xf.is blog

Blocking Living of the Land binaries (LOLBINs) with Windows Firewall

Published in windows.

Many types of malware and remote access trojans (RAT) today now use built-in Windows binaries to stage and infect computers. Programs commonly used in such attacks are powershell.exe, regsvr32, rundll32, certreq.exe, certutil.exe and mshta.exe. Living of the land binaries (LOLBINs) bypass protections such as AppLocker since they reside in the c:\Windows folder and/or are codesigned […]

Expanding ZFS pool online

Published in linux.

At work I’m setting up a new syslog server and wanted the logs to be stored raw on disk (that is not compressed using gzip). To do that I created a ZFS pool with compression enabled allowing for transparent compression. First I created a zpool with a single disk (this is a VM so no […]

Flow control causing SFP+ module to stop working on link down

Published in network.

I recently purchased a MikroTik CRS309-1G-8S-IN router/switch and some generic SFP+ modules from FS.com (mix of 10GbE RJ45 and 850nm MMF modules) to upgrade my home network to 10 gigabit ethernet. One thing I noticed using SwOS version 2.13 on the switch is that after link down event (such as when a computer is turned […]

Upgrading zpool (zfs) feature level on pfSense with GPT (UEFI) boot

Published in pfsense.

After doing a pfSense upgrade where the underlying base system has been upgraded like from 2.4.5p1 (FreeBSD 11.3) to 2.5.1 (FreeBSD 12.2) it is wise to upgrade the ZFS feature level. If booting from GPT (UEFI) with ZFS zroot the zfs feature level upgrade process might have some gotchas that can cause the system not […]

SEND_FPDMA_QUEUED – CAM status: Command timeout on pfSense ZFS install

Published in pfsense.

When installing pfSense 2.5.0 on Seeedstudio Odyssey Blue J4105 I observed the following error message in the system buffer after I selected ZFS install: After retrying couple of times the system installed successfully. After install this error caused the boot to stall for some time but it booted successfully. After some digging around I found […]

View service principal assignments (permissions) in Azure

Published in azure.

At work we recently moved our DNS hosting to Azure DNS in order to simplify our hosting and benefiting from existing RBAC in Azure AD.One benefit of the move is that we could generate limited API keys for clients to be able to use ACME DNS-01 challenge for certificate validation. We have been using acme.sh […]

Moving from KMS activation to Digital License (subscription)

Published in windows.

At work we are moving everything to Microsoft 365 and Azure AD and removing our on-premises environment. One of the issue we encountered was that when we removed the computer from the domain and joined Azure AD, Windows was still activated using our KMS host. In order to convert the computer to use step-up activation […]

List of free ACME SSL providers

Published in ssl.

Please note that many ACME clients only support Let’s Encrypt. Certbot should work with alternative ACME providers. Buypass Go SSL Norwegian certificate authority offering free SSL certificates valid for 180 days (Technical specifications). No wildcard certificates. ACME directory url: https://api.buypass.com/acme/directory Chains up to “Buypass Class 2 Root CA” valid until 2040 DNS CAA: buypass.com Rate […]

Configuring systemd user timer

Published in linux.

To run systemd timer jobs (cron) as a user you’ll need to create a systemd service folder as the user: By default, systemd will only run timers if the user is logged in so to be able to run timer jobs without logged in use we enable lingering session with Then you can drop the […]

haproxy: Monitor PostgreSQL for current master

Published in linux.

There are couple of methods for haproxy to monitor what PostgreSQL instance is currently master so that “dumb” clients can always write to a PostgreSQL instance (instead of connecting to the standby node). First there is the send-binary method by replicating the PostgreSQL V3 protocol but requires trusted connection and is TCP/IP only (no SSL). […]

Next Page »