Add SSL/TLS certificate to HomeAssistant’s web interface

Even if your home’s automation is separated from any other network and not internet accessible, it’s always a good practice to use encryption. Failing to encrypt the connection to HomeAssistant’s web interface using an SSL/TLS certificate, results in leaving your password and other data traveling the network as plaintext susceptible to eavesdropping.

Continue reading Add SSL/TLS certificate to HomeAssistant’s web interface

BYOPM – Bring Your Own Password Manager

BYOPM

BYOPM is a portable Password Manager implementation based on VaultWarden, an unofficial implementation of BitWarden and a Raspberry PI Zero. It’s a self hosted solution, with full functionality, which is activated by just plugging the device on your computer. Bitwarden’s Official browser addons and extensions are also supported, and the device has been tested both on Windows (10 and 11) and Linux (Debian Based).

Continue reading BYOPM – Bring Your Own Password Manager

Raspberry PI as a SOCKS Server

Raspi Socks Diagram

How it works

The SOCKS protocol is being used to exchange packets between a server and a client through a Proxy server. Expanding the Remote Drone’s abilities, we can configure the "Middle Host" to act as a PROXY Server and redirect all of our requests to the "Remote Drone". With this configuration, all the traffic will be transferred through the "Remote Drone" and we will be able to access the remote network, or even the Internet through the remote’s Network ISP Modem.

Continue reading Raspberry PI as a SOCKS Server

Access a remote network using Reverse SSH Tunneling

Raspberry Pi Network Drone
Reverse SSH Tunneling is the connection from the destination to the source instead of the default procedure which is the connection from the source to the destination. We can use this method to establish a connection to a remote network without knowing it’s external IP or making any changes to the network’s configuration. Unless a firewall restricts SSH traffic, the following guide using a Raspberry PI and an ENC28J60 module should be enough to establish a connection to the remote network by plugging the device to the remote network through ethernet.

Continue reading Access a remote network using Reverse SSH Tunneling

Add a new user and replace the default pi user [updated December 2021]

One of the most effortless way for an intruder to gain access to a system is "Password Guessing". As we can read from the NIST Special Publication 800-118:

Guessing attacks can be mitigated rather easily by using a combination of two methods. First, ensure that
passwords are sufficiently complex so that attackers cannot readily guess them. It is particularly important
to change all default OS and application passwords; lists of default accounts and passwords are widely
available to attackers.

For the Raspbian (official Raspberry PI OS), the default credentials (username: pi, password: raspberry) are the same since the launch of the first device in February of 2012 so if you plan to use a Raspberry PI for any of your projects, the first thing to do is change those credentials. For increased security is even better if you completely remove or disable the default pi user.

Continue reading Add a new user and replace the default pi user [updated December 2021]