From 2 years ago, i started a hacking project for challenge in WebScraping domain to scrape the whole Pahe.ph website which leaks movies, series, anime & more.

Read More

Introduction

From one month ago, my ISP implemented a mechanism to throttle any encrypted traffic on TCP or UDP and that upgrade affected my ShadowSocks Proxy which i use to tunnel my VPN and escape censorship.

ShadowSocks & VPN speed became very slow and connection became unstable.

After some investigation for alternative, i have found Cloak.

Cloak is an encrypted proxy utilize HTTPS as Transport Layer.

Cloak consist of two software packages

  • Cloak Proxy: Responsible for HTTPS transmission and mainly uses Plain encryption (No Encryption)
  • ShadowSocks Proxy: Responsible for encryption and tunneled throw Cloak proxy.

After implementing Cloak in my internal network as global proxy for the firewall (OPNSense), i have been able to bypass the ISP throttling because HTTPS throttling is very hard task for the ISP.

In this article i will explain how to setup Cloak in your network.

For more understanding about OPNSense & ShadowSocks review this article [OPNSENSE + NORDVPN + SHADOWSOCKS (ULTIMATE SECURITY)]

Read More

From 6 years ago, I heard about technique of hiding data in images & videos called Steganography, it differs from Encryption because Encryption obfuscate visible information but Steganography make it invisible by nature.

Hiding the information in another files like images or videos makes the Steganography a powerful tools for leaking information without detection.

I needed such tool in point of time, so I searched the internet for Steganography tools and I found very good resources & projects on GitHub, but I wanted to learn the art of Steganography and how to build such tools for myself, plus I had some ideas to improve and make a simple tool for such application.

So I decided to build my own Steganography tool which hide information in images and I called it “SecuPad++”

Read More

Currently my main job is Microsoft Dynamics Technical Consultant which responsible for developing and customizing features in Microsoft Dynamics 365.

I was facing an issue in accessing my own work which i exported from the environments i’m developing on.

Microsoft let you export your project in format called *.axpp which help you take backup of your project for archiving or relocation.

This feature is awesome but the problem was what if i want to access the content of the exported file and extract some of my old codebase in the current projects.

For that i was re-importing the project in test environment so i could open the files in Visual Studio and extract the content i want, UNTIL ………

Read More

I have a low specs proxy server in the cloud with 1 CPU, 1GB Ram which act as a connector between my firewall/router and VPN provider.

This proxy server was getting cyber attacks from unknown sources and the proxy server relay this traffic to my firewall as normal traffic.

My home firewall has a special software called IPS Suricata which receive these attacks and thinks that the proxy is the machine which perform the attacks and block it and that action makes my VPN restart on the firewall and disturb my internet connection.

This behaviour happens frequently, so i decided to install Suricata on my proxy server to defend itself and prevent such traffic to arrive to my home firewall.

After installing Suricata on my proxy server i faced a CPU utilization problem. Suricata at first will perform fine and the CPU utilization will be low, then after awhile for unknown reasons the CPU goes to 99% and that will cause speed downgrade on my home firewall cause i’m tunneled throw that proxy server.

After two days troubleshooting, i decided to write a monitor script to act on my behalf, if the Suricata CPU goes beyond certain threshold the script will kill the process and restart the service immediately.

After deploying that script and run it as daemon, the problem is solved and the internet became stable at my home and the attacks disappeared.

Read More

I’m using OPNSense Unbounded DNS feature for intercepting DNS Queries on the network and perform many tasks like forwarding DNS Queries throw VPN, Blacklist/Whitelist and etc.

Unbounded DNS Blacklist/Whitelist gives you protection at DNS layer against Malware, Ads, Tracking, Phishing, etc.

There is many layers of protections OPNSense provide like Suricata, Sensei & Unbounded DNS. Each one of them handle different type of threats and mechanisms to deal with it.

To activate Unbounded DNS Blacklist/Whitelist, you should provide lists of IPv4 Host files which provide a lookup for unwanted domains you want to block on your network. You can find the lists you want at FilterLists website.

These lists provide many types of protection but sometimes these lists block something you want to enable on your network, and here is the problem. How to unblock the domains you want from these massive lists and generate a RegEx to whitelist the domains in Unbounded DNS.

In this article, i will explain my method and tools i use for such task.

Read More

OPNSense Avoid VPN Traffic Leak

After using OPNSense firwall for a while to tunnel my traffic throw VPN directly from the network infrastructure level, i’m really satisficed with the experience but while i’m monitoring the firewall traffic, i discovered a traffic leaking happen in some cases.

VPN traffic should go to the VPN Interface, but i find a traffic on the WAN Interface which originated from the LAN to VPN and the firewall pass it and that cause leak.

To prevent such leaking i configured the firewall rules to drop any VPN traffic that escapes to the WAN Interface by tagging the VPN traffic in the network and on the WAN i will check the traffic tag, if the traffic is VPN traffic the firewall will drop it to prevent the leak.

In this article i will explain the configuration to prevent such leak on OPNSense.

Read More

After while of using OPNSense firewall, i needed to resize my disk on ESXi and scale up the disk space for OPNSense.

After investigating this issue online, i found that i need to resize the disk from command line and i could not find one clear source to help me on this task.

The problem for me was the swap partition, cause the new free space appended on the end of the disk and i can’t used it because the swap partition is on my way. To scale up root partition the free space should be continuous and available after the target partition.

I had two options

  • Remove the swap partition (Not recommended)
  • Move the swap partition to the end of the disk (Recommended)

In this article i will describe how to move the swap partition to the end of the disk and scale up root partition for OPNSense.

The steps don’t require shut downing the firewall or use live usb, it’s straight forward steps while the firewall is operational, but be caution and alert to what you are doing.

Read More

Introduction

I’m citizen in Egypt, and our ISP doing DPI over network and blocking a lot of content such as (Medium, Proxy Sites, VPN Sites, Torrent, etc) and perform throttling over some services like (Streaming, Games, etc).

I needed a way so i can access the web materials freely and privately without the ISP controlling my digital life, so i bought from 1.5 years a NordVPN service.

NordVPN normal VPN servers are not working with me cause they use standard OpenVPN and ISP is blocking it, but they offer a obfuscated version on OpenVPN designed for them only and these servers accessible from the NordVPN client app only.

So i need to install the client on each device i use (Mobile, PC, Laptop) while i’m in home network, and they offer only 6 concurrent devices connected to the NordVPN Network with same account.

I worked with that for 1.5 years but i wanted to elevate the security in the home network. i wanted to VPN the entire home devices over VPN, and it was clear to me that i need to make the home router act as the VPN gateway but my ISP router doesn’t support OpenVPN so i decided to give pfSense router/firewall a try and it was big failure cause pfSense is buggy.

After some research, i found another router/firewall software called OPNSense and after trying it i was very satisfied and it was more stable and user friendly than pfSense.

I configured it with NordVPN and i started to connect to NordVPN from the firewall and it was a big failure cause the OpenVPN traffic was not obfuscated (NordVPN standard servers), so back to the same problem again.

I tried to contact NordVPN team but they couldn’t support me and i don’t blame them. they told me that the only recommended option is to use the NordVPN application on each device and use obfuscated servers.

But i’m a person who don’t quit easily, so after some research i found something called ShadowSocks or should i say “The Great Firewall of China pain in the ass software”, it’s opensource project to fight china firewall restrictions using SOCKS5 protocol as input and transmit encrypted data over TCP to another machine in the cloud and that makes the payload unknown to the local ISP cause the payload is encrypted and DPI can’t do anything about it.

There is another tools i discovered called Cloak on GitHub, it’s a promising tool also for fighting censorship but this tool utilize the HTTPS protocol standard and transmit data encrypted too like ShadowSocks. This tool is more powerful in nature cause blocking it mean that the ISP gonna block the HTTPS traffic and that could cause global internet failure for the ISP, but this tool not supported in OPNSense by default and it needed more technical part on the Firewall OS level. In this article i won’t discuss Cloak, only will discuss ShadowSocks.

I gave it a try without VPN and i was impressed, it bypassed the censorship without VPN, but ShadowSocks don’t give you privacy over internet, it’s only a way to bypass censorship.

So my idea was what if i merged ShadowSocks [Bypassing Capablities] with NordVPN [Security & Privacy] on OPNSense. Would it bypass ISP and connect to the normal standard OpenVPN servers provided by NordVPN.

I bought a cheap ShadowSocks server over cloud (Linode) and configured my firewall and VPN to connect to that server using ShadowSocks client on the firewall.

After giving it a try all the night, i found that it was successful try and i could connect to NordVPN standard server and i discovered that ShadowSocks is lightweight so it didn’t affect my bandwidth performance with NordVPN much. Only the cloud VPS bandwidth could affect the traffic cause you route your traffic though this server but Linode network is very good for me until now.

May be the ISP still can do throttling over the encrypted data or may be not, this need someone with high speed subscription to test but at least we are free and private from it.

After this long story i will explain In this article the technical steps to help anyone facing the same problem and for the good of humanity at the end we all concerned these day with our freedom and privacy over the Internet which called by physicists a (Type 1 Civilization Communication System).

Requirments

Read More

I have small datacenter at my home and i use FreeNAS & OpenFiler for managing SAN/NAS storage with VMWare ESXi/vCenter.

My OpenFiler server OS was corrupted so i needed to recover the data from the server after making new installation of OpenFiler.

OpenFiler use LVM to mount & manage the storage partitions and here is the steps to mount the lost partitions and backup your data.

Read More