Linux

Running a Windows-heavy SOC lab from a Linux hypervisor means a lot of RDP sessions. The naive approach — typing credentials every time — gets old fast, and pasting passwords into terminal arguments leaves them visible in ps output and shell history. Here’s the script that replaced all of that. Starting point: one host, one script The first version was a single hardcoded connection to the forensics VM: PASS=$(pass soc-lab/windows-analyst) ARGS=( /v:192.168.10.50 /u:analyst "/p:$PASS" /size:3840x2160 /scale:180 /scale-desktop:180 /scale-device:180 /cert:ignore /clipboard /log-level:ERROR ) printf '%s\n' "${ARGS[@]}" | xfreerdp /args-from:stdin Two things worth noting here. ...

The Starting Point A Fedora 43 VPS on Hetzner. Caddy serving a static site over HTTPS. SSH open on port 22 with public key auth. No fail2ban, SELinux in permissive mode, no automatic updates. Good enough to serve a static site. Not good enough to leave alone. How Much Noise Is There on Port 22? The server had been up for 16 days. Before touching anything, I pulled the last 24 hours to get a sense of the baseline noise: ...