Joren/blog-howest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hi

Browse Source
This commit is contained in:
Joren 2025-05-31 00:27:58 +02:00
parent 86379147ab
commit a03f2dba78
Signed by: Joren
GPG Key ID: 280E33DFBC0F1B55
226 changed files with 236810 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/blog/blog-7.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
assets/images/blog/blog-8.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 164 KiB

BIN
assets/images/blog/blog-9.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

2
content/_index.md
View File

@ -7,7 +7,7 @@ banner:
greeting: "Hi there!"
title: "I'm **Joren Schipman**"
image: "images/hero-image.png"
designation: "Student Applied Computer Science - Cybersecurity"
designation: "Student Applied Computer Science"
institution: "Howest University of Applied Sciences"
description: >
I'm Joren Schipman, a 21-year-old student with a deep passion for cybersecurity, hardware hacking, and solving complex problems through code. I thrive in collaborative environments, value curiosity, and actively pursue hands-on learning to build secure and innovative technology.

124
content/blog/post-10.md Normal file
View File

@ -0,0 +1,124 @@
---
title: "The Smart Home Trap: Isolate or Be Owned"
image: "images/blog/blog-10.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "Your smart lightbulb doesn't need to talk to your NAS. Here's how and why to isolate IoT devices using VLANs, even in a small home network."
categories: ["networking", "iot", "cybersecurity"]
draft: false
---
Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you've got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.
---
### Why Segmentation Matters
Most people treat their home network like a trust zone. All devices are equal. But theyre not. You wouldnt let your robot vacuum log into your online banking, yet they live on the same flat LAN. Thats the fundamental issue.
IoT vendors prioritize cost and features, not security. Devices often ship with:
* Default credentials
* No software updates
* Open ports and broadcast protocols
* Aggressive telemetry to unknown hosts
A compromise is inevitable. The only question is: does that compromise stay local, or pivot deeper into your network?
---
### VLANs 101
A VLAN (Virtual Local Area Network) logically segments traffic on the same physical infrastructure. Think of it as creating isolated “subnet bubbles” where traffic can be controlled and filtered.
VLANs let you:
* Group devices by function (IoT, work, guest)
* Apply granular rules between segments
* Limit broadcast traffic and discovery protocols
* Deny unnecessary cross-talk
And you dont need enterprise gear to do this. Many consumer-grade routers and access points already support VLANs, especially if you install OpenWRT, OPNSense, or just Linux. Even some ISP-provided devices have basic VLAN tagging features tucked away in their advanced menus. You might not need new hardware at all, just better firmware.
---
### Sample Home Setup
Lets say you have a smart home with:
* A Nest thermostat
* A Samsung smart TV
* A couple of Tuya smart plugs
* A doorbell camera
* Your personal laptop and NAS
**Step 1: Define VLANs**
| VLAN ID | Purpose | Example Devices |
| ------- | ------------- | ------------------------- |
| 10 | LAN (trusted) | Laptop, NAS |
| 20 | IoT | Smart TV, plugs, doorbell |
| 30 | Guest WiFi | Friends phones |
**Step 2: Assign Interfaces**
Most routers allow you to map VLANs to interfaces or SSIDs. Use one SSID per VLAN for WiFi. Wire VLAN-tagged ports for wired devices.
**Step 3: Firewall Rules**
On VLAN 20 (IoT):
* Block → LAN (VLAN 10)
* Block → VLAN 20 (intra-IoT)
* Allow → DNS, NTP, and cloud endpoints
* Allow → Internet (443)
* Log → Any unknown destination
Optional: Use static DHCP leases and force DNS through Pi-hole for logging and filtering.
---
### Real-World Examples
**Case 1: Smart TV**
Blocked LAN access. Within 5 minutes of boot, it tried to contact:
* Samsung cloud
* Akamai CDN
* Google DNS
* DoubleClick
* Random advertising domains
Video streaming still worked fine. Everything else was noise.
**Case 2: IP Camera**
On the LAN, it had access to the NAS and router UI. After VLAN isolation, its access was limited to outbound 443 and NTP. Still worked. Couldnt snoop.
---
### Caveats & Limitations
* Some IoT devices rely on MDNS or SSDP for pairing/setup. Consider temporarily whitelisting during setup, then blocking.
* Chromecast-style devices need special rules if you want casting from your main network.
* VLANs require managed switches or VLAN-aware APs.
* Guest VLANs may need bandwidth limits or isolation tweaks.
Still, the benefits far outweigh the complexity.
---
### Final Thoughts
If youve ever installed a smart plug and noticed it phones home every few minutes, you're not alone. And if you haven't noticed, maybe you should.
Security in small networks doesnt need to be complex. VLANs are one of the most powerful tools you can deploy for minimal cost. Set it up once. Sleep better forever.
Your lightbulb shouldnt have access to your tax documents.
{{< notice tip >}}Looking for OpenWRT-compatible routers? Check the [OpenWRT Table of Hardware](https://openwrt.org/toh/start) for supported devices.{{< /notice >}}

64
content/blog/post-5.md Normal file
View File

@ -0,0 +1,64 @@
---
title: "Silent Interception: Exploiting LLMNR, NBT-NS, mDNS and IPv6 in Modern Networks"
image: "images/blog/blog-5.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "How name resolution protocols and IPv6 misconfigurations enable credential interception and NTLM relay attacks using Responder and mitm6."
categories: ["cybersecurity", "offensive", "network"]
draft: false
---
In many internal networks, outdated or misconfigured protocols silently create attack surfaces. This post explores how attackers abuse name resolution fallbacks and IPv6 autoconfiguration to capture and relay NTLM credentials using `Responder` and `mitm6`.
#### Name Resolution Chaos
When Windows can't resolve a hostname via DNS, it falls back on legacy protocols: **LLMNR** (Link-Local Multicast Name Resolution), **NBT-NS** (NetBIOS Name Service), and increasingly **mDNS** in mixed environments. These protocols ask *anyone* nearby: “Do you know who `somehost` is?”
An attacker on the local network can answer "yes" and claim to be that host. Thats exactly what Responder does. It listens for these requests and pretends to be the missing server, prompting clients to authenticate, typically using NTLM.
#### IPv6: Enabled by Default, Forgotten by Admins
Even in IPv4-only networks, most Windows clients have IPv6 enabled. If there's no DHCPv6 server, they use router advertisements to configure themselves. `mitm6` abuses this by spoofing a rogue IPv6 router, setting itself as the DNS server for all hosts.
Once clients start resolving names through the attacker's DNS, the attacker can spoof responses and trick clients into connecting over SMB, LDAPS, or HTTP, exposing NTLM hashes.
#### Capturing vs. Relaying
`Responder` captures credentials (NTLMv1/v2), which can be cracked offline with tools like `hashcat`. But it's often more powerful to **relay** them live to a legitimate service.
Tools like `ntlmrelayx` allow relaying to:
* **SMB**: for file access, command execution, or dumping secrets via `secretsdump.py`
* **LDAP/LDAPS**: to enumerate AD users, modify objects, or create backdoor accounts
* **HTTP/WSMAN**: to access internal web apps or trigger remote code execution
The success of the relay depends on the targets configuration. If SMB signing or LDAP channel binding is enforced, the relay will fail. But in many networks, it isnt.
#### Realistic Attack Chain
1. **Launch mitm6** to poison IPv6 and become DNS for the subnet.
2. **Run ntlmrelayx** with appropriate targets (e.g., `--smb2support --target smb://10.0.0.5`).
3. **Wait**: a victim resolves an internal name (e.g., `fileshare`), the attacker responds.
4. The client connects to the attacker thinking its the fileshare and sends NTLM credentials.
5. `ntlmrelayx` relays these to the actual target server.
6. If successful, the attacker gains authenticated access.
In parallel, `Responder` can be used for LLMNR/NBT-NS-based interception in IPv4 networks.
#### Mitigation
This isn't new, but it's often neglected. To prevent these attacks:
* Disable **LLMNR** and **NBT-NS** via Group Policy.
* Disable **IPv6** on clients if it's not explicitly required.
* Enforce **SMB signing** and **LDAP channel binding**.
* Segment your network to reduce the blast radius.
* Prefer **Kerberos** authentication over NTLM where possible.
* Monitor for rogue IPv6 RAs and anomalous name resolution.
#### Final Thoughts
If youre in a flat network with legacy protocols enabled, an attacker doesnt need exploits, just presence. These are silent, no-packet attacks that rely on trust and misconfiguration. The tools are public. The fixes are known. Yet the exposure is still widespread.
Responder and mitm6 arent magic. They just reveal whats already broken.

136
content/blog/post-6.md Normal file
View File

@ -0,0 +1,136 @@
---
title: "Matrix: Building a Decentralized Communication Future"
image: "images/blog/blog-6.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "An in-depth exploration of the Matrix protocol, how it decentralizes messaging, enhances privacy, integrates with existing systems, and scales for real-world use."
categories: ["cybersecurity", "communication", "decentralization"]
draft: false
---
If youve ever switched between Slack, WhatsApp, Discord, Teams, Signal and Telegram in a single day, youve felt the cost of digital fragmentation. We live in a world where communication is siloed into centralized apps, each with its own rules, limits and vulnerabilities. Matrix proposes an alternative: a universal, open, decentralized protocol for real-time communication, where users control their data and messaging isn't trapped in walled gardens.
In this post, we explore what Matrix is, how it works, where it's being used, how you can adopt it yourself, and why it matters for the future of cybersecurity, collaboration, and digital sovereignty.
---
#### What is Matrix?
Matrix is an open standard for interoperable, real-time communication over IP, designed to provide a decentralized alternative to proprietary messaging platforms. Just like email or the web, Matrix is **federated**, anyone can host a homeserver, and users on different homeservers can still talk to each other.
Matrix isnt an app. Its a protocol. There are many clients (like [Element](https://element.io)) and server implementations (like [Synapse](https://matrix.org/docs/projects/server/synapse/)) built on top of it. Communication is handled via JSON over HTTPS, using persistent rooms and event-based message history, with eventual consistency across the federation.
Matrix supports:
- Text messaging (1:1 and group)
- End-to-end encryption (Olm/Megolm)
- Voice and video calls (WebRTC)
- File sharing
- Threaded conversations
- Bridging to other networks (Slack, IRC, Telegram, WhatsApp, etc.)
- Bots, widgets, and integrations
---
#### Federation and Interoperability
The power of Matrix lies in **federation**. Just like you dont need a Gmail account to email someone using Outlook, you dont need to be on the same Matrix server to chat. This model distributes control across the network, eliminating single points of failure and censorship risk.
Bridges extend this idea further by connecting Matrix rooms to **non-Matrix platforms**. Want to keep your team on Matrix but still message a colleague on Slack? You can. Matrix becomes a universal glue layer for all communication.
Supported bridge targets include:
- Slack
- Discord
- Microsoft Teams
- IRC
- Telegram
- WhatsApp
- Signal (community bridges)
---
#### Security: End-to-End Encryption by Default
Matrix takes security seriously. Its **end-to-end encryption (E2EE)** is based on the Olm and Megolm ratchets, inspired by the Double Ratchet used by Signal. In private rooms, encryption is enabled by default.
Encryption features include:
- Forward secrecy
- Device verification and cross-signing
- Secure backup with recovery keys
- Key sharing and gossiping for reliable message delivery
- Support for multiple devices per user
In contrast to Signal, Matrix's E2EE is multi-device aware by design. You can log in from your phone, laptop, and tablet, and still maintain encryption with all peers.
---
#### Real-World Usage
Matrix is not just experimental, its **deployed at scale**:
- **The French government** built **Tchap**, a Matrix-based internal messaging system used by over 30 ministries.
- **German Bundeswehr and healthcare services** use Matrix to comply with national data sovereignty and security standards.
- **Mozilla**, **KDE**, **F-Droid**, and many **FOSS communities** use Matrix for open collaboration.
- **The European Commission** and **NATO-affiliated organizations** explore Matrix for secure, federated communication in cyber operations.
---
#### Matrix in Cybersecurity Contexts
In red team/blue team simulations, robust and flexible comms are critical. Matrix excels in:
- **Out-of-band communication** when primary networks are compromised.
- **C2 channel simulation** in adversary emulation labs.
- **Logging and transparency** during incident response (Matrix rooms retain full audit trails).
- **Bridging** internal and external teams (e.g., SOC ↔ pentest team ↔ management).
- **Security testing**: Matrix clients and bridges offer exploitable surfaces for training scenarios.
In exercises like **Locked Shields**, where real-time coordination under pressure is key, Matrix could function as a fault-tolerant, cross-team coordination layer, especially when bridged to legacy systems.
---
#### Running Your Own Homeserver
Matrix is self-hostable. This gives full control over identity, data, and federation policies. The most popular server implementation is **Synapse**, but others like **Dendrite** (Go, lightweight) and **Conduit** (Rust, performance-focused) are gaining traction.
**Minimum Setup**:
- Synapse (Python-based)
- PostgreSQL backend
- Reverse proxy (NGINX)
- DNS (SRV + .well-known for federation)
- TLS via Lets Encrypt
- Optional: SSO, LDAP, backup, TURN server for VoIP
**Pro Tips**:
- Use **https://element.io/pricing** for managed hosting if self-hosting is too much overhead.
- Enable **E2EE backup** to retain message history across devices.
- Harden your server: rate-limit federation, restrict registration, enforce TLS ciphers.
---
#### Limitations and Workarounds
Matrix is powerful, but not perfect:
- Federation sync can be resource-heavy on large rooms.
- Encrypted rooms sometimes lag on low-powered clients.
- Bridges can break when third-party APIs change.
- Identity is room-based, no global handles like @user across servers.
- Message ordering across federated servers is eventually consistent, not immediate.
Work is ongoing on **Matrix 2.0**, which includes faster sync (Sliding Sync), a new media repo spec, and better thread handling.
---
#### Final Thoughts
Matrix is what the future of communication could, and should, look like: open, secure, decentralized, and user-controlled. As central platforms tighten their grip on data and limit interoperability, Matrix flips the script. It's not just a protocol. It's a philosophy of **sovereignty, transparency, and trustless interoperability**.
Whether you're building a secure system, training the next generation of cyber professionals, or just tired of fragmented messaging, Matrix offers a future where you own your conversations.
{{< notice tip >}}Visit [matrix.org](https://matrix.org) to learn more, or get started today at [element.io](https://element.io).{{< /notice >}}

90
content/blog/post-7.md Normal file
View File

@ -0,0 +1,90 @@
---
title: "Kerberos Under Siege: Abusing the Trust Backbone of Windows Domains"
image: "images/blog/blog-7.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "Kerberos is a cornerstone of enterprise authentication in Windows domains. But what happens when attackers turn its trust model against itself?"
categories: ["cybersecurity", "offensive", "windows"]
draft: false
---
Kerberos, introduced to Windows with Active Directory in 2000, is widely seen as a secure, modern replacement for NTLM. And yet, in the hands of an attacker, it becomes a double-edged sword. This post explores how Kerberos works, and how it can be abused through techniques like **Kerberoasting**, **delegation abuse**, and **ticket impersonation**.
---
#### How Kerberos Actually Works
Authentication starts when a user logs in and the **Key Distribution Center (KDC)**, a service on the domain controller, issues a **TGT (Ticket Granting Ticket)** encrypted with the users secret. This lets the user request service tickets to access other services without sending credentials again.
From a security model perspective, this is elegant. Credentials never cross the wire. Everything is based on secret keys and symmetric encryption. But this also assumes every piece in the chain, from domain users to service accounts, is configured securely.
Spoiler: they rarely are.
---
#### Kerberoasting: Plaintext Passwords in Disguise
If a service account uses a weak password, it's game over.
Service tickets are encrypted with the *service accounts* password hash. Any domain user can request a ticket to any SPN (Service Principal Name), even without legitimate access. The attacker just needs to capture the ticket and brute-force it offline.
```bash
Request SPN ticket → Extract ticket → Crack with hashcat
```
Kerberoasting doesnt require elevated rights. Just domain access. And if that SPN maps to a privileged account (e.g. Domain Admin used for SQL service), cracking that password opens the domain.
Default AD configs dont restrict this. Detection? Hard. Ticket requests look normal. Mitigation? Use strong, random passwords for service accounts. Monitor ticket requests for unusual patterns.
---
#### Delegation: More Trust, More Problems
Kerberos supports **delegation**, allowing services to act on behalf of users. Useful for SSO scenarios like web apps accessing databases, but dangerous if abused.
**Unconstrained Delegation** lets a service impersonate *any user* who authenticates to it. If an attacker compromises such a host, they can extract users **TGTs** and use them elsewhere, effectively becoming them. Golden ticket territory.
**Constrained Delegation** tries to limit this to specific services. But its often misconfigured. And worse, **Resource-Based Constrained Delegation (RBCD)** lets target systems define who can delegate *to* them, opening up attack chains where a low-priv user adds a rogue computer object and escalates.
These trust edges form a privilege escalation graph. BloodHound maps this beautifully.
---
#### Ticket Forgery and Impersonation
Once an attacker gets the **KRBTGT accounts** hash (e.g. via DCSync), they can create **Golden Tickets**, valid TGTs for any user, any group, any time. Total domain compromise.
More subtle is **Silver Ticketing**. Here, the attacker forges only the **service ticket**, not the TGT. Requires the service accounts hash, not KRBTGT. Harder to detect. Ideal for lateral movement.
Tools like `Rubeus` automate this: `asktgt`, `s4u`, `tgtdeleg`, `kerberoast`, `golden`, and `silver`.
---
#### Worked Example: Kerberoasting with Rubeus
```bash
Rubeus.exe kerberoast /format:hashcat /user:svc_sql /domain:corp.local
```
→ Dumps service tickets in hashcat format.
```bash
hashcat -m 13100 hashes.txt rockyou.txt
```
→ Cracks the SPN ticket. If the password is weak, youre in.
This is achievable from any domain user account. No alerts triggered, unless youve configured ticket monitoring.
---
#### Final Thoughts
Kerberos isnt broken. But its trust-heavy. And Windows environments are often too trusting.
Strong service account hygiene, strict delegation configs, and monitoring ticket activity are the bare minimum. Defensive tools like `klist`, `event ID 4769`, and `Kerberoast detection rules` help, but only if actively used.
In red team ops, Kerberos attacks are quiet, credential-free, and highly effective. They dont break the protocol. They exploit how admins use it.
Want to defend the kingdom? Start by defending the keys.

79
content/blog/post-8.md Normal file
View File

@ -0,0 +1,79 @@
---
title: "Cheap Camera, Expensive Risk: Hacking an IoT PTZ Camera"
image: "images/blog/blog-8.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "What happens when you mix a €22.95 PTZ camera, physical access, and bad defaults? A practical look at hardware abuse in consumer IoT."
categories: ["iot", "hardware", "reverse engineering"]
draft: false
---
When you pay €22.95 for a pan-tilt-zoom security camera, youre not buying enterprise-grade security. But what if youre also buying root access through an SD card?
This post documents a hands-on assessment of the LSC SMART PTZ Camera (Model IPC167), a low-cost, Tuya-based IoT device sold at Action. While it ticks many boxes on paper, TLS, OTA updates, encrypted storage, physical access opens a completely different chapter.
---
#### Triggering Debug Mode with a MicroSD Card
Under normal operation, the camera exposes a single LAN control port and requires authentication. But the real surprise lies in how it reacts to external media.
Insert a specially crafted SD card containing certain files, and the device silently enables Telnet and FTP services at boot, with root access using credentials from the card. No prompt. No warning. The system trusts the card implicitly.
This is intended for factory debugging, but it still exists in the retail device, and there are no warnings in the user manual. Once active, Telnet gives full shell access with UID 0. All processes run as root. Its not just insecure, its reckless.
---
#### UART Interface: Disabled Login, But Still There
A quick teardown revealed a UART interface on the PCB. While login is currently disabled, its presence adds another attack vector. UART could enable firmware dumping, memory access, or even re-enabling local shells in earlier firmware revisions.
Combined with the SD card behavior, it paints a clear picture: **if you can touch the device, you own it**.
---
#### What Could Go Wrong?
Plenty. With root access via SD card:
* You can replace binaries or inject backdoors.
* Extract credentials, keys, or tokens stored in the SQLite database.
* Modify the video stream, disable motion detection, or proxy footage.
* Use the device as a pivot point in a local network attack.
All of this without triggering any alarms, logs, or user notifications.
---
#### But It Encrypts Traffic?
Yes. TLS over MQTT for telemetry. Encrypted UDP for video. Encrypted SQLite storage. From a remote attackers perspective, it looks secure.
But physical access breaks the whole model. And physical attacks are not just theoretical, especially for devices placed outdoors or in public environments.
---
#### What Can Be Done?
Fixing this requires more than software updates. Its about rethinking assumptions.
* Factory debug hooks should be disabled or removed before shipment.
* Bootloaders should verify signatures, not blindly trust SD cards.
* Telnet should never be enabled automatically, ever.
* Sensitive functions should not run as root unless absolutely required.
Until then, buyers are getting more than they bargained for.
---
#### Final Thoughts
This was a cheap camera. It delivered on video quality and mobile app UX. But under the surface, its a wide-open platform for attackers with a screwdriver and a microSD card.
If youre building IoT gear: **assume physical access and plan for it**.
If youre buying IoT gear: **assume nothing until youve torn it apart**.
Security is more than encryption and TLS. Its what happens when someone walks up, pops the back cover, and flips the whole threat model on its head.
---

53
content/blog/post-9.md Normal file
View File

@ -0,0 +1,53 @@
---
title: "Seiko SARV001: The JDM Sleeper That Punches Above Its Weight"
image: "images/blog/blog-9.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "A closer look at the Seiko SARV001, a Japanese Domestic Market gem that offers exceptional value and understated elegance."
categories: ["watches", "jdm", "seiko"]
draft: false
---
In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001, a watch that combines classic design, reliable mechanics, and exceptional value.
---
#### Design & Build Quality
The SARV001 boasts a 42mm stainless steel case with a thickness of 11.6mm, offering a balanced presence on the wrist. Its white sunburst dial exudes a subtle elegance, complemented by applied indices and luminous dauphine hands for enhanced legibility. The watch features a day-date complication at 3 o'clock, with the unique option to display the day in either English or Japanese Kanji, adding a distinctive JDM touch.
<div style="display: flex; gap: 10px; justify-content: center;">
{{< image src="images/blog/post-9/kanji.jpg" caption="SARV001 Kanji" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="SARV001 Kanji" >}}
{{< image src="images/blog/post-9/lume-datechange.jpg" caption="SARV001 Lume" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="SARV001 Lume whilst changing day" >}}
</div>
The case is protected by Seiko's proprietary Hardlex crystal, known for its durability and resistance to shattering. A see-through case back reveals the inner workings of the movement, providing a glimpse into the watch's mechanical heart.
---
#### Movement & Performance
At its core, the SARV001 is powered by Seiko's in-house 4R36 automatic movement, featuring 24 jewels and a 41-hour power reserve. This movement supports both hacking and hand-winding, offering versatility for daily wear. With a water resistance of 100 meters, the watch is well-suited for everyday activities, though it's not designed for diving.
---
#### Wearability & Versatility
The watch's 22mm lug width and drilled lugs make strap changes straightforward, allowing for customization to suit various occasions. Whether paired with its original stainless steel bracelet or a leather strap, the SARV001 transitions seamlessly from casual to formal settings.
---
#### Value Proposition
Priced under 150 EUR, the SARV001 offers features typically found in higher-end models. Its combination of classic aesthetics, reliable mechanics, and thoughtful details like the Kanji day display make it a standout choice for both novice and seasoned collectors seeking a quality timepiece without breaking the bank.
---
#### Final Thoughts
The Seiko SARV001 exemplifies the brand's commitment to craftsmanship and value. Its understated design, robust movement, and unique JDM characteristics make it a compelling option for those looking to add a versatile and reliable watch to their collection.
---

179
content/project/project-3.md Normal file
View File

@ -0,0 +1,179 @@
---
title: "Lean and Local: DNS, VPN, IRC and Ad Blocking"
image: "/images/project/project-3.jpg"
date: "2025-05-30 00:00:00 +0000 UTC"
description: "A lightweight Alpine Linux system running DNS filtering, WireGuard VPN, and IRC on minimal hardware using a diskless setup."
categories: ["self-hosting", "networking", "alpine-linux", "vpn", "dns"]
draft: false
---
Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.
---
#### Why Diskless?
The system boots entirely from RAM using Alpines `diskless` mode. This eliminates wear on flash storage, improves startup speed, and ensures a clean slate on each reboot. Changes are persisted manually using `lbu`, making the setup both robust and disposable, perfect for low-power hardware with limited write endurance.
---
#### Base Setup
The machine is an old D-Class thin client with 4 GB RAM and an AMD G-T48E CPU. Alpine Linux 3.21 is installed with only essential packages (229 total). Services are configured via `OpenRC` and restored from compressed overlays on boot.
---
#### DNS and Ad Blocking: Blocky
Blocky handles all local DNS queries, with DoT upstreams, custom mappings, and deny lists per client.
Highlights:
* Local resolution for custom domains like `directme.in`
* Cloudflare, Google as upstream resolvers
* Per-IP blocking rules
* Prometheus metrics for monitoring
Example config:
```yaml
blocking:
denylists:
ads:
- https://big.oisd.nl/domainswild
vtm:
- /home/joren/dns/vtmgo.txt
clientGroupsBlock:
default:
- ads
192.168.178.123:
- vtm
```
---
#### VPN: WireGuard via PiVPN
WireGuard provides encrypted access to the local network, and PiVPN makes managing it trivial. While WireGuard itself is minimal, PiVPN adds essential automation without requiring a full control panel or web UI.
Key benefits in this setup:
* Client management is simple and scriptable. Adding, disabling, or revoking peers takes seconds:
```sh
pivpn -a # add client
pivpn -r # remove client
pivpn -off <name> # temporarily disable
```
* Mobile-friendly. Each config can be exported as a QR code with `pivpn -qr`, which is perfect for importing into the WireGuard mobile app.
* Monitoring support. View live connections with `pivpn -c`, or audit all issued keys with `pivpn -l`.
* Backups included. One command backs up all configs: `pivpn -bk`.
Example output:
```
::: Connected Clients List :::
Name Remote IP Virtual IP Bytes Received Bytes Sent Last Seen
Phone 84.199.x.x:60042 10.60.150.2 439MiB 3.3GiB May 29 2025 - 22:39:56
```
In this context, PiVPN reduces the friction of managing WireGuard while remaining fully compatible with Alpines diskless, CLI-centric philosophy. No services are wasted, and all changes remain under user control.
---
---
#### IRC: ngIRCd
For real-time messaging, I run a public-facing **ngIRCd** instance accessible over both plaintext (port 6667) and encrypted TLS (ports 6697, 6698). Despite its modest footprint, *ngIRCd* is stable, portable, and well-suited for both LAN and internet-facing deployments.
The server is configured to:
* Autojoin clients to a default `#General` channel
* Support cloaking for user privacy
* Restrict joins per user/IP to prevent abuse
* Provide operator access with predefined credentials
* Disable DNS and Ident lookups for speed and reduced leakage
Here's a snapshot of the active configuration:
```ini
[Global]
Name = irc.alpine4071
Info = RAM-only IRC Server
Listen = 0.0.0.0
Ports = 6667
MotdPhrase = "Welcome to our RAM-only IRC server!"
AdminInfo1 = IRC Server
AdminInfo2 = Anywhere On Earth
AdminEMail = admin@irc.alpine4071
[SSL]
CertFile = /home/joren/certs/fullchain1.pem
KeyFile = /home/joren/certs/privkey1.pem
Ports = 6697, 6698
```
Authentication and moderation are handled via the `[Operator]` block, and all users are dropped into a predefined channel:
```ini
[Channel]
Name = #General
Topic = General Channel
Autojoin = yes
```
**Why ngIRCd?**
* It works well on memory-constrained systems.
* It doesnt require database backends or scripting engines.
* It supports modern essentials like TLS, cloaking, and structured limits.
* Its simple to secure and configure, even when exposed to the open internet.
This makes ngIRCd a perfect fit for remote support, small private networks, or just having your own IRC node to tinker with, without touching a gigabyte of storage.
You can connect today via:
```text
irc://alpine-4071.duckdns.org:6667 (plaintext)
ircs://alpine-4071.duckdns.org:6697 (TLS)
```
---
#### Making It Stick: LBU
To persist changes in a stateless system, I use Alpines `lbu`:
```sh
lbu include /etc/blocky/config.yml
lbu include /etc/ngircd/ngircd.conf
lbu commit -d
```
This updates the overlay that Alpine loads at each boot. All runtime data stays in RAM.
---
#### Runlevel Integration
All services are enabled through OpenRC:
```sh
rc-update add blocky default
rc-update add wg-quick default
rc-update add ngircd default
rc-update add iptables default
```
Boot time is under 10 seconds, with full network stack active by the time DHCP finishes.
---
#### Final Thoughts
Alpines diskless approach is perfect for resilient, low-maintenance edge systems. Combined with fast tools like Blocky and WireGuard, even minimal hardware becomes a capable, efficient network node, quietly resolving DNS, filtering traffic, handling VPN access, and hosting IRC.

6
hugo_stats.json
View File

@ -77,6 +77,9 @@
"caption-Challange-picture",
"caption-Correct-number-order",
"caption-Picture-of-the-solution",
"caption-SARV001-Kanji",
"caption-SARV001-Lume",
"caption-SARV001-Lume-whilst-changing-day",
"card",
"card-body",
"card-btn",
@ -272,6 +275,9 @@
"caption-Challange picture",
"caption-Correct number order",
"caption-Picture of the solution",
"caption-SARV001 Kanji",
"caption-SARV001 Lume",
"caption-SARV001 Lume whilst changing day",
"capturing-vs-relaying",
"caveats--limitations",
"cheap-camera-expensive-risk-hacking-an-iot-ptz-camera",

75
public/blog/index.html
View File

@ -994,7 +994,7 @@
<h3 class="h5 card-title fw-normal mb-3">
<a class="text-white" href="/blog/post-9/">Seiko SARV001: The JDM Sleeper That Punches Above Its Weight</a>
</h3>
<p class="card-text mb-4">A closer look at the Seiko SARV001a Japanese Domestic Market gem that offers …</p>
<p class="card-text mb-4">A closer look at the Seiko SARV001, a Japanese Domestic Market gem that offers …</p>
</div>
<a href="/blog/post-9/" class="card-btn text-primary d-inline-block" data-aos="fade-up" data-aos-delay="150">Read More <i class="fa-solid fa-arrow-right-long"></i></a>
@ -1205,6 +1205,79 @@
<picture>
<source
srcset="/images/blog/blog-10_hu_7491d1d603de5dcf.webp"
media="(max-width: 575px)" />
<source
srcset="/images/blog/blog-10_hu_d525f0cd93d6fcb1.webp"
media="(max-width: 767px)" />
<source
srcset="/images/blog/blog-10_hu_4379874c5f05b59f.webp"
media="(max-width: 991px)" />
<source
srcset="/images/blog/blog-10_hu_a3b0ec28e3d5779b.webp"
/>
<img
loading="lazy" decoding="async"
src="/images/blog/blog-10_hu_bb979f59174514ec.jpg"
class=" w-100 img"
alt="The Smart Home Trap: Isolate or Be Owned"
width="800"
height="500" />
</picture>
</a>

4
public/blog/index.xml
View File

@ -34,7 +34,7 @@
<link>http://localhost:1313/blog/post-9/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-9/</guid>
<description>&lt;p&gt;In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001a watch that combines classic design, reliable mechanics, and exceptional value.&lt;/p&gt;</description>
<description>&lt;p&gt;In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001, a watch that combines classic design, reliable mechanics, and exceptional value.&lt;/p&gt;</description>
</item>
<item>
<title>Silent Interception: Exploiting LLMNR, NBT-NS, mDNS and IPv6 in Modern Networks</title>
@ -48,7 +48,7 @@
<link>http://localhost:1313/blog/post-10/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-10/</guid>
<description>&lt;h1 id=&#34;the-smart-home-trap-isolate-or-be-owned&#34;&gt;The Smart Home Trap: Isolate or Be Owned&lt;/h1&gt;&#xA;&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
<description>&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
</item>
<item>
<title>Red Team Talk: Een Blik Achter de Schermen bij Offensive Security</title>

9480
public/blog/post-10/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9386
public/blog/post-5/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9511
public/blog/post-6/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9384
public/blog/post-7/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9389
public/blog/post-8/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9587
public/blog/post-9/index.html Normal file
View File

File diff suppressed because one or more lines are too long

11
public/categories/\cybersecurity-offensive-windows/index.xml Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>\[&#34;Cybersecurity&#34;, &#34;Offensive&#34;, &#34;Windows&#34;] on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/%5Ccybersecurity-offensive-windows/</link>
<description>Recent content in \[&#34;Cybersecurity&#34;, &#34;Offensive&#34;, &#34;Windows&#34;] on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<atom:link href="http://localhost:1313/categories/%5Ccybersecurity-offensive-windows/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

11
public/categories/\self-hosting-networking-alpine-linux-vpn-dns/index.xml Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>\[&#34;Self-Hosting&#34;, &#34;Networking&#34;, &#34;Alpine-Linux&#34;, &#34;Vpn&#34;, &#34;Dns&#34;] on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/%5Cself-hosting-networking-alpine-linux-vpn-dns/</link>
<description>Recent content in \[&#34;Self-Hosting&#34;, &#34;Networking&#34;, &#34;Alpine-Linux&#34;, &#34;Vpn&#34;, &#34;Dns&#34;] on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<atom:link href="http://localhost:1313/categories/%5Cself-hosting-networking-alpine-linux-vpn-dns/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

9378
public/categories/alpine-linux/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/alpine-linux/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Alpine-Linux on Joren&#39;s Site</title>
<link>https://joren.blog/categories/alpine-linux/</link>
<description>Recent content in Alpine-Linux on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/alpine-linux/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Lean and Local: DNS, VPN, IRC and Ad Blocking</title>
<link>https://joren.blog/project/project-3/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/project/project-3/</guid>
<description>&lt;p&gt;Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/communication/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/communication/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Communication on Joren&#39;s Site</title>
<link>https://joren.blog/categories/communication/</link>
<description>Recent content in Communication on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/communication/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Matrix: Building a Decentralized Communication Future</title>
<link>https://joren.blog/blog/post-6/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-6/</guid>
<description>&lt;p&gt;If youve ever switched between Slack, WhatsApp, Discord, Teams, Signal and Telegram in a single day, youve felt the cost of digital fragmentation. We live in a world where communication is siloed into centralized apps, each with its own rules, limits and vulnerabilities. Matrix proposes an alternative: a universal, open, decentralized protocol for real-time communication, where users control their data and messaging isn&amp;rsquo;t trapped in walled gardens.&lt;/p&gt;</description>
</item>
</channel>
</rss>

32
public/categories/ctf/index.html
View File

File diff suppressed because one or more lines are too long

10
public/categories/ctf/index.xml
View File

@ -2,18 +2,18 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>CTF on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/ctf/</link>
<link>https://joren.blog/categories/ctf/</link>
<description>Recent content in CTF on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Sat, 15 Mar 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/ctf/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/ctf/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
<link>http://localhost:1313/blog/post-2/</link>
<link>https://joren.blog/blog/post-2/</link>
<pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-2/</guid>
<description>&lt;h1 id=&#34;reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience&#34;&gt;Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience&lt;/h1&gt;&#xA;&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-2/</guid>
<description>&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
</item>
</channel>
</rss>

157
public/categories/cybersecurity/index.html
View File

@ -848,6 +848,163 @@
<div class="blog-post mb-4">
<article class="card bg-transparent border-0 p-1">
<a href="/blog/post-10/" class="rounded-2 overflow-hidden" data-aos="fade-up">
<picture>
<source
srcset="/images/blog/blog-10_hu_7491d1d603de5dcf.webp"
media="(max-width: 575px)" />
<source
srcset="/images/blog/blog-10_hu_d525f0cd93d6fcb1.webp"
media="(max-width: 767px)" />
<source
srcset="/images/blog/blog-10_hu_4379874c5f05b59f.webp"
media="(max-width: 991px)" />
<source
srcset="/images/blog/blog-10_hu_a3b0ec28e3d5779b.webp"
/>
<img
loading="lazy" decoding="async"
src="/images/blog/blog-10_hu_bb979f59174514ec.jpg"
class=" w-100 img"
alt="The Smart Home Trap: Isolate or Be Owned"
width="800"
height="500" />
</picture>
</a>
<div class="card-body pt-4 px-0">
<ul class="list-inline post-meta mb-3 mt-2" data-aos="fade-up" data-aos-delay="50">
<li class="list-inline-item">
<i class="fa-solid fa-calendar-days me-2"></i>30 May 2025
</li>
<li class="list-inline-item">
<i class="fa-solid fa-folder-open me-2"></i>
<a href="http://localhost:1313/categories/networking" class="meta-link">Networking</a>,
<a href="http://localhost:1313/categories/iot" class="meta-link">Iot</a>,
<a href="http://localhost:1313/categories/cybersecurity" class="meta-link">Cybersecurity</a>
</li>
</ul>
<div data-aos="fade-up" data-aos-delay="100">
<h3 class="h5 card-title fw-normal mb-3">
<a class="text-white" href="/blog/post-10/">The Smart Home Trap: Isolate or Be Owned</a>
</h3>
<p class="card-text mb-4">Your smart lightbulb doesn&#39;t need to talk to your NAS. Here&#39;s how and why to …</p>
</div>
<a href="/blog/post-10/" class="card-btn text-primary d-inline-block" data-aos="fade-up" data-aos-delay="150">Read More <i class="fa-solid fa-arrow-right-long"></i></a>
</div>
</article>
</div>
<div class="blog-post mb-4">
<article class="card bg-transparent border-0 p-1">
<a href="/blog/post-4/" class="rounded-2 overflow-hidden" data-aos="fade-up">

2
public/categories/cybersecurity/index.xml
View File

@ -34,7 +34,7 @@
<link>http://localhost:1313/blog/post-10/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-10/</guid>
<description>&lt;h1 id=&#34;the-smart-home-trap-isolate-or-be-owned&#34;&gt;The Smart Home Trap: Isolate or Be Owned&lt;/h1&gt;&#xA;&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
<description>&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
</item>
<item>
<title>Red Team Talk: Een Blik Achter de Schermen bij Offensive Security</title>

9360
public/categories/decentralization/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/decentralization/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Decentralization on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/decentralization/</link>
<description>Recent content in Decentralization on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/decentralization/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Matrix: Building a Decentralized Communication Future</title>
<link>http://localhost:1313/blog/post-6/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-6/</guid>
<description>&lt;p&gt;If youve ever switched between Slack, WhatsApp, Discord, Teams, Signal and Telegram in a single day, youve felt the cost of digital fragmentation. We live in a world where communication is siloed into centralized apps, each with its own rules, limits and vulnerabilities. Matrix proposes an alternative: a universal, open, decentralized protocol for real-time communication, where users control their data and messaging isn&amp;rsquo;t trapped in walled gardens.&lt;/p&gt;</description>
</item>
</channel>
</rss>

32
public/categories/defense/index.html
View File

File diff suppressed because one or more lines are too long

10
public/categories/defense/index.xml
View File

@ -2,18 +2,18 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Defense on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/defense/</link>
<link>https://joren.blog/categories/defense/</link>
<description>Recent content in Defense on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Tue, 12 Nov 2024 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/defense/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/defense/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Securing Cyberspace: Belgian Cyber Command at Howest</title>
<link>http://localhost:1313/blog/post-3/</link>
<link>https://joren.blog/blog/post-3/</link>
<pubDate>Tue, 12 Nov 2024 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-3/</guid>
<description>&lt;h1 id=&#34;securing-cyberspace-belgian-cyber-command-at-howest&#34;&gt;Securing Cyberspace: Belgian Cyber Command at Howest&lt;/h1&gt;&#xA;&lt;p&gt;On November 12, we had the opportunity to attend a Tech&amp;amp;Meet session unlike any other. The speaker was &lt;strong&gt;Colonel Gunther Godefridis&lt;/strong&gt;, Director for Development &amp;amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-3/</guid>
<description>&lt;p&gt;On November 12, we had the opportunity to attend a Tech&amp;amp;Meet session unlike any other. The speaker was &lt;strong&gt;Colonel Gunther Godefridis&lt;/strong&gt;, Director for Development &amp;amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9378
public/categories/dns/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/dns/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Dns on Joren&#39;s Site</title>
<link>https://joren.blog/categories/dns/</link>
<description>Recent content in Dns on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/dns/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Lean and Local: DNS, VPN, IRC and Ad Blocking</title>
<link>https://joren.blog/project/project-3/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/project/project-3/</guid>
<description>&lt;p&gt;Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.&lt;/p&gt;</description>
</item>
</channel>
</rss>

32
public/categories/education/index.html
View File

File diff suppressed because one or more lines are too long

10
public/categories/education/index.xml
View File

@ -2,18 +2,18 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Education on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/education/</link>
<link>https://joren.blog/categories/education/</link>
<description>Recent content in Education on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Sat, 15 Mar 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/education/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/education/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
<link>http://localhost:1313/blog/post-2/</link>
<link>https://joren.blog/blog/post-2/</link>
<pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-2/</guid>
<description>&lt;h1 id=&#34;reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience&#34;&gt;Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience&lt;/h1&gt;&#xA;&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-2/</guid>
<description>&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
</item>
</channel>
</rss>

36
public/categories/event/index.html
View File

File diff suppressed because one or more lines are too long

16
public/categories/event/index.xml
View File

@ -2,25 +2,25 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Event on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/event/</link>
<link>https://joren.blog/categories/event/</link>
<description>Recent content in Event on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Tue, 13 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/event/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/event/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Cyber Defence on the Digital Frontline: A Mission with NATO</title>
<link>http://localhost:1313/blog/post-1/</link>
<link>https://joren.blog/blog/post-1/</link>
<pubDate>Tue, 13 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-1/</guid>
<description>&lt;h1 id=&#34;cyber-defence-on-the-digital-frontline-a-mission-with-nato&#34;&gt;Cyber Defence on the Digital Frontline: A Mission with NATO&lt;/h1&gt;&#xA;&lt;h4 id=&#34;on-a-mission-with-nato-cyber-defence-on-the-frontline&#34;&gt;On a Mission with NATO: Cyber Defence on the Frontline&lt;/h4&gt;&#xA;&lt;p&gt;Howests ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO&amp;rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-1/</guid>
<description>&lt;h4 id=&#34;on-a-mission-with-nato-cyber-defence-on-the-frontline&#34;&gt;On a Mission with NATO: Cyber Defence on the Frontline&lt;/h4&gt;&#xA;&lt;p&gt;Howests ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO&amp;rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.&lt;/p&gt;</description>
</item>
<item>
<title>Securing Cyberspace: Belgian Cyber Command at Howest</title>
<link>http://localhost:1313/blog/post-3/</link>
<link>https://joren.blog/blog/post-3/</link>
<pubDate>Tue, 12 Nov 2024 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-3/</guid>
<description>&lt;h1 id=&#34;securing-cyberspace-belgian-cyber-command-at-howest&#34;&gt;Securing Cyberspace: Belgian Cyber Command at Howest&lt;/h1&gt;&#xA;&lt;p&gt;On November 12, we had the opportunity to attend a Tech&amp;amp;Meet session unlike any other. The speaker was &lt;strong&gt;Colonel Gunther Godefridis&lt;/strong&gt;, Director for Development &amp;amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-3/</guid>
<description>&lt;p&gt;On November 12, we had the opportunity to attend a Tech&amp;amp;Meet session unlike any other. The speaker was &lt;strong&gt;Colonel Gunther Godefridis&lt;/strong&gt;, Director for Development &amp;amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/hardware/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/hardware/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Hardware on Joren&#39;s Site</title>
<link>https://joren.blog/categories/hardware/</link>
<description>Recent content in Hardware on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/hardware/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Cheap Camera, Expensive Risk: Hacking an IoT PTZ Camera</title>
<link>https://joren.blog/blog/post-8/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-8/</guid>
<description>&lt;p&gt;When you pay €22.95 for a pan-tilt-zoom security camera, youre not buying enterprise-grade security. But what if youre also buying root access through an SD card?&lt;/p&gt;</description>
</item>
</channel>
</rss>

2
public/categories/index.html
View File

@ -1,2 +1,2 @@
<script src="/livereload.js?mindelay=10&amp;v=2&amp;port=1313&amp;path=livereload" data-no-instant defer></script><script>window.location.replace("\/");</script>
<script>window.location.replace("\/");</script>

138
public/categories/index.xml
View File

@ -2,73 +2,171 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Categories on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/</link>
<link>https://joren.blog/categories/</link>
<description>Recent content in Categories on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Alpine-Linux</title>
<link>https://joren.blog/categories/alpine-linux/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/alpine-linux/</guid>
<description></description>
</item>
<item>
<title>Communication</title>
<link>https://joren.blog/categories/communication/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/communication/</guid>
<description></description>
</item>
<item>
<title>Cybersecurity</title>
<link>http://localhost:1313/categories/cybersecurity/</link>
<link>https://joren.blog/categories/cybersecurity/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/cybersecurity/</guid>
<guid>https://joren.blog/categories/cybersecurity/</guid>
<description></description>
</item>
<item>
<title>Decentralization</title>
<link>https://joren.blog/categories/decentralization/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/decentralization/</guid>
<description></description>
</item>
<item>
<title>Dns</title>
<link>https://joren.blog/categories/dns/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/dns/</guid>
<description></description>
</item>
<item>
<title>Hardware</title>
<link>https://joren.blog/categories/hardware/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/hardware/</guid>
<description></description>
</item>
<item>
<title>Iot</title>
<link>https://joren.blog/categories/iot/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/iot/</guid>
<description></description>
</item>
<item>
<title>Jdm</title>
<link>https://joren.blog/categories/jdm/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/jdm/</guid>
<description></description>
</item>
<item>
<title>Network</title>
<link>http://localhost:1313/categories/network/</link>
<link>https://joren.blog/categories/network/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/network/</guid>
<guid>https://joren.blog/categories/network/</guid>
<description></description>
</item>
<item>
<title>Networking</title>
<link>https://joren.blog/categories/networking/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/networking/</guid>
<description></description>
</item>
<item>
<title>Offensive</title>
<link>http://localhost:1313/categories/offensive/</link>
<link>https://joren.blog/categories/offensive/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/offensive/</guid>
<guid>https://joren.blog/categories/offensive/</guid>
<description></description>
</item>
<item>
<title>Reverse Engineering</title>
<link>https://joren.blog/categories/reverse-engineering/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/reverse-engineering/</guid>
<description></description>
</item>
<item>
<title>Seiko</title>
<link>https://joren.blog/categories/seiko/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/seiko/</guid>
<description></description>
</item>
<item>
<title>Self-Hosting</title>
<link>https://joren.blog/categories/self-hosting/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/self-hosting/</guid>
<description></description>
</item>
<item>
<title>Vpn</title>
<link>https://joren.blog/categories/vpn/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/vpn/</guid>
<description></description>
</item>
<item>
<title>Watches</title>
<link>https://joren.blog/categories/watches/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/watches/</guid>
<description></description>
</item>
<item>
<title>Windows</title>
<link>https://joren.blog/categories/windows/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/categories/windows/</guid>
<description></description>
</item>
<item>
<title>Interview</title>
<link>http://localhost:1313/categories/interview/</link>
<link>https://joren.blog/categories/interview/</link>
<pubDate>Tue, 20 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/interview/</guid>
<guid>https://joren.blog/categories/interview/</guid>
<description></description>
</item>
<item>
<title>Podcast</title>
<link>http://localhost:1313/categories/podcast/</link>
<link>https://joren.blog/categories/podcast/</link>
<pubDate>Tue, 20 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/podcast/</guid>
<guid>https://joren.blog/categories/podcast/</guid>
<description></description>
</item>
<item>
<title>Event</title>
<link>http://localhost:1313/categories/event/</link>
<link>https://joren.blog/categories/event/</link>
<pubDate>Tue, 13 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/event/</guid>
<guid>https://joren.blog/categories/event/</guid>
<description></description>
</item>
<item>
<title>CTF</title>
<link>http://localhost:1313/categories/ctf/</link>
<link>https://joren.blog/categories/ctf/</link>
<pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/ctf/</guid>
<guid>https://joren.blog/categories/ctf/</guid>
<description></description>
</item>
<item>
<title>Education</title>
<link>http://localhost:1313/categories/education/</link>
<link>https://joren.blog/categories/education/</link>
<pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/education/</guid>
<guid>https://joren.blog/categories/education/</guid>
<description></description>
</item>
<item>
<title>Defense</title>
<link>http://localhost:1313/categories/defense/</link>
<link>https://joren.blog/categories/defense/</link>
<pubDate>Tue, 12 Nov 2024 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/categories/defense/</guid>
<guid>https://joren.blog/categories/defense/</guid>
<description></description>
</item>
</channel>

32
public/categories/interview/index.html
View File

File diff suppressed because one or more lines are too long

10
public/categories/interview/index.xml
View File

@ -2,18 +2,18 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Interview on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/interview/</link>
<link>https://joren.blog/categories/interview/</link>
<description>Recent content in Interview on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Tue, 20 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/interview/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/interview/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Red Team Talk: Een Blik Achter de Schermen bij Offensive Security</title>
<link>http://localhost:1313/blog/post-4/</link>
<link>https://joren.blog/blog/post-4/</link>
<pubDate>Tue, 20 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-4/</guid>
<description>&lt;h1 id=&#34;red-team-talk-een-blik-achter-de-schermen-bij-offensive-security&#34;&gt;Red Team Talk: Een Blik Achter de Schermen bij Offensive Security&lt;/h1&gt;&#xA;&lt;p&gt;In deze eerste aflevering van &lt;strong&gt;Red Team Talk&lt;/strong&gt; nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met &lt;strong&gt;Thomas Castronovo&lt;/strong&gt;, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-4/</guid>
<description>&lt;p&gt;In Red Team Talk nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met &lt;strong&gt;Thomas Castronovo&lt;/strong&gt;, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9454
public/categories/iot/index.html Normal file
View File

File diff suppressed because one or more lines are too long

26
public/categories/iot/index.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Iot on Joren&#39;s Site</title>
<link>https://joren.blog/categories/iot/</link>
<description>Recent content in Iot on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/iot/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Cheap Camera, Expensive Risk: Hacking an IoT PTZ Camera</title>
<link>https://joren.blog/blog/post-8/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-8/</guid>
<description>&lt;p&gt;When you pay €22.95 for a pan-tilt-zoom security camera, youre not buying enterprise-grade security. But what if youre also buying root access through an SD card?&lt;/p&gt;</description>
</item>
<item>
<title>The Smart Home Trap: Isolate or Be Owned</title>
<link>https://joren.blog/blog/post-10/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-10/</guid>
<description>&lt;h1 id=&#34;the-smart-home-trap-isolate-or-be-owned&#34;&gt;The Smart Home Trap: Isolate or Be Owned&lt;/h1&gt;&#xA;&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/jdm/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/jdm/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Jdm on Joren&#39;s Site</title>
<link>https://joren.blog/categories/jdm/</link>
<description>Recent content in Jdm on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/jdm/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Seiko SARV001: The JDM Sleeper That Punches Above Its Weight</title>
<link>https://joren.blog/blog/post-9/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-9/</guid>
<description>&lt;p&gt;In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001—a watch that combines classic design, reliable mechanics, and exceptional value.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/network/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/network/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Network on Joren&#39;s Site</title>
<link>https://joren.blog/categories/network/</link>
<description>Recent content in Network on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/network/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Silent Interception: Exploiting LLMNR, NBT-NS, mDNS and IPv6 in Modern Networks</title>
<link>https://joren.blog/blog/post-5/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-5/</guid>
<description>&lt;p&gt;In many internal networks, outdated or misconfigured protocols silently create attack surfaces. This post explores how attackers abuse name resolution fallbacks and IPv6 autoconfiguration to capture and relay NTLM credentials using &lt;code&gt;Responder&lt;/code&gt; and &lt;code&gt;mitm6&lt;/code&gt;.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9462
public/categories/networking/index.html Normal file
View File

File diff suppressed because one or more lines are too long

26
public/categories/networking/index.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Networking on Joren&#39;s Site</title>
<link>https://joren.blog/categories/networking/</link>
<description>Recent content in Networking on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/networking/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Lean and Local: DNS, VPN, IRC and Ad Blocking</title>
<link>https://joren.blog/project/project-3/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/project/project-3/</guid>
<description>&lt;p&gt;Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.&lt;/p&gt;</description>
</item>
<item>
<title>The Smart Home Trap: Isolate or Be Owned</title>
<link>https://joren.blog/blog/post-10/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-10/</guid>
<description>&lt;h1 id=&#34;the-smart-home-trap-isolate-or-be-owned&#34;&gt;The Smart Home Trap: Isolate or Be Owned&lt;/h1&gt;&#xA;&lt;p&gt;Smart homes are convenient. But with convenience comes risk. If your doorbell runs Linux, talks to Chinese cloud servers, and sits on the same network as your work laptop, you&amp;rsquo;ve got a problem. The fix? Segmentation. This post explores how to use VLANs and firewall rules to quarantine IoT devices and minimize lateral movement, even on a home budget.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9527
public/categories/offensive/index.html Normal file
View File

File diff suppressed because one or more lines are too long

26
public/categories/offensive/index.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Offensive on Joren&#39;s Site</title>
<link>https://joren.blog/categories/offensive/</link>
<description>Recent content in Offensive on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/offensive/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Kerberos Under Siege: Abusing the Trust Backbone of Windows Domains</title>
<link>https://joren.blog/blog/post-7/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-7/</guid>
<description>&lt;p&gt;Kerberos, introduced to Windows with Active Directory in 2000, is widely seen as a secure, modern replacement for NTLM. And yet, in the hands of an attacker, it becomes a double-edged sword. This post explores how Kerberos works, and how it can be abused through techniques like &lt;strong&gt;Kerberoasting&lt;/strong&gt;, &lt;strong&gt;delegation abuse&lt;/strong&gt;, and &lt;strong&gt;ticket impersonation&lt;/strong&gt;.&lt;/p&gt;</description>
</item>
<item>
<title>Silent Interception: Exploiting LLMNR, NBT-NS, mDNS and IPv6 in Modern Networks</title>
<link>https://joren.blog/blog/post-5/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-5/</guid>
<description>&lt;p&gt;In many internal networks, outdated or misconfigured protocols silently create attack surfaces. This post explores how attackers abuse name resolution fallbacks and IPv6 autoconfiguration to capture and relay NTLM credentials using &lt;code&gt;Responder&lt;/code&gt; and &lt;code&gt;mitm6&lt;/code&gt;.&lt;/p&gt;</description>
</item>
</channel>
</rss>

32
public/categories/podcast/index.html
View File

File diff suppressed because one or more lines are too long

10
public/categories/podcast/index.xml
View File

@ -2,18 +2,18 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Podcast on Joren&#39;s Site</title>
<link>http://localhost:1313/categories/podcast/</link>
<link>https://joren.blog/categories/podcast/</link>
<description>Recent content in Podcast on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Tue, 20 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="http://localhost:1313/categories/podcast/index.xml" rel="self" type="application/rss+xml" />
<atom:link href="https://joren.blog/categories/podcast/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Red Team Talk: Een Blik Achter de Schermen bij Offensive Security</title>
<link>http://localhost:1313/blog/post-4/</link>
<link>https://joren.blog/blog/post-4/</link>
<pubDate>Tue, 20 May 2025 00:00:00 +0000</pubDate>
<guid>http://localhost:1313/blog/post-4/</guid>
<description>&lt;h1 id=&#34;red-team-talk-een-blik-achter-de-schermen-bij-offensive-security&#34;&gt;Red Team Talk: Een Blik Achter de Schermen bij Offensive Security&lt;/h1&gt;&#xA;&lt;p&gt;In deze eerste aflevering van &lt;strong&gt;Red Team Talk&lt;/strong&gt; nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met &lt;strong&gt;Thomas Castronovo&lt;/strong&gt;, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.&lt;/p&gt;</description>
<guid>https://joren.blog/blog/post-4/</guid>
<description>&lt;p&gt;In Red Team Talk nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met &lt;strong&gt;Thomas Castronovo&lt;/strong&gt;, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/reverse-engineering/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/reverse-engineering/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Reverse Engineering on Joren&#39;s Site</title>
<link>https://joren.blog/categories/reverse-engineering/</link>
<description>Recent content in Reverse Engineering on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/reverse-engineering/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Cheap Camera, Expensive Risk: Hacking an IoT PTZ Camera</title>
<link>https://joren.blog/blog/post-8/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-8/</guid>
<description>&lt;p&gt;When you pay €22.95 for a pan-tilt-zoom security camera, youre not buying enterprise-grade security. But what if youre also buying root access through an SD card?&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/seiko/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/seiko/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Seiko on Joren&#39;s Site</title>
<link>https://joren.blog/categories/seiko/</link>
<description>Recent content in Seiko on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/seiko/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Seiko SARV001: The JDM Sleeper That Punches Above Its Weight</title>
<link>https://joren.blog/blog/post-9/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-9/</guid>
<description>&lt;p&gt;In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001—a watch that combines classic design, reliable mechanics, and exceptional value.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9378
public/categories/self-hosting/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/self-hosting/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Self-Hosting on Joren&#39;s Site</title>
<link>https://joren.blog/categories/self-hosting/</link>
<description>Recent content in Self-Hosting on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/self-hosting/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Lean and Local: DNS, VPN, IRC and Ad Blocking</title>
<link>https://joren.blog/project/project-3/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/project/project-3/</guid>
<description>&lt;p&gt;Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9378
public/categories/vpn/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/vpn/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Vpn on Joren&#39;s Site</title>
<link>https://joren.blog/categories/vpn/</link>
<description>Recent content in Vpn on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/vpn/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Lean and Local: DNS, VPN, IRC and Ad Blocking</title>
<link>https://joren.blog/project/project-3/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/project/project-3/</guid>
<description>&lt;p&gt;Running a full-featured network stack on old hardware isnt just possible, its efficient. This post covers how I configured Alpine Linux as a diskless system hosting DNS resolution, ad blocking, VPN access, and a local IRC server.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/watches/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/watches/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Watches on Joren&#39;s Site</title>
<link>https://joren.blog/categories/watches/</link>
<description>Recent content in Watches on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/watches/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Seiko SARV001: The JDM Sleeper That Punches Above Its Weight</title>
<link>https://joren.blog/blog/post-9/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-9/</guid>
<description>&lt;p&gt;In the world of horology, the Japanese Domestic Market (JDM) often hides treasures that fly under the radar. One such gem is the Seiko SARV001—a watch that combines classic design, reliable mechanics, and exceptional value.&lt;/p&gt;</description>
</item>
</channel>
</rss>

9370
public/categories/windows/index.html Normal file
View File

File diff suppressed because one or more lines are too long

19
public/categories/windows/index.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Windows on Joren&#39;s Site</title>
<link>https://joren.blog/categories/windows/</link>
<description>Recent content in Windows on Joren&#39;s Site</description>
<generator>Hugo</generator>
<language>en</language>
<lastBuildDate>Fri, 30 May 2025 00:00:00 +0000</lastBuildDate>
<atom:link href="https://joren.blog/categories/windows/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Kerberos Under Siege: Abusing the Trust Backbone of Windows Domains</title>
<link>https://joren.blog/blog/post-7/</link>
<pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate>
<guid>https://joren.blog/blog/post-7/</guid>
<description>&lt;p&gt;Kerberos, introduced to Windows with Active Directory in 2000, is widely seen as a secure, modern replacement for NTLM. And yet, in the hands of an attacker, it becomes a double-edged sword. This post explores how Kerberos works, and how it can be abused through techniques like &lt;strong&gt;Kerberoasting&lt;/strong&gt;, &lt;strong&gt;delegation abuse&lt;/strong&gt;, and &lt;strong&gt;ticket impersonation&lt;/strong&gt;.&lt;/p&gt;</description>
</item>
</channel>
</rss>

18567
public/css/style.af64285d60a6cb7cb62ddf607404d8222a33b5fd6b0c9aacafef33456be01ed2.css Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
public/images/blog/blog-5.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 462 KiB

BIN
public/images/blog/blog-5_hu_1fa9c9461e8a5b22.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
public/images/blog/blog-5_hu_2496163d8ca0be9a.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
public/images/blog/blog-5_hu_3f20fe629de38114.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
public/images/blog/blog-5_hu_4618aa5e6342cf5b.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
public/images/blog/blog-5_hu_54124c601931f717.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
public/images/blog/blog-5_hu_84904f4853785c5f.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
public/images/blog/blog-5_hu_cc034401e2f1274e.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
public/images/blog/blog-5_hu_e31b752cd8166a9a.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
public/images/blog/blog-5_hu_e4f7343564430a7c.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
public/images/blog/blog-5_hu_f181e5573eb2a3e0.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
public/images/blog/blog-6.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
public/images/blog/blog-6_hu_49f98f56b956af12.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
public/images/blog/blog-6_hu_4ef932f257939b99.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
public/images/blog/blog-6_hu_6e570c8b5b77b366.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
public/images/blog/blog-6_hu_738eea9b9eff29e3.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
public/images/blog/blog-6_hu_a7e61da859c97057.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
public/images/blog/blog-6_hu_ad7d9ec3689102a3.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
public/images/blog/blog-6_hu_b448f44c73a1e092.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
public/images/blog/blog-6_hu_c559f46af58d7b01.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
public/images/blog/blog-6_hu_e56d383386eb66f4.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 81 KiB

BIN
public/images/blog/blog-6_hu_f695abdc0daeefc5.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
public/images/blog/blog-7.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
public/images/blog/blog-7_hu_32818c24ea07902c.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.4 KiB

BIN
public/images/blog/blog-7_hu_35062733e5b10c39.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 KiB

BIN
public/images/blog/blog-7_hu_3c4ad455eb02f8ec.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
public/images/blog/blog-7_hu_a100653844898565.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
public/images/blog/blog-7_hu_cc5c86d0bdb969fb.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
public/images/blog/blog-7_hu_e1c9231db481941.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.0 KiB

Some files were not shown because too many files have changed in this diff Show More