Dmitry Antonov dantpro

PowerShell Code Signing

This is to try and document the behaviour around PowerShell code signing.

Setup

The following code can be used to set up this scenario. This must be run as an administrator in Windows PowerShell.

Note: PowerShell uses implicit remoting for the New-SelfSignedCertificate which breaks the constains serialization. You must run this on Windows PowerShell.

How to tunnel SSH over SSL/TLS

laptop ssh -> laptop stunnel -> evil network -> internet -> your server -> your server ssh

Server (your shell server/home box/work box/whatever)

Sets up a stunnel process listening externally on port 2443/tcp, forwards to localhost 22/tcp

Install stunnel, e.g. yum install stunnel
Install server config snippet to /etc/stunnel/stunnel.conf

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname

OpenVPN Server and certificate management on MikroTik

Getting Started

Do yourself a favor and login as root to save yourself some time and headaches:

$ sudo su -

Install unattended-upgrades:

	<?xml version="1.0" encoding="utf-8"?>
	<unattend xmlns="urn:schemas-microsoft-com:unattend">
	<settings pass="windowsPE">
	<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<SetupUILanguage>
	<UILanguage>en-AU</UILanguage>
	</SetupUILanguage>
	<InputLocale>0c09:00000409</InputLocale>
	<UserLocale>en-AU</UserLocale>
	<SystemLocale>en-AU</SystemLocale>

	<#
	.SYNOPSIS
	The synopsis goes here. This can be one line, or many.
	This version of the template has inbuilt functions to capture credentials and store it securely for reuse
	Avoids the need to have plaintext passwords in the script

	.DESCRIPTION
	The description is usually a longer, more detailed explanation of what the script or function does.
	Take as many lines as you need.

	#!/bin/bash

	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	else
	#Update and Upgrade
	echo "Updating and Upgrading"
	apt-get update && sudo apt-get upgrade -y

	#!/bin/sh
	#
	# This script is used on a QNAP TS-269 PRO. https://www.en0ch.se/qnap-and-rsync/
	#
	# You have to change:
	# 1. $SHAREUSR
	# 2. $EXCLUDES (if you want o change the name of the file servername.excludes)
	# 3. $SOURCE & $DESTINATION
	# 4. [email protected] for the mysqldump
	# 5. --password=SUPERSECRET

	# jan/29/2018 22: 4:17 by RouterOS 6.41
	#
	/interface list
	add name=public comment="public network"
	add name=local comment="local network"
	add name=guest comment="guest network"

	# Change the interfaces below to your own
	/interface list member
	add list=public interface=ether1