Security Project Sweden
In the Spring of 2022 I had the opportunity to visit the University of SkΓΆvde and
participate in an international project for a week.
The assignment was simple: create a secure website on your webserver, make sure the others cannot break in while you try and attack them.
Unfortunately, this was easier said than done.
Within my group we opted to split up the work, my classmate and I were going to do the setup and front-end,
the locals were going to secure the server. While we were installing the necessary tools on our freshly installed Debian,
the network admins were already blocking all traffic on the firewall and disconnecting the server from the internet.
This had reset our SSH connection to the server, and cancelled our downloads. After reconnecting the internet and
temporarily disabling their firewall configuration, they decided to enable SSH connections through keys only,
without copying the key to their host. When they (presumably accidentally) closed their session,
they were locked out of the server. Luckily, we were still connected and were able to store the key on our hosts.
For the front-end we used Laravel on an NGINX server. Because we struggled a lot during the setup,
we were running behind on schedule for the website. Luckily, all our colleagues were struggling with
the Laravel setup (Laravel is a love hate relationship if you're a noobie ;D), so we socialised a lot and
went around bugfixing in other groups and learning a lot from other people their problems.
The last part of the project was supposed to be the most exciting part; Hack the websites!
Only, there was one small issue: everyone was using the latest version of Laravel, Apache/NGINX and PHP,
and thus a lot of exploits were not working. Initially, we were not allowed to disrupt the services
so the hacking part did not go smoothly. When the coaches noticed, they decided to remove all the restrictions
and that's when Hell. Broke. Lose. Within half an hour, all the websites were down because of a network-wide DDOS attack.
That's where the hacking adventure came to an end for everyone.
Albeit it was still exciting to break the projects everyone had worked so hard on to create and secure.
Discord Bots
Unfortunately, I'm still living in the past and haven't been able to learn how the new slash commands work, but...
Discord bots are one of the passion projects I love working on!
One of my favourite type of games to play are MMO's. Unfortunately, it is sometimes very hard to link in-game activity
to Discord. But that's where bots come in handy! One of my most advanced bots is for Lord of the Rings
Online, and what it does is link in game characters to Discord accounts so you can get an easy overview of who
has what class available for end game raiding. Having a Kinship (guild) with over 1400 people, and a Discord
server with over 600 members, it was getting a little too chaotic to keep up with everyone their characters.
Using an existing tool that was able to read text from the screen and turn it into a text file, we parsed Every.
Single. Character. Along with their relevant information into one big file. Using the power of C++, I made a
console application that could turn this text file into a CSV file (and then parse the CSV format to JSON)
and that's where the Discord bot magic begins!
Using Node.JS (and Discord-js), the Discord bot was able to read the CSV file and people could !link their account
based on a supplied character name. The bot would store the Discord ID of said user to the CSV file and if someone
where to check !whois based on character name or Discord tag, it would show all their registered alts and their information,
as well as their Discord if you want to reach them. This has been a game changer for us, because scrolling through
pages upon pages to look for everyone their toon names in game was no longer manageable. People were able to
add new characters to the list on Discord (it would automatically link to all their existing toons), remove a toon
if they deleted it, and any Officer or above (basically, the Moderators) could set characters as dormant (inactive) or
set them as "No longer in the Kinship" if they left or got kicked, in case they want to return.
I tried to run the Discord bot on my Raspberry Pi at the time, but unfortunately due to infrastructural issues
(being that my internet will randomly stop working), I've had to move the entire project over to Replit. The bot
has been living there for a bit now, and I think it enjoys the extra hardware resources. My Raspberry Pi simply cannot
compete with a cloud solution.
It's amazing to (finally) have been able to find a use for my "skills" and apply them in a non-IT environment.
The members of our Kinship still think what I did was witchcraft, but it has definitely optimized our group finding time.
You've reached the end!
But fear not, here's a bunny to keep you company. π
/| __
* + / | ,-~ / +
. Y :| // / . *
. | jj /( .^ *
* >-"~"-v" . * .
* / Y
. . jo o | . +
( ~T~ j + .
+ >._-' _./ +
/| ;-"~ _ l
. / l/ ,-"~ \ +
\//\/ .- \
+ Y / Y
l I !
]\ _\ /"\
(" ~----( ~ Y. )
~~~~~~~~~~~~~~~~~~~~~~~~~~