A dissection of a malicious Excel macro: obfuscation FTW

By YellowOnline on Monday 7 December 2015 14:04 - Comments (13)
Category: Security, Views: 4.463

So, today I received a receipt from the Mac store in the Arndale shopping center in Manchester. I don't often shop there: it's 900 km away from where I am in Berlin. Also, I don't even own any Apple device - anyone who knows me knows I'd rather be seen dead than with something from Apple. So why do I get Apple e-mail?


Being an IT admin, I know a phishing attempt when I see it. But also, being an IT admin, I can't help but open the attached XLS anyway. I like to live dangerously, ha!

Read more »

Koken! Groentensoep met pasta en balletjes nl

Door YellowOnline op zondag 6 december 2015 13:22 - Reacties (5)
Categorie: Cooking, Views: 2.832

Als het wat meezit post ik volgende week een heel kerstmenu. Dit staat op het programma voor volgende zaterdag: eerst amuse-gueules allerhande; gevolgd door eendenborstfilet met wortel, veldsla, gele courgette, ui, sesamzaadjes en koriander; dan een citroensorbet met schijfjes limoen; een hoofdgerecht van speenvarken met champignonsaus, uienconfituur, verse aardappelkroketten (of pomme duchesse, ben nog onbeslist), een bonte sla en gestoofde peren met bosbessen; afgesloten met zelf gemaakte appelstrudel bij de koffie. De vraag is vooral of ik niet zal vergeten foto's te nemen want het is heel erg veel werk (ik begin vrijdagavond met koken voor eten op zaterdagavond! 't Is dan ook voor 10 man.).

Vandaag het tegendeel: ook winterkost, maar poepsimpel. Of beter: soepsimpel. Groentensoep.

Lees verder »

Converting AD UserAccountControl to its properties with Powershell

By YellowOnline on Wednesday 25 November 2015 12:03 - Comments (0)
Category: Powershell, Views: 4.064

The human way to translate these is usually to look at the largest decimal value the given value fits in and repeat that process for the remainder (say, 11 would be 8 HOMEDIR_REQUIRED + 2 ACCOUNTDISABLE + 1 SCRIPT). After trying for one hour to put that into code, and miserably failing, I went for another approach that no human would use but is actually very easy for a computer.

Read more »

R.I.P. nl

Door YellowOnline op zondag 15 november 2015 13:57 - Reageren is niet mogelijk
Categorie: Personal, Views: 4.686

° 20 december 1937 - † 15 november 2015

Vaarwel oma.

DIY Firewall: Sophos UTM: The Basics

By YellowOnline on Saturday 7 November 2015 14:05 - Comments (15)
Categories: Hardware, Networking, Views: 20.508

Warner Bros extorted €1 000 from me a while ago because of a 3 second upload of Vampire Diaries - that rubbish, of all things ... - from my network. If I wouldn't pay, they threatened to sue me into bankruptcy for the rest of my life with their army of lawyers.

I hope to have my revenge on them, or at least on the bloodhound lawyers they send to me, one day; but in the meantime I just want to avoid this very unfortunate episode from happening again.

Looking for a way to block torrents on my network, that includes myself, my visitors and most of my neighbours, I decided to install a real firewall.

Firewalls are expensive. We're not talking about a software application blocking traffic on specific ports on your computer, but about a dedicated hardware device capable of analyzing in real time all traffic going over it. Most of these devices cost upwards from €500 or even €10 000+, depending whether you need a SOHO product or a full-blown enterprise level firewall. And all of this needs an expensive yearly license on top of the hardware

So what options do "prosumers" have? Well, the Sophos UTM seems to fill that gap. Sophos sells its own hardware for the SOHO market, but made the software free to download plus gives you a full license for up to 50 users for free. That also includes their antivirus for up to 12 users.

Basically, you can build your own hardware, install their image and have a professional, highly customizable firewall with free antivirus on top of it for free. I'm skeptical about altruism from big companies, so I wonder what their long-term strategy is. Getting a bigger share of the market? Anyway, for the time being, this is an unbeatable deal. For protecting my own 5 devices plus server with ESET I paid €200 last year - the server license is 75% of that price. For half the price in hardware as a one-time investment, I've got a lot more bang for my bucks now.

A short overview of its advantages and disadvantages:

  • Full network control
  • Options galore, including your own VPN
  • Dirt-cheap
  • Very documented and community-supported (Astaro forums)
  • You'll need to be knowledgeable about networking or at least ready to invest time in it
  • Expect a performance hit, depending on hardware
  • Wifi not directly manageable, except if you use Sophos Wifi (€€€) - but you can just connect an AP of course
Talking about hardware: the hardware you need for your own UTM can be as heavy as you make it. I kept mine light for both financial and ecological reasons; and because I seldom expect more than 10 concurrent users. Still, a minimal machine will cost you about €300 in parts. Fortunately, I found a great deal on e-bay.

More on my hardware and a step by step guide for getting the Sophos UTM's basic functions working right away. Before continuing, however, be aware that this page contains about 50 (resized) screenshots and you might consider twice before opening it on your mobile phone. :)

Read more »