Cleaning Up Sneaky JavaScript

Software can phone home. A lot of software “forgets” some Javascript and fonts on HTML pages inside the desktop program to do this. These are some notes about cleaning up Zeal, an “offline” documentation browser.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Arvioitava laboratorioharjoitus – Linux palvelimet ict4tn021-3003 – to 8-14 – alkusyksy 2018p1 – 5 op

This is the evaluated lab exercise for Linux Server Administration course, 50% of grade. Student had a Live USB stick and an empty computer, and he could use the public Internet. No other tools were allowed. In Finnish.

Feedback average was excellent 4.8 out of 5. Thank you! More feedback on course page.

Continue reading

Posted in Uncategorized | Tagged , , , , , | 4 Comments

Kali as Salt Slave – install salt-minion from upstream

Salt is a configuration management system. With Salt, you can control thousands of computers.

Kali Linux does not have salt-minion in the default repositories, so you have to install it from upstream.

Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

Arvioitava laboratorioharjoitus – Tunkeutumistestaus ict4tn027-3001 – Autumn 2018 – period 1 – 5 op

This is the evaluated final exercise of my penetration testing course. Five and half hours to break into targets + a little OSINT task. In Finnish.

Course is complete. Feedback average was excellent, 4.9 out of 5.0. Thank you! More feedback on course page.


Continue reading

Posted in Uncategorized | 3 Comments

Identity Management Systems Compared

IdM comparison by Markus, Jan and Eetu

One user account, multiple systems. Identity Management (IdM) systems put users in one place. The same user can then login intranet, SSH to Linux and read his email.

My students Markus, Jan, Eetu have compared Free IdM software (in Finnish). After the initial screening, they find Midpoint and Apache Syncope most promising. Next, they will start actual tests.

OpenSourceIdm blog

https://opensourceidm.wordpress.com/2018/10/03/avoimen-lahdekoodin-idm-jarjestelman-vertailu-7-7/#post-111
Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Penetration Tester Visiting from SilverSkin

Penetration tester Dani Frisk visits my course Tuesday.

Dani is a 20 year old hacker from SilverSkin Oy. Dani’s work includes traditional penetration testing against mobile, desktop and network applications. He is also interested in hardware and firmware.

Visit is part of Haaga-Helia pentesting course. It starts at Tue 2018-10-02 at 14:00 pa5004. Following the lecture requires knowing the basics of networks and penetration testing. First Dani will describe a typical pentesting work assignment. Then there is time for audience questions.

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Hello World Python3, Bash, C, C++, Go, Lua, Ruby, Java – Programming Languages on Ubuntu 18.04

Hello world! All programs start with a hello world. It tests that your environment is working, so that you can run your code.

This is how you install and run the most important languages on Linux: Python 3, Bash, C, C++, Go, Lua, Ruby and Java.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Biometrics in Haaga-Helia – eye tracking, pupil size, galvanic skin response, facial expressions, heartbeat

See how listener’s emotional reactions are synced to mine. I pitched my doctoral thesis subject for one minute. Graph shows GSR (galvanic skin response) for both me and the listener. We also measured pupil size, facial expressions, heartbeat, eye fixation and other biometrics today.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

Forgot MariaDB Password – Fix: sudo mariadb -u root

Forgot your MariaDB password? Luckily, you don’t need password for administrative access.

$ sudo mariadb -u root

Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

PHP Database SELECT and INSERT Example – php-pdo

LAMP is probably the most popular web stack in the world. It powers Wikipedia, and it powered Facebook for years.

To access your MariaDB database from PHP server side scripts, use PHP-PDO. Remember to use library functions to put user data into SQL strings (prepare, bind); and sanitize away any Javascript before showing data to users (htmlentities).

Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Install MariaDB on Ubuntu 18.04 – Database Management System, the New MySQL

MySQL/MariaDB is probably the most popular multi-user database in the world.

Since Ubuntu 18.04, you should install mariadb-* packages to use this database.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

CPU Usage Percent – Python One-Liner for Load Average per CPU

Processor usage is 88%. But how do I get a number like this?

For gurus, this Python one-liner prints CPU usage

$ python3 -c "print('{:.0f}%'.format( float('$(cat /proc/loadavg)'.split()[0]) / float('$(nproc)')*100 ) )"
12%

The rest of us can read on how this works. Also, we can learn how to read system state from plain text files and understand load averages.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

sshfs – Securely Mount Filesystems over the Internet – Survive Suspend and Network Down

Sshfs allows you to browse your own folders over the Internet.

It’s a real mount, a directory on your computer, so any program can access the files. And it uses SSH, making it very secure.

$ sshfs -o reconnect,ServerAliveInterval=5,ServerAliveCountMax=3 tero@example.com:/ mnt/tero/

Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Aikataulu DigiStartUp dig4tn024-3002 – syksyllä 2018 – molemmat 1p ja 2p – 10 op

English: Create your own digital product and find paying customers. Real customers, actual money. Course is in Finnish.

Luo digitaalinen tuote ja hanki sille maksavia asiakkaita. Siis oikeita asiakkaita, joilta saa oikeaa rahaa.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , | 17 Comments

Aikataulu – Monialaprojekti Infra pro4tn004-3001 – syksy 2018 – 10 op

English: Complete a project with a company as a client. Work with students from different tracks and backgrounds. Course in Finnish.

Starting projects: Collect and visualize logs with ERK. File server for film company. Identity Management. Video surveilance and system provisioning. Finnish Text to Speech. Fishing. All Free software.

Previous course feedback was very good, 4.1 out of 5. And students even published two books!

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 12 Comments

Vulnerable Super Secure Password Recover – SQL Injection Example

Can you exploit OWASP #1 vulnerability? I wrote a simple vulnerable password recovery app for practicing SQL injections.

(Vulnerable) Super Secure Password Recover ™ is written with Python 3, Flask and Postgres. You can do bad code even with the best tools.

Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

Install Metasploitable 3 – Vulnerable Target Computer

Metasploitable 3 is a ready made practice target for penetration testing. Vagrant installation takes just minutes.

Continue reading

Posted in Uncategorized | Tagged , , , , , | 1 Comment

Aikataulu – Linux palvelimet ict4tn021-3003 – to 8-14 – alkusyksy 2018p1 – 5 op

English: Learn to manage your own Linux server – in 8 weeks. Beginners welcome. Student feedback excellent 4.8 out of 5. Course is in Finnish.

Aloita nollasta. Opiskele 8 viikkoa ja hallitset omaa Linux-palvelinta.

Opintojakson suoritettuaan opiskelija:

  • Osaa hallita Linuxia palvelimena
  • Osaa tehdä tärkeimmät asetukset tärkeimmille palvelimille (Apache, OpenSSH)
  • Osaa asentaa www-ohjelmointiin sopivan alustan
  • Osaa tehdä itselleen uusia asetuksia palvelinohjelmistoihin ohjeiden avulla
  • Tietää esimerkkejä palvelintilan tarjoajista ja hinnoista sekä fyysisten palvelinten vastaavista ominaisuuksista
Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | 41 Comments

ESP32 – Arduino Compatible 6 EUR DevBoard with WiFi and Sensors

ESP32 and a pen. Photo by Heikki Hietala.

My colleague Heikki Hietala experimented with ESP32. He could connect it to Eduroam, the world wide free WiFi network for students.

Heikki used it for building a network controlled version of his morse moai, but you could use ESP32 to build robots and Internet of Things.

ESP32 is Arduino compatible microcontroller, making it very easy to program. It could work nicely with IoT Rapid Prototyping Laboratory Setup I co-developed with Kimmo Karvinen.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Two Books by My Students – Odoo ERP in Finland, Wi-Fi Penetration Testing


My students published two books: Wi-fi Penetration Testing for Beginners and Avoimen lähdekoodin ERP – Odoo Suomessa.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

Configuration Management Course is Finished

Jussi controls 2071 slaves with Salt.

My students have created many interesting projects on configuration management course.

The feedback was excellent, 4.6 out of 5. The most common feedback (mode) was 5 out of 5. Thank you!

Jussi Isosompppi controlled 2071 slave computers with Salt.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Cracking WPA2 Wireless Networks with WPS

My students Kermorvant, Jääskeläinen, Kurenmaa and Eulenberger broke WPA2 protected wireless LAN using WPS attack.

They’ve also broken WEP and brute forced bad WPA and WPA2 passwords. And they show how to buy and configure network cards for this.

Moral of the story: don’t use WEP, use WPA2. Don’t use WPS. And also encrypt end to end with SSH, PGP or other strong encryption. For more security content, read project intrusion blog and come to Penetration Testing course.

Obviously, it’s illegal to break into other peoples networks. Using the tools mentioned requires separated lab environment and other precautions.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

Clickable Table of Contents for Markdown – Ctags with Gedit

MarkDown is a very fast way to write text. You just mark headings with hash “#”. Empty line creates paragraph.

This tutorial shows how you can create a clickable table of contents of your MarkDown document – right inside your text editor. This makes it easier to edit long documents.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Versionable, Plain Text Reference Management – Git, PanDoc and BibTex

When you’re writing peer-reviewed articles, you must have references. Good news: you can have everything in plain text files, even the citation and reference management.

I have only used this exact BibTex setup for a while. However, having written five books in plain text (e.g. MarkDown) and with version control software, I could not imagine using old-fashioned word processor.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

Control Windows with Salt

This long article explores Windows management with Salt.

First, it shows you how to automatically install software to Windows, control Windows boxes behind NAT and firewall and remotely run arbitrary PowerShell commands on Windows.

$ sudo salt '*' pkg.install gedit,firefox,steam,vlc

$ sudo salt winslave cmd.run 'Get-ChildItem C:' shell='powershell'

Later, more complicated features are looked at.

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment
  • Recent Posts

  • Picks

  • Boxing Clock for AndroidOcton8 Diving T-ShirtsShaking Tower Panda Android GameLearn Chinese with Android
  • Student projects