bauer-Puntu USB drive, but the video drivers for it were out of date so it didn't work. Kind of a bummer...

Anyway, looking around I found out that someone made a dedicated live version of chntpw and it works like a charm! I tried it on a Windows 10 VM and it worked flawlessly!

From their page:
Chntpw (also known as Offline NT Password & Registry Editor) is a small Windows password removal utility that can run from a CD or USB drive. The latest version is 140201. Please download the Bootable CD image or the USB version for your own purpose:
  • cd140201.zip (~18MB) – Bootable CD image. (md5sum: f274127bf8be9a7ed48b563fd951ae9e)
  • usb140201.zip (~18MB) – Files for USB install (md5sum: a60dbb91016d93ec5f11e64650394afb)
You can also download chntpw for ALT Linux, Arch Linux, CentOS / RHEL, Debian, Fedora, Mageia, ROSA, Slackware, Ubuntu distributions from this link
If you need to download the old version, please visit Offline NT Password & Registry Editor’s official website
After you’ve downloaded it, you then need to burn chntpw to CD/USB drive in order to get it to work.
If you've been looking for a way to easily hack errr... reset a local Windows password, this is it!

What do you like to use to do offline password resets for Windows? Let us know in the comments!

Sep 30, 2019

Facilitating Your Crypto Trading with Automated Platforms: Superorder Case


Automated trading platforms are growing more popular as investors recognize the benefits that come with their adoption. The process of automated crypto trading is simple yet effective. It allows traders and investors to establish specific rules for trade entries and exits that relate to their trading strategies. The moment they confirm these rules, the algorithms do all the work on the traders’ behalf, meaning they buy and sell assets when the time is right.

For investors that want to reduce their trading efforts and minimize the manual labor in the trading process, automated trading platforms are the best ways to do it.

Automation in trading might sound overly complex for some traders, especially when coding is in the picture. However, what many don't know is that learning how to program your strategies is not necessary for some automated platforms.

Superorder Concept

Superorder is a crypto platform for professional traders that want to explore the benefits of automated trading. What this means is that crypto traders can use this feature to build and run their trading strategies, and avoid manual tracing of the market’s price fluctuations.

The Ukraine-born and USA-grown automated trading terminal was launched in 2018. Perhaps, the best thing about the platform is that traders don’t need to possess coding abilities, nor any programming languages to make their trading strategies. Instead, Superorder provides users with a convenient strategy editor based on blocks – various order types. They’re used to build specific trading chains that are executed automatically later.

That has to be one of the most positive aspects of automated trading, particularly for day traders. Knowing how difficult following a 24/7 market is, this feature comes as a refreshing advantage and a way to control professional trading and keep a balanced personal life.

How Does It Work? 

Automated trading revolves around specific strategies and money management rules that allow the systems to monitor trades with precision, and execute them when the time is right.

All automated platforms are not the same, although the main principles that they apply orbit around the idea of establishing rules for the system to automatically execute. Crypto traders and investors decide on the rules, and let the system know when they want to buy coins, and when it would be ideal to sell them to make a profit and minimize losses. The computer remembers these orders and follows the market changes 24/7. When the selling or buying price reaches the parameter that was entered on the system, it executes it.

There can be many different strategies according to the needs of the investors. What’s positive is that Superorder allows users to make a selection of rules and run simulations to test their strategy before applying it on the market.

After registering an account on Superorder, the trader needs to finish connecting his/her profile from the exchange platform that is being used (in this case it’s either Binance, Bittrex, BitMEX or CEX.IO), and start trading by setting up a strategy. Inside their terminal is where they will be doing this, and the interface makes it easy for traders to get around and start their automated trading.

Main Features 

Superorder offers several features, and we are going to go over some of the most important ones that make this platform stand out in front of its competitors. Although the company is rather new on the market, they still have a lot to offer.

  • Strategy Elements/Building Blocks 


One of the problems with most automated trading platforms is that they are somewhat limited to the elements that professional traders can use in their strategies.

Superorder offers nine elements or strategy building blocks, which can be easily located on their interface. They include: limit buy, limit sell, market buy, market sell, stop loss, sell trailing stop, buy trailing stop, and more. There are also conditional elements like tech indicators and forks.

The trailing stops are an advantage because they can be used even if the exchange does not support them. Additionally, there are also conditions called AND Fork, and OR Forks, which allow traders to split their strategy into two paths to make a more complex chain.

  • Cross-Exchange Orders

Traders can cross their order on multiple crypto exchanges to get the best experience. The process is as simple as using two blocks in the strategy builder. Moreover, the platform can handle more strategies running simultaneously on the same exchange and across different exchanges and coin pairings.

  • User-Friendly Interface 

Professional and even new traders shouldn’t encounter any issues with the platform’s interface, considering that it is manageable and easy to use. Even if they do find something that bothers them, users can easily adjust the terminal according to their unique preferences.

  • Platform Support


Superoder’s platform support is a bit limited. They do, however, introduce four big names in the industry. Currently, the platform supports Binance, Bittrex, BitMEX, and CEX.IO but the developers are planning on adding Bitfinex, Poloniex, and other exchanges soon.

Traders can synchronize to their chosen exchange, a process that will only take a few seconds and is nicely explained on the platform, step by step.

  • Free Trial 

For traders that are switching to automated trading, a trial period is a necessity. It’s also an essential feature to determine scams from real trading platforms that help users achieve growth, instead of tricking them to lose their money.

It’s an advantage that Superorder implemented a 3-day trial period, which should be enough to see whether the terminal is the right fit for you or not.

Final Thoughts

Superorder is a fitting platform for professional traders who want to take the shortcut leading to profits. It’s an advantage not to be dealing with programming languages as it takes a lot of time for traders to master it if they already haven’t. It's also useful that the platform is customizable and user-friendly.

The fact that this automated trading terminal allows easy and simple automated trading, with the opportunity to try it out without paying for two weeks, is certainly a positive aspect and a good sign for traders who want to switch to this type of crypto trading.

Overall, the process of automated trading can be remarkably helpful nowadays, and Superorder is one of the platforms that can successfully provide you with profits, all that while minimizing the manual effort traders would usually put into the process. In other words, professional traders can now enjoy earning profits with less effort.

Sep 16, 2019

How To Implement TLS 1.3 for iRedmail Roundcube in Ubuntu

As many of you know, I use iRedmail for my personal email server and I run it on an Ubuntu 18.04 VM on Linode. No big deal right?

Well, periodically I like to check to make sure my SSL settings are using the most up to date security by running servers tests against SSL Labs. I decided I needed to implement TLS 1.3. It turns out, it's really easy if you are using Nginx like iRedmail uses!

For the iRedmail Nginx configuration, all you have to do is edit the /etc/nginx/templates/ssl.tmpl file and add TLSv1.3 after TLSv1.2 in the ssl_protocols section! Should look like this:

ssl_protocols TLSv1.2 TLSv1.3;

That's it! Do that, save the file and restart the Nginx daemon by running sudo service nginx restart!

Now I'm running TLS 1.3!

Sep 11, 2019

What Makes Bitcoin the Internet of Money

When cryptocurrency is mentioned, people think about Bitcoin more than any other type of digital currency. It was among the first in this sector and it has been successful throughout its history. Although many people interact with Bitcoin, they may not understand the underlying technology.

According to experts, there are international laws involved in creating Bitcoin technology. It functions under blockchain technology which, as we are going to see, is the genesis of better financial operations around the world.

The Pillars of Bitcoin Technology

  • Decentralized verification - Before a transaction is termed complete, it is verified by numerous servers across the world. This reduces theft and fraud, making blockchain technology one of the most trusted today. It also eliminates the possibility of sending money twice.
  • Decentralized ledger - This is where Bitcoin has made its reputation. The transaction information is not stored in one location like with many other financial operations. It is distributed across different servers, which means that anyone can verify it. This increases the level of transparency.
  • Peer-to-peer network - Bitcoin is a global digital currency that mainly operates through a P2P network. This allows peers to collaborate in giving loans, mining, and every verifying transactions. This network is very hard to kill as it is now.
  • Use of digital signature - It sounds easy to forge, right? Wrong! Digital signatures that are used in Bitcoin technology are verified by several parties and they are the center of its success in minimizing digital money theft.

Bitcoin - The Internet of Money

According to experts at Nakitcoins, a website that helps people buy and sell Bitcoins, this digital currency is revolutionizing the world of money at a rapid rate just like the internet is changing the world. Many financial operations are copying these pillars of technology in various ways to improve their operations.

Banks have started applying the use of digital signatures to promote online banking. As of now, those who have successfully implemented this has started enjoying the fruits of reduced hacking and fraud cases.

Apart from financial institutions using Bitcoin technology, people have also accepted the use of Bitcoins to transact. It is a better option that has brought convenience to online buyers and sellers. Many businesses and suppliers across the world now use Bitcoin. Although other digital currencies are used, none have been as globally accepted as Bitcoin.

The other reason why Bitcoin has become very popular is that it is now a thriving business. Through various exchange platforms, people can buy and sell with the intention of making a profit. The digital coin has been making progress in its stability, which improves its reputation among everyone around in the world.

Banks have started applying the use of digital signatures to promote online banking. As of now, those who have successfully implemented this has started enjoying the fruits of reduced hacking and fraud cases.

Apart from financial institutions using Bitcoin technology, people have also accepted the use of Bitcoins to transact. It is a better option that has brought convenience to online buyers and sellers. Many businesses and suppliers across the world now use Bitcoin. Although other digital currencies are used, none have been as globally accepted as Bitcoin.

The other reason why Bitcoin has become very popular is that it is now a thriving business. Through various exchange platforms, people can buy and sell with the intention of making a profit. The digital coin has been making progress in its stability, which improves its reputation among everyone around in the world.

Conclusion

From these insights, it is evident that Bitcoin has indeed become the center of the world. It is penetrating every corner with many benefits. Anyone who gets an opportunity to work with Bitcoin hardly ever turns back.

Most importantly, Bitcoin technology and blockchain can be applied in many financial sectors so that they can also enjoy the benefits that come with it. Now that you know why Bitcoin is the internet of money, it is time to start interacting with the digital coins.




Sep 2, 2019

Highest Paid Blockchain Jobs [Infographic]

If you thought that blockchain only had to deal with cryptocurrencies, you are mistaken. Blockchain is being used in commercial applications now too. That means lots of careers await!

With that, here is an infographic I found that shows you the highest paid blockchain jobs out there! Check it out:


[Via MrDesigner]

Aug 26, 2019

Top 5 Tips on Logging in Java

Source - Pexels
One of the first decisions you have to make when building a website is which programming language you want to use. With all of the different options on the market, selecting the right programming language can be difficult. For years, developers have relied on the power of Java to build and power their websites. This language is both easy to use and very effective.

Did you realize the websites for LinkedIn, Indeed and Ali Express were all built using Java? If you are considering using this programming language, you need to consider a few important factors. If you are using Java to create a web-based or mobile application, monitoring runtime data is crucial. While some people rely on logging as a service, others prefer to do this manually.

Regardless of what method you use to monitor this data, you need to focus on logging as much information as you can. The following are some of the things you need to focus on when logging in Java.

1. Be Careful When Logging Sensitive Information

One of the biggest misconceptions most people have about logging is that they need to get as much information as possible. While having usable data is important, there are certain things you don’t need to store or log on your application. Logging things like a user’s login credentials or financial information is a horrible idea.

Most developers fail to realize that their plain text log files will be processed by a number of unsecured systems. This means that this sensitive information will be at risk. Not only is the practice of logging sensitive information negligent, it is also heavily regulated. This means that if you do not take the proper precautions to protect this data, you may be at risk of being fined.

2. Excessive Logging Creates Problems

Are you looking for a way to keep your website or application fast and responsive? If so, then you need to avoid excessive logging. Taking the time to figure out what data you want to monitor is crucial. The more files you are logging, the slower your site or application will ultimately get.

Not only will excessive logging lead to slower computing speeds, it can make it hard for you to actually read what a log file says. If there are too many log messages, you will be unable to pick out the ones that actually matter. You should really only be logging information that affects either the functionality of your app or the user’s experience.

By being selective with the data you are using, you can make finding and fixing problems much easier. Also, a faster app or website will be far more popular with consumers. The time you invest in cutting down on excessive logging will be worth it in the long run.

3. Making Sense of Cryptic Log Messages

When you start to parse the log files created by your application or website, you will need to view the details to make sense of them. One of the biggest mistakes beginner programmers make is failing to include enough information in these files. If these log messages are vague or cryptic, you will have a hard time making sense of them.

This is why you need to focus on putting things like timestamps, thread name, class name and log level is crucial. This information will act as clues when trying to figure out what is wrong with your app. The last thing you want is for your app to give you log messages you can’t understand.

One of the best ways to ensure you have no problem understanding what a log means is by using workflow rules. These if/then statements can create a predictable outcome and minimize problems during the development and deployment process. If you are curious about how to use this tool, you can find more information on workflow rules on DaniWeb crm's help pages here.

4. Incorrect Log Levels Can Create Confusion

Failing to create adequate log levels will lead to either a flood of unimportant data or the missing of significant events within your app or website’s infrastructure. You need to view choosing the right log level for your system as a priority.

For most logging frameworks, you can use terms like fatal, warn, debug or trace to label various log files. Ideally, you want to name these levels in a way that gives you information about how severe they are. Trace is generally the lowest log level, while fatal is the most serious. With these labels, you should be able to find out how severe the issues you are dealing with really are.

Source - Pexels


5. Ignoring Your Logs is a Bad Idea

The worst thing a developer can do is to work hard to create an adequate and detailed logging system  only to ignore the information it provides. You need to make a habit of looking at these files on a daily basis to ensure everything is working efficiently. Staying on top of the error logs can help you keep your app more dependable and functional.

Keeping Your Program Running

All of the time and effort you invest in logging will be worth it. By keeping track of how well an app is performing, you can detect issues before any real damage is done.



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam