Posts on MayMeow's Blog

I Updated My Caddy Stack With CrowdSec

Sat, 30 May 2026 22:13:08 +0200

I Updated My Caddy Stack With CrowdSec

Lately, I decided to enhance the security of my public Caddy server by implementing CrowdSec, an open-source, collaborative security engine. At its core, CrowdSec functions as an IDS/IPS¹ powered by crowdsourced threat intelligence.

It analyzes behavior logs from servers in real-time; when an attack is detected, that information is anonymized and instantly shared with the entire network, protecting everyone from emerging threats.

I had looked at other solutions in the past, but I was never quite a fan of them until I found this approach.

Humans Replacing Humans

Sun, 17 May 2026 11:51:14 +0200

Jensen Huang said in his speech at Carnegie Mellon University: AI won’t replace anyone, but people who know how to use AI will replace you.

Just found this on one website and almost immidietly one scene from Rick and Morty came up from my mind. That scene is from the episode The Ricklantis Mixup.

“Mortys Killing Mortys”, The scene where Morty (the cop) kills another Mortys from different universe.

There were many dialogues about this problem and mostly they cause was just “religion wars”, and dividing people to 2 groups. One who love AI and the another wo hate it.

My Subscribtions 2025

Sun, 11 Jan 2026 00:05:45 +0100

I have another update in adition to my defaults page. Here are my subscriptions.

I canceled my subscription to Jetbrains Toolox (all apps) and moved to VSCode, which I use now for each of my projects. From streaming I removed Youtube subscription as it took to me much time scrollig and watching videos.

I had a subscription for OpenAI’s Chat GPT but canceled it. After latest update I feel like I talk with totally incopetent person - with someone who just answer without thinking before he open it’s mouth. What I kept is Github Copilot subscription.

My Defaults by the End of 2025

Sat, 10 Jan 2026 23:47:48 +0100

My defaults are mostly the same as they was before, but I removed some services because they was owervhelming and hard to manage. Altrough I still have privacy in my mind I feel at home with big-tech. As a compromis I have at least backup with providers which are more privacy friendly.

Email

I moved my primary domain to iCloud which still supports IMAP and SMTP so i can have it also on my android phone. Also have proton altrough I dont use it primary for email and added Mailbox where I put some secondary domains, I decided to give It a try because of Delta Chat (it has very good limits).

When a Community Reprograms Your Inner Compass

Thu, 18 Dec 2025 09:12:01 +0200

There is a subtle moment that most people never consciously notice. It does not arrive suddenly, it does not create conflict, and it does not look like a mistake. Quite the opposite—it often feels like growth, maturity, or moving in the “right” direction. Only later does a person realize that something is off.

That moment is when personal decision-making quietly stops being grounded in reality and starts being guided by the norms of a group one wants to belong to.

About mobile phones

Wed, 09 Jul 2025 20:01:22 +0100

Today, Samsung announced new foldable devices. As much as I’m into new technologies, especially mobile ones, I think there will come a time when even a biannual upgrade is not sustainable. Upgrades are subtle, and you see smaller and smaller changes every year. But that’s not what bothers me.

What bothers me is the price. It’s higher year after year. I remember buying my first flagship from them for around 500 euros, but now you need more than three times that price. I currently own an iPhone through my mobile provider contract and an S24 Ultra, which I got with a nice preorder bonus for around 700 euros. So that was nice. But when I look at the new Fold, I’ll need 1,600 euros for it. This is where my brain tells me to stop. In my opinion, this price is crazy¹. Without the bonus, you need to spend around 2,500 euros, which is hard to swallow. (I’m comparing it to the 1TB version.)

🌲 Homelab Upgrade

Thu, 26 Dec 2024 20:40:13 +0100

First of all, Merry Christmas to all those who are celebrating.

Network

My network is already divided into a few VLANs (if you want to know more about VLANs, see wikipedia. They can be used to divide your network and provide more security. Each VLAN can (and does) have its own rules.

I have a new home server on which I have installed proxmox to run virtual machines and some containers. I decided to give them their own VLAN. Now my physical servers are accessible from my home network but not from the internet.

Securing Your Public IP With Mikrotik and Vpn

Sun, 15 Dec 2024 18:48:17 +0100

Hello everyone! This is something that has been on my to-do list for a while now, but I just found some time to make it happen. Whether you are a person who values privacy highly or just want to hide your public IP address from services, this is for you.

The reason I wanted to do this is that I have my network divided into several subnets using VLANs. For example, I have one for IoT devices and one for guests. They have different rules for what they can access in my network.

Added Mastodon Author Attribution to My Website

Tue, 08 Oct 2024 23:59:56 +0200

Earlier today Mastodon 4.3.0 was released and added few nice feature. Among others they added something that is called Author attribution. It adds a small tag with link to your profile when link from your site is shared.

Robb wrote about how you can add attribution to your own website.

In short:

Add new meta tag fediverse:creator into head of your page for example <meta name="fediverse:creator" content="@may@social.lol" />
Then go to your mastodon instance profile, click Edit profile then Verification
Scroll down to Author attribution and put there domain of your blog(s).¹

You are done. Now you can try to link something from your own blog. Like I did with this post.

A List of Infosec Tools

Thu, 19 Sep 2024 12:52:47 +0200

A list of information security tools for assessments, investigations and other cybersecurity tasks.

Also worth checking out is CISA’s list of free cybersecurity services and tools.

Jump to Section

OSINT / Reconnaissance
- Network Tools
- Breaches, Incidents & Leaks
- FININT
- GEOINT
- HUMINT
- IMINT
- MASINT
- SOCMINT
- Email
- Code Search
Scanning / Enumeration / Attack Surface
Offensive Security
- Exploits
- Red Team
Vulnerability Catalogs & Tools
Blue Team
Assembly / Reverse Engineering
OS / Scripting / Programming
Password
Assorted
- OpSec
- Jobs
- Conferences/Meetups
- Research & Blogs
- Funny
- Walls of Shame
- Other

OSINT / Reconnaissance

Common Crawl - Open repository of web crawl data
Cylect.io - Ultimate AI OSINT searching tool
DarkwebDaily.Live
Dehashed - Data-mining and deep web asset search engine
Dork King - Bug Bounty Dorks
DorkGenius - Generate custom dorks for Google, Bing, DuckDuckGo, & more
DorkSearch.com - Faster Google Dorking
FOFA - Search engine for global cyberspace mapping
Google Advanced Search Operators - A resource for doing advanced Google searches
Have I Been Squatted? - Check if your domain has been squatted.
Hunter.how - Internet search engines for security researchers
IntelligenceX - Search Tor, I2P, data leaks, domains, and emails
Lopseg - OSINT tools
MetaOSINT - Aggregation of “top” tools & resources intended to help jumpstart OSINT investigations
OSINT Framework - Helping people find free OSINT resources
OSINT Industries - Gateway to email-based research
SEC eFilings (EDGAR) - Electronic Data Gathering, Analysis and Retrieval system
SpyOnWeb - Find related websites
Wayback Machine - The archive for the Internet and a time machine for the web
Well-Known Resource Index - Search /.well-known/ resources served by sites across the web
Worldwide OSINT tools map - Phonebooks, cadastral maps, vehicle numbers databases, business registries, passengers lists, court records and much more
ZoomEye - Target information search

Network Tools (IP, DNS, WHOIS)

AbuseIPDB - Check IP address, domain name or subnet
American Registry for Internet Numbers (ARIN) - Administers IP addresses & ASNs
Better Whois - The whois domain search that works with all registrars
DomainTools - Whois lookup, domain availability and IP search tools
DNSCheck - DNS tool
DNSDumpster - DNS recon & research, find & lookup dns records
DNSViz - Tool for visualizing the status of a DNS zone
dnsqueries.com - Collection of online network tools
Hurricane Electric BGP Toolkit - A variety of Internet services and network tools
Internet Namespace Security Observatory - DNSSEC statistics and insights into the global adoption of secure internet namespaces
IPSpy.net - IP Lookup, WHOIS, DNS, Utilities
IPVoid - Discover details about IP addresses
ManageEngine Site24x7 - Free Tools for Network, DevOps and Site Reliability Engineers (SRE)
Netcraft - Collection of internet security services
Network Solutions - Whois lookup for domain registration information
NetworkScan - IP Lookups for Open Ports
NsLookup - Online tool for querying DNS servers
Online Whois Tool - WHOIS
Radar | Cloudflare - Search for locations, AS, reports, domains and IP info
RIPE Network Coordination Centre - Organization that allocates and registers blocks of Internet number resources to ISPs and other organizations
Subdomain Center - Subdomain discovery
who.is - Whois search, domain name, website and IP tools
ZoneDiff - Monitor new and expired domains with daily TXT dumps

Breaches, Incidents & Leaks

Breach HQ - Open database of security incidents
CSIDB - Cyber Security Incident Database
Cybersecurity Incident Tracker | Board Cybersecurity - Tracker for cybersecurity incidents reported in an entity’s 8-K
DataBreaches.net - Information on corporate security breaches
DefiLlama Hacks - Cryptocurrency hack tracker
escape.tech API Data breaches - Database for API data breaches
Firefox Monitor - Find out if your personal information has been compromised
GDPR Enforcement Tracker - Overview of fines and penalties which data protection authorities within the EU have imposed under the EU GDPR.
Leak-Lookup - Data Breach Search Engine
LeakPeek - Data breach search engine
Northrecon - Incident database
PrivacyRights.org Data Breaches - Info on publicly available reported breaches
Public Cloud Security Breaches - Security incidents and breaches from customers in major cloud providers
Ransomfeed
RansomLook - Tracking ransomware posts and activities
Ransomware.live - Ransomware leak monitoring tool and observatory
Ransomwatch - Ransomware page crawler
Ransomwhere - Open, crowdsourced ransomware payment tracker
search.0t.rocks
SnusBase - Data breach search engine
White Intel - Dark-Web Scan

FININT (Financial Intelligence)

GSA eLibrary - Source for the latest GSA contract award information

GEOINT (Geographical Intelligence)

Homemetry
MoonCalc - Calculate moon phase
PeakFinder - Mountains/coordinates
PowerOutage.us - Track, record and aggregate power outages in the US
SunCalc - Sun path computation, solar data & geo data

HUMINT (Human & Corporate Intelligence)

No-Nonsense Intel - List of keywords which you can use to screen for adverse media, military links, political connections, sources of wealth, asset tracing etc
CheckUser - Check desired usernames across social network sites
CorporationWiki - Find and explore relationships between people and companies
Crunchbase - Discover innovative companies and the people behind them
Find Email - Find email addresses from any company
Info Sniper - Search property owners, deeds & more
Library of Leaks - Search documents, companies and people
LittleSis - Who-knows-who at the heights of business and government
Minerva - Find TRACES of anyone’s email
NAMINT - Shows possible name and login search patterns
OpenCorporates - Legal-entity database
That’s Them - Find addresses, phones, emails and much more
TruePeopleSearch - People search service
WhatsMyName - Enumerate usernames across many websites
Whitepages - Find people, contact info & background checks

IMINT (Imagery/Maps Intelligence)

Exposing.ai
Insecam - Live cameras directory
Map IPs - Paste up to 500,000 IPs below to see where they’re located on a map
Map of worldwide ransomware attacks
Photo OSINT - A lot of OSINT tools
World Imagery Wayback - Digital archive, providing users with access to the different versions of World Imagery created over time
WorldCam - Webcams from around the world

MASINT (Measurement and Signature Intelligence)

Wigle.net - Database of wireless networks

Discord Servers - Discord server search
Find a Discord - Discord server search
Lyzem - Telegram search engine
Spy.pet - Explore Discord’s data
TGStat - Telegram search channel

Email

DMARC Checker - Check DMARC, DKIM, and SPF Settings
EmailFormat.com - Find the email address formats in use at thousands of companies
Hunter - Search for professional email addresses
merox.io - DNS security and DMARC
MX Lookup Tool - Check your DNS MX records online
MX Toolbox - List MX records for a domain in priority order
DMARCIAN - Control Your domain, Secure your Email.
Mail Tester - Newsletters spam test
MESCA - My Email Communications Security Assessment (MECSA)

Code Search

grep.app - Search across a half million git repos
PublicWWW - Find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code
searchcode - Search 75 billion lines of code from 40 million projects

Scanning / Enumeration / Attack Surface

Awseye
badkeys.info - Checking cryptographic public keys for known vulnerabilities
Browser History Analyzer - Processes your browser history
Built With - Find out what websites are built with
Censys Search - Search IP address, name, protocol or field
CensysGPT Beta - CensysGPT beta simplifies building queries and empowers users to conduct efficient and effective reconnaissance operations
Cert Central
CertDB - A searcheable database of the internet’s SSL/TLS certificate names
CriminalIP - Search for information about assets connected to the public Internet
crt.sh - Certificate search
CRXcavator - Chrome extension scanning
FullHunt - Attack Surface Enumerator
Grayhat Warfare - Public Bucket Finder
GreyNoise - Internet-connected devices
HTTP Observatory - Analyzing compliance with best security practices
ꓘamerka and ꓘamerka lite - Public ICS identification
LeakIX - Search publicly indexed information to find security misconfigurations
Netlas - Search and monitor internet connected assets.
Onyphe - Cyber defense search engine
OSINT.SH Public Buckets - Public Bucket Finder
S3 Bucket Scanner | purpleleaf - Checks S3 bucket-level permissions that may allow data exposure
Security Headers | Probely - Analyze HTTP headers
SecurityTrails - Attack surface scanning
Shodan - Search engine for internet-connected devices
Shodan | InternetDB - Fast way to see the open ports for an IP address
Shodan-Dork
Should I click? - Tells you if it’s safe to click on a link
SSL Checker - SSL certificate verification
SSL Server Test - Tool from Qualys to perform deep analysis of the configuration of an SSL web server
urlscan.io - Scan and analyze websites
Wappalyzer - Identify technologies on websites

Offensive Security

Exploits

Bug Bounty Hunting Search Engine - Search for writeups, payloads, bug bounty tips, and more…
BugBounty.zip - Your all-in-one solution for domain operations
CP-R Evasion Techniques
CVExploits - Comprehensive database for CVE exploits
DROPS - Dynamic CheatSheet/Command Generator
Exploit Notes - Hacking techniques and tools for penetration testings, bug bounty, CTFs
ExploitDB - Huge repository of exploits from Offensive Security
files.ninja - Upload any file and find similar files
Google Hacking Database (GHDB) - A list of Google search queries used in the OSINT phase of penetration testing
GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection
GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Hijack Libs - Curated list of DLL Hijacking candidates
Living Off the Living Off the Land - A great collection of resources to thrive off the land
Living Off the Pipeline - CI/CD lolbin
Living Off Trusted Sites (LOTS) Project - Repository of popular, legitimate domains that can be used to conduct phishing, C2, exfiltration & tool downloading while evading detection
LOFLCAB - Living off the Foreign Land Cmdlets and Binaries
LoFP - Living off the False Positive
LOLBAS - Curated list of Windows binaries that can be used to bypass local security restrictions in misconfigured systems
LOLC2 - Collection of C2 frameworks that leverage legitimate services to evade detection
LOLESXi - Living Off The Land ESXi
LOLOL - A great collection of resources to thrive off the land
LOLRMM - Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors
LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes
LOTTunnels - Living Off The Tunnels
Microsoft Patch Tuesday Countdown
offsec.tools - A vast collection of security tools
Shodan Exploits
SPLOITUS - Exploit search database
VulnCheck XDB - An index of exploit proof of concept code in git repositories
XSSed - Information on and an archive of Cross-Site-Scripting (XSS) attacks

Red Team

ArgFuscator - Generates obfuscated command lines for common system tools
ARTToolkit - Interactive cheat sheet, containing a useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises
Atomic Red Team - A library of simple, focused tests mapped to the MITRE ATT&CK matrix
C2 Matrix - Select the best C2 framework for your needs based on your adversary emulation plan and the target environment
ExpiredDomains.net - Expired domain name search engine
Living Off The Land Drivers - Curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks
Unprotect Project - Search Evasion Techniques
WADComs - Curated list of offensive security tools and their respective commands, to be used against Windows/AD environments

Web Security

Invisible JavaScript - Execute invisible JavaScript by abusing Hangul filler characters
INVISIBLE.js - A super compact (116-byte) bootstrap that hides JavaScript using a Proxy trap to run code

Security Advisories

CISA Alerts - Providing information on current security issues, vulnerabilities and exploits
ICS Advisory Project - DHS CISA ICS Advisories data visualized as a Dashboard and in Comma Separated Value (CSV) format to support vulnerability analysis for the OT/ICS community

Attack Libraries

A more comprehensive list of Attack Libraries can be found here.

Google Cybersecurity Professional Certificate

Mon, 09 Sep 2024 09:40:20 +0200

My consolidated notes:

🔗.maymeow.lol/cs-notes (notion)

Prefessor Messer’s channel

Also check this youtube channel - it contains many good information related to cybersecurity and not only for this course:

https://www.youtube.com/c/professormesser

Other Tips

Don’t stay only with information from the course on coursera - do your own reasearch, read books or find informations on the internet, for example on the education sites or quality Youtube channels.
Practice - just watching and listening is no enough to remember things
Take notes - it helps you remember more
Try to understand concepts - It is not enough to learn something like a poem. When a situation arises where you have to use your knowledge, it will not be enough.
Cybersecurity is huge and no one becomes an expert overnight.

Copying Large Files Over Ssh

Sun, 08 Sep 2024 16:02:22 +0200

If you tried to copy files via SSH you know that you can use scp to do this. For example:

SCP

1scp you@1.2.3.4:/path/to/file.rar ./
2
3# or to download folder
4scp you@1.2.3.4:/path/to/folder ./

Most of the time, this solution works, but if you have an unstable connection, you have to start downloading files all over again. Even worse, if the file is large, it will take a long time to download.

Cybersecurity Is Not Full

Wed, 07 Aug 2024 11:20:02 +0200

I just read one blog post where the author talking about that the field in cybersecurity (cs)is full. I don’t think so! Go ahead and make own your point. https://cyberisfull.com/category/cybersecurity.html

At first, I agree there are many companies who tells you don’t need prior education to become a cs specialists. And they doing it because it something that can sell to you, and now it is lucrative. Yes become hacker (as you see in movies) is … “sexy” (?) job.

Cybersecurity Resources

Fri, 19 Jul 2024 12:43:17 +0200

You will find here:

Assignments
Short answers
Lecture notes (a few as I write my notes by hand using pen and paper or my iPad)

Where to start?

Courses

You can take this courses from coursera in order as follows:

Google IT Support Professional Certificate - https://www.coursera.org/professional-certificates/google-it-support
Google Cybersecurity Professional Certificate - https://www.coursera.org/professional-certificates/google-cybersecurity

Professional certifications

courses above (especially 2nd one) is preparation for Security+ certificate.

CompTIA A+ certificate
CompTIA Network+ certificate
CompTIA Security+ certificate

Books

https://www.amazon.com/dp/B0CGTHPPXV?ref=yb_qv_ov_kndl_dp_rw - CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide

Chat & study groups

Contains many materials that are related to cybersecurity. Hey have also dedicated section fo WGU students.

🔐 Using Environment Variables a Little More Securely

Tue, 16 Jan 2024 22:00:52 +0100

Storing credentials in text files is not such a smart idea. A few days ago I found a post somewhere on reddit where people were discussing a more secure way to use environmental variables for restic. (By default they are stored as plain text).

When I tried to look for a solution for this, I found another post where people talked that you can customise restic code and build it yourself. But who wants to do that?

🎄 Creating My Own Blogging Platform

Sun, 17 Dec 2023 22:21:54 +0100

For a while now I have been thinking about a blogging system for myself that I would be happy with. I tried Ghost and Wordpress (including multisite) and some others but something was still missing.

Ghost is made with Javascript (which is not my friend) and is difficult for me to add functionality to.

Wordpress - why does a theme need so many plugins? Do you guys who use a theme you bought from one of the shops know what those plugins do? Or when they were updated? I really don’t like it when my theme prevents me from updating the site. And what more I’m not fan of those word-like editors for web. They are called WYSIWYG or whatever.

🤔 Privacy Matter but What About Security?

Tue, 10 Oct 2023 15:20:38 +0200

I don’t know. After the last few weeks, I still feel that a lot of people don’t care about cybersecurity. Most people are more concerned about privacy, but security is the 2nd rail.

Companies trying to look perfect, having the latest furniture, new buildings, but still using a lot of old hardware that is no longer maintained and no longer secure.

People buying expensive things, everyone talking about privacy. A lot of people moving away from big companies and wanting to give their personal data to someone who is privacy friendly, even if those providers are often individuals who have their servers in the basement.

📯 Setting Up Reposting

Sun, 08 Oct 2023 20:57:53 +0200

Hello everyone!

This is just a quick post to test reposting posts from my blog to other social networks like mastodon or bluesky. Until now, my “reposting” was based on my action (and if I forgot, no new post information was on my mastodon).

I’ve just read that you can use your rss and Micro.blog to repost what’s on your rss to other supported sites. This isn’t new to me, but after I tried it and it didn’t work I left it as is with the thought that I’ll look at it later. And now is the time I think.

🐧 Securing Ssh for Linux

Wed, 09 Aug 2023 15:05:13 +0200

all following changes was made in sshd_config and you need root permission to do this. Open file with sudo nano /etc/ssh/sshd_config or any other editor.

Disable root access

Before you do this step, make sure you have another user that is in sudo gorup. Check Initial Server Setup on Cloud Services post if you need help with that.

Now open sshd_config file and find and uncomment following line

1# ...
2PermitRootLogin no
3# ...

Save this file and restart ssh server

🔧 About Wireguard and MikroTik

Mon, 03 Jul 2023 12:58:20 +0200

Wireguard network: 10.11.18.0/30 allow to set exactly two IP addresses, if you have more routers you will need a larger range.

	Site 1 (Router 1)	Site 2 (Router 2)
Wireguard IP	`10.11.18.1/30`	`10.11.18.2/30`
Reouter IP	`192.168.8.1/24`	`172.17.17.1/24`
Network	`192.168.8.0/24`	`172.17.17.0/24`

Router 1 (a.k.a. Server)

Addresses configuration

IP Address: 192.168.8.1/24
Network: 192.168.8.0/24
WG Address: 10.11.18.1/30

1/ip address
2add address=192.168.8.1/24 comment="Router 1's home network" interface=\
3    bridge-local network=192.168.8.0
4add address=10.11.18.1/30 interface=WG01 network=10.11.18.0

WireGuard interface

1/interface wireguard
2add listen-port=13251 mtu=1420 name=WG01 private-key=\
3    "<--private-key-is-generated-while-creating-interface-->"

Wireguard peer configuration

allowed-address: put there addresses of networks/devices that should be accessed trough VPN tunnel

1/interface wireguard peers
2add allowed-address=10.11.18.2/30,172.17.17.0/24 interface=WG01 public-key=\
3    "<--put-here-public-key-from-Router-2's-WG-interface-->"

Routing

Destination address: network behind router 2 172.17.17.0/24
Gateway: WireGuard IP address from router 2 10.11.18.2

1/ip route
2add comment="Routing to Router 2's network" disabled=no distance=1 dst-address=172.17.17.0/24 \
3    gateway=10.11.18.2 pref-src="" routing-table=main scope=30 \
4    suppress-hw-offload=no target-scope=10

Router 2 (a.k.a. Client)

Addresses configuration

IP Address: 172.17.17.1/24
Network: 172.17.17.0/24
WG Address: 10.11.18.2/30

1/ip address
2add address=172.17.17.1/24 comment="Router 2's home network" interface=br1 network=\
3    172.17.17.0
4add address=10.11.18.2/30 interface=WG01 network=10.11.18.0

WireGuard Interface

1/interface wireguard
2add listen-port=13251 mtu=1420 name=WG01 private-key=\
3    "<--private-key-is-generated-while-creating-interface-->"

WireGuard peer configuration

persistent-keepalive : It must be set for at least 10 seconds, otherwise the router will not dial the connection.

1/interface wireguard peers
2add allowed-address=192.168.8.0/24,10.11.18.0/30 endpoint-address=\
3    mipapredajna.dyndns.org endpoint-port=13251 interface=WG01 \
4    persistent-keepalive=10s public-key=\
5    "<--put-here-public-key-from-Router-1's-WG-interface-->"

Routing

Destination address: network behind router 1 192.168.8.0/24
Gateway: WireGuard IP address from router 1 10.11.18.1

1/ip route
2add comment="Routing to Router 1's network"
3 disabled=no distance=1 dst-address=192.168.8.0/24 gateway=10.11.18.1 \
4    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
5    target-scope=10

Summary

WG Interfaces generating their own keys while configuring interface
Put public key of Router 1’s WG interface to peer configuration on Router 2 and vice versa
On Router 1 add router to Router 2’s network and as gateway use Router 2’s WG IP address and vice versa (on Router 2, Router 1’s network and as gateway use Router 1’s WG IP address)

📱 I Am Switching to Readwise Reader

Sun, 30 Apr 2023 22:45:48 +0200

I decided to try a new Readwise reader application. I already use their application for highlights from books I read so when I found that they have a read-it-later application I had to try it.

The app is currently in beta and you can get a 30-day trial version regardless of whether you have used the Readwise app before. I posted screenshots from the iOS version but you can get the Android version as well.

🔐 Using reCAPTCHA with JavaScript and PHP

Fri, 23 Dec 2022 18:28:22 +0200

I had to update the page of one of my clients to use some verification before guests can submit the form because they receive many unwanted messages from there. One of the ways is using reCAPTCHA and making guests solve puzzles before they can submit the form.

Prepare

To implement reCAPTCHA on your PHP page, you will first need to sign up for an API key pair on the reCAPTCHA website. Once you have your API key pair, you can add the following code to your PHP page to display the reCAPTCHA widget:

👷 My Workflow

Sun, 04 Dec 2022 16:14:21 +0100

Hey, guys! Today I will show you how my workflow looks like. This is the latest version, I changed it a few times before. If you read my blog, you know that before I hosted a lot of things at my home on my server. Gradually I moved things to the cloud and now I’m trying to simplify my workflow. It’s nice to manage your stuff yourself, but it takes a lot of time. Let’s take a look at how I managed to do it.

⚙️ Manage multiple git accounts

Mon, 24 Oct 2022 21:17:40 +0200

This is an instruction only for Linux, I use this procedure also on Windows but this one is not described yet. I plan to add it as soon as I write it.

Hi! Do you have multiple git accounts or you just using one? I have multiple and everytime I reinstall my system I trying to find how I configured it before… (i finally wrote this together here).

Im using multiple git config file rather than multiple host names (i don’t like to have somethink like git@github-work or git@github-personal).

⚙️ Sending Message to Mattermost With PHP and Github Actions

Thu, 04 Aug 2022 07:32:31 +0200

Today I show you how you can send notifications to Mattermost with PHP and Github Actions. There are some implementations on Github Marketplace but nothing was made with PHP, there was Javascript, Go, or Python. But PHP can be used to create command-line utilities and it’s very easy. Don’t trust me? Come I’ll show you.

Photo by Daria Nepriakhina 🇺🇦 on Unsplash

🔢 Introduction to PHP Enums

Sun, 03 Jul 2022 18:14:46 +0900

PHP 8.1 finally brings enums which can be know from other programming languages like C#. It is in my opinion one of best things which came with new php version.

🔐 Use 2FA Everywhere

Mon, 25 Apr 2022 09:39:40 +0200

Yes! Use 2 factor authentication (2FA) everywhere and everytime it is possible. Novadays it is pretty common and almost all servicess to allow you to use some kind of 2FA.

What is 2FA?

2FA gives you to your service identification (e.g. emal/username & password) another layer to verify your identity. After logging with your username and password site will ask you to enter one time passowrd or use hardware key (its based on type 2FA you using).

Add VPN With Powershell

Tue, 05 Oct 2021 14:07:42 +0200

Ok when you need to configure vpn on more PC is easier to do this with powershell than with mouse clicking … Here it is example for L2TP oveer IPSec.

Sending Strings as Files with CakePHP server response

Mon, 20 Sep 2021 14:55:39 +0200

With CakePHP it is quite easy to send any string as a subfile. As an example below is the creation of an ICS subfile (for a calendar invites)

My Selfhosting Workflow

Mon, 13 Sep 2021 11:14:48 +0200

Hi there! I have here another update on selfhosting. I hosting all services with docker and using docker-compose.yml file to deploy services. I wrote about it more in Notes on Selfhosted Services. Ok, now i have one repository for configuration and each application has it own repository where I have source codes and where i building image. All my sorce codes are stored on GitLab and all jobs runs on Gitlab ci after pushing to repository.

Notes on Selfhosted Services

Thu, 02 Sep 2021 22:33:12 +0200

I started selfhosing with one service (Gitlab) 5 years ago, but now i have more services on totally 1 dedicated server and few VPSs in cloud.

Server configuration storage

First i had each service per git repository but was hard to manage if you have each service in different folder so i moved the to one big repository. My directory structure looks as follows

1application
2- application name
3-- service_vars
4-- service_config
5-- docker.compose.yml
6...
7global_vars
8scripts

Each application has it’s own subfolder whe are stored it’s configuration files and environmental variables.

Installing Cloud Hosted Router on Cloud

Sun, 22 Aug 2021 22:13:44 +0200

I have part of my self-hosted services on cloud and part at my home, ia have solved connection between them with OpenVPN sever installed on cloud machine and Raspbery Pi 2 as my client. If you are familiar with MikroTik, you can instal Cloud hosted router on your provider.

Installation

This first part can be different by cloud service provider. I’m installing this on Hetzner cloud.

Create new cloud machine, go to settings and enable rescure system.

How to Install Virtualbox on Elementary OS Odin

Wed, 18 Aug 2021 22:13:38 +0000

Is here is the guide.

FIrst of all go to Virtualbox site. Click downloads and download .deb. (as you know Elementary OS is ubuntu based system).

Next step is open terminal and install virtual box as follows

1cd Downloads
2sudo apt install ./virtualbox-6.1_6.1.26-145957\~Ubuntu\~eoan_amd64.deb # use filename of your downloaded deb file

Done? No. I go into errors about that the my OS was not configured to build headers so i had to installed them manually:

Sending Exit Code Over Curl

Tue, 27 Jul 2021 10:56:16 +0000

Hi everyone! I created few scripts to backum my server’s data to my S3 storage and wanted to be notified when backup fails. Until now I used Zabbix with zabix-sender but I found maybe better server monitoring for me: Netdata. So when I dont use zabbix anymore I needed another solution and found one. You can post status code with curl to any api (or you can create easy script for example in the GO to send data to the api, this is just easier and faster solution for me now.)

Docker Volume on NFS?

Tue, 20 Jul 2021 13:09:45 +0000

No Problem. Did you know you can have your volumes on nfs server? Yes i know you can mount NFS folder on server and then on point docker volume to this folder, but i will show you how to mount volume right with docker. Btw you can read more about docker storage on official docker documentation. As prerequisity you will need to have installed NFS server.

Now you can run docker image with volume pointed to your nfs server

Moving to Github

Thu, 24 Jun 2021 20:55:08 +0000

Hi! Yes, ts true i started to slowly move my repositories to Github. I still selfhosting Gitlab but i thought about switching back if you want know more you can read Why I Am Thinking About Stop Selfhosting Gitlab. Ok i was skeptical when Microsoft aquired Github but now i thinks it was best thing that could happen to Github. They Adding new features like actions, codespaces, packages, docker image hosting. They made subscription cheaper, added private repositories for teams for free and many more.

How to Host Static Websites With Amazon S3 and Cloudflare

Mon, 08 Mar 2021 19:55:37 +0100

Hi! I moved my website to s3 + cloudflare for SSL certificate. Do you want to know how? I will show you:

First you will need to create new storage so Login to your AWS console as admin.

Create Bucket

Click on services and then select S3 from storage section.

On page click on Create Bucket in right corner and:

Change Bucket name in my case www.themaymeow.com
Choose AWS Region
Uncheck Block all public access
Keep other unchanged
Click Create Bucket

Update bucket properties

You will see bucket lists so select you bucket and from bucket page select Properties tab

🐋 How to Run Wordpress in Docker

Mon, 01 Mar 2021 19:01:12 +0100

I’m not a very big fan of WordPress. In my honest opinion main problem (and benefit?) is that WordPress has many plugins.It is like two sided sword where on one side you have plugins for almost everything and on other side is quality of those plugins. Some plugin are good supported by their creators to ensure copatibility with latest version of Wordpress and sometimes just one plugin on your page blocking you from upgrade to a new version because the developer not updating it anymore.

How to Install and Configure Samba

Wed, 24 Feb 2021 12:26:11 +0200

H1, let’s see what you need to do when you want share files between windows and linux. There are mroe ways how you can do it, and one is to install and configure samba service on your server. After successfull installink you can conect trough file explorer to \\server-ip\path\to\folder or you can map this path to letter like disk for example S:. So let’s start:

Install samba

1sudo apt update
2sudo apt install samba
3
4# check status
5sudo systemctl status smbd

Configure firewall (optional)

1sudo ufw allow 'Samba'

Create Backup of configuration files

1sudo cp /etc/samba/smb.conf{,.backup}

Configuration

1sudo nano /etc/samba/smb.conf

Defailt values

Xfce Terminal Color Emoji

Sun, 21 Feb 2021 13:18:48 +0100

If you have missing emojis in XFCE as i had terminal following informations are for you. I found this on manjaro related forum but it worked for me in my Endeavour OS as well.

Get a Rating With Traefik SSL

Thu, 04 Feb 2021 14:08:41 +0100

Traefik has enabled (I don’t know why) TLS < 1.2 by default.

Note on OpenVPN Routing

Mon, 18 Jan 2021 10:43:08 +0100

Hi!. This one will be short. I should have created routing to my server from internet over OpenVPN. Problem was not with forwarding on itself, you can find a lot of tutorials on internet and basicaly you just need to follow them. Problem for me was that i have my server in clients network.

Consume Api With GO

Wed, 09 Dec 2020 13:23:40 +0100

A few days ago I have to look at consuming API with GO from Ghost so here is what I learnt.

A very simple example of how to consume API and print it as text to console. It’s not much but it’s good to start.

🌈 Php Color Conversion From Hex to Rgb and Back

Tue, 01 Dec 2020 20:24:37 +0100

Following Color class will allow you to convert colors from RGB to hex and back

Create API With CakePHP

Fri, 25 Sep 2020 10:02:54 +0200

Before created API with prefixes. So I had API in the controller folder with everything else but when you have many controllers it can be hard to navigate between them. So I decided to move all API controllers to a new plugin that I called Api (the similarity of the names is purely random). And the second good thing on this is that you can have easily versions of your API. So here I using prefixes for API versioning (V1, V2 …).

Static Sites With Minio and S3www

Wed, 19 Aug 2020 07:02:56 +0200

Hi! If you read my last post you know how to host your static pages on Azure. I know there are some of you who want opnsource solutions or want to host on your own server / vps by themself. There is a solution - did you heard about Minio and s3www? Minio is object storage compatibile with s3 and it’s 100% open source, s3www is opensouce software that can serve pages from compatibile s3 storage and it’s “Let’s Encrypt ready”. Anyway i dont use lets encrypt on s3www because both of them are don’t resource greedy so you can host more things on one server (i tried on $5 droplet gitea, s3, wikijs, drone, …), so i using Traefik which can automatically create let’s encrypt certificates for all your services.

Quick Note on Minio Users

Wed, 19 Aug 2020 06:12:30 +0200

Hi! I want to show you how you can add new user on your minio server and how you can assign him access rights to selected folders by creating policy.

Create user

1mc admin user add mystorage <NEW-USER-ACCESS-KEY> <NEW-USER-SECRET-KEY>

New users dont have any access on server, You can just login so you will need to setup policy and assign it to newly created user

Create Bucket

1mc mb mystorage/my-site

Create policy.

Update User Guid to Match Existing User in Microsoft 365 Azure Ad

Sun, 16 Aug 2020 14:54:00 +0200

Let’s see what to do when azure ADSync synchronize you on Premise AD user to azure to @domain.onmicrosoft.com. In most cases it was done when i have already existing user username@mydomain.tld. Fortunately this is fixable problem. So what to do?

First of all you will need to find ObjectGUID of users which you want update. This can be retrieved form you local AD. But not that one you can find in MMC if you check users atribute. This format is not accepted with Azure AD, so there is another way to obtain it. We use tool called LDIFDE.

Deploy Your Site to Azure with GitLab

Thu, 13 Aug 2020 10:38:25 +0200

👋 Hi! I wanted to host this site on azure blob storage and I found this solution. It’s created with Hugo. I’m using Gitlab CI to deploy it to the server.

🌊 Configure static site hosting on azure

So First thing you need is to create an Azure account. When you are done then go to Azure Portal, and create the storage account
Locate your storage account
On the menu pane (left) find “Static website” and select Enabled to enable it.
Configure paths for Index document for. example index.html and for Error document 404.html. Click Save, that’s it, you have configured your Azure storage to server static websites.

🕸 Custom Website address

The next thing you will need is to configure CNAME records in case you want to use your domain. 💡 Azure will serve your page under HTTP, but I wanted to use HTTPS so I using Cloudflare DNS which proxying data to azure blob storage. In this case, you need to verify the domain indirectly (not proxied). So Let,s create 2 new CNAME records.

Settig Up SSH Keys for Ubuntu

Fri, 31 Jul 2020 16:09:08 +0200

SSH is a protocol that users/admins can use to communicate with their Linux servers. In this post we created an initial setup for the server and you can try how to connect to the server over SSH. We have used a username and password. Now I show you how to connect to the server without a password

Remember - the password you will need for running Sudo commands if you are a regular user.

Initial Server Setup on Cloud Services

Fri, 31 Jul 2020 15:32:58 +0200

When you installing linux server to you computer you will create new user trough instll wizard but most cloud (if not all) will create only root user which have all rights to everything on your server.

Hello World

Fri, 29 May 2020 16:03:51 +0200

This si first post on page. This page is made by hugo with Gitlab-CI, ill wrtie more about it in future posts.

Posts on MayMeow's Blog

I Updated My Caddy Stack With CrowdSec

I Updated My Caddy Stack With CrowdSec

Humans Replacing Humans

My Subscribtions 2025

My Defaults by the End of 2025

Email

When a Community Reprograms Your Inner Compass

About mobile phones

🌲 Homelab Upgrade

Network

Securing Your Public IP With Mikrotik and Vpn

Added Mastodon Author Attribution to My Website

A List of Infosec Tools

OSINT / Reconnaissance

Network Tools (IP, DNS, WHOIS)

Breaches, Incidents & Leaks

FININT (Financial Intelligence)

GEOINT (Geographical Intelligence)

HUMINT (Human & Corporate Intelligence)

IMINT (Imagery/Maps Intelligence)

MASINT (Measurement and Signature Intelligence)

SOCMINT (Social Media Intelligence)

Email

Code Search

Scanning / Enumeration / Attack Surface

Offensive Security

Exploits

Red Team

Web Security

Security Advisories

Attack Libraries

Google Cybersecurity Professional Certificate

My consolidated notes:

Prefessor Messer’s channel

Other Tips

Copying Large Files Over Ssh

SCP

Cybersecurity Is Not Full

Cybersecurity Resources

Where to start?

Courses

Professional certifications

Books

Chat & study groups

🔐 Using Environment Variables a Little More Securely

🎄 Creating My Own Blogging Platform

🤔 Privacy Matter but What About Security?

📯 Setting Up Reposting

🐧 Securing Ssh for Linux

Disable root access

🔧 About Wireguard and MikroTik

Router 1 (a.k.a. Server)

Addresses configuration

WireGuard interface

Wireguard peer configuration

Routing

Router 2 (a.k.a. Client)

Addresses configuration

WireGuard Interface

WireGuard peer configuration

Routing

Summary

📱 I Am Switching to Readwise Reader

🔐 Using reCAPTCHA with JavaScript and PHP

Prepare

👷 My Workflow

⚙️ Manage multiple git accounts

⚙️ Sending Message to Mattermost With PHP and Github Actions

🔢 Introduction to PHP Enums

🔐 Use 2FA Everywhere

What is 2FA?

Add VPN With Powershell

Sending Strings as Files with CakePHP server response

My Selfhosting Workflow

Notes on Selfhosted Services

Server configuration storage

Installing Cloud Hosted Router on Cloud

Installation

How to Install Virtualbox on Elementary OS Odin