joernchen :cute_dumpster_fire: (@joern@threatactor.club)

So I messed up the gotosocial instance TLS certs this morning, I ran into the let’s encrypt rate limit for threatactor.club because I forgot to configure a path for the certificates on the persistent volume, and for each new deploy it would pull fresh certificates .

The trick to recover was to first set a path and then manually fetch an EC cert for threatactor.club and another DNS name with certbot. This would not count against the rate limit of threatactor.club as a second name is added (see https://letsencrypt.org/docs/rate-limits/ ). Then I put everything in place on the persistent volume and got the instance back up.

Open thread

joernchen

@joern

So this threatactor.club is running #gotosocial on a shared VM with 256 MB RAM. I’ve tried something new and used fly.io to host it. Works like a charm so far, with all the rough edges gotosocial still has.

The setup is somewhat similar to what’s described by @mfa in https://madflex.de/setup-fedi-cress-space/. I might post the actual configuration later on.

Grafana stats on the threatactor.club VM

Open thread

joernchen

@joern

Short #introduction ahead:

I’m joern and I like to cause dumpster fires. I’m looking back to > 10 years of security consulting and since about three years I’m doing security research over at GitLab.

You can find an almost up to date list of some of the IT security related stuff I did in the past at https://0day.click/page/references/.

Fun fact: @fabs named his SAST tool joern after me . Find it at https://joern.io

The exploit I’m most proud of is the one for CVE-2012-0809, a format string issue in sudo. You can find it here: https://gist.github.com/joernchen/618a8940894084102fe2

The most notable shell I popped was on on www.ccc.de, which was due to https://github.com/hukl/cccms/blob/220c6f7bdfc0da33d4284495d6954b2b89f224f6/config/initializers/session_store.rb#L9