Activity Update

A lot happened in the last months. I joined a huge company as an endpoint security engineer, I started the development of FileTrove (https://filetrove.fritz.wtf) and I have become self-employed on a part-time basis (https://fritz-itc.de), besides the endpoint security stuff. I picked up again the development of mxcheck (https://mxcheck.fritz.wtf) and a final, modest contribution to the Marbach-Weimar-Wolfenbüttel research community was published in one volume, see https://fritz.wtf/page/publikationen/. So, if you have a need for Linux or security consulting, hit me up!

mxcheck with doc page

mxcheck, the e-mail server security scanner, got his own documentation page: https://mxcheck.fritz.wtf

ossec on macOS

Just a few notes how I got ossec, the host intrusion detection system, up and running on a Mac M1. You need the command line tools installed with xcode-select —install and homebrew ready on your system. Run brew install pcre2 openssl Download the source tar ball from https://www.ossec.net/download-ossec/ and then… $ tar xvfz ossec-* $ cd ossec-* $ export CPATH=/opt/homebrew/include/ $ export LIBRARY_PATH=/opt/homebrew/lib $ ln -s /opt/homebrew/Cellar/openssl@1.1/1.1.1k/include/openssl/ /opt/homebrew/include/openssl $ ./install.sh

An Open Source Alternative to Mailstore for Unix

Recently I used Mailstore in a Windows environment and liked the idea of a fast, graphical frontend for searching a-lot-of e-mails and its archiving cababilities. Mailstore is free for private use, but closed-source and not available for Linux or Unix. As I use offlineimap and the mail system notmuch on my homeserver for archiving e-mails, I came up with this setup, adding netviel behind a reverse proxy to the stack on FreeBSD:

filedriller - BETA 4

filedriller v1.0-BETA-4 was released. filedriller walks a directory tree and identifies all regular files by type with siegfried. Furthermore it creates UUIDv4s, calculates hash sums and entropies. filedriller can also check if the file is in the NSRL. The NSRL check expects a Redis server that serves NSRL SHA-1 hashes. You can use my docker image, i.e. docker pull ampoffcom/nslredis As I use more and more Codeberg instead of Github, you can find the source code on Codeberg.