At my previous employer (FusionX/Accenture), I wrote a tool for RedTeam security people to help attack and exploit vulnerabilities in Jenkins Applications. These attacks are for the most part publicly known, but are time consuming to execute by hand.

Accenture has graciously agreed to opensource the project, and I am excited to share it with the world. Besides the “bog standard” attacks that this tool simplifies and enables, it also brings some new-ish attacks to the public. These attacks include the ability to execute “ghost jobs” which are jobs that do not show-up in Jenkins as executing and can be…


A common use case for Python and web development is the need to coerce a bunch of data into a Python dictionary or list where it will ultimately end up being transferred over the network via JSON, Protobuf, YAML, etc.

Of course you can just validate your data, and manually shove it into a dictionary, but what if we instead create a class with our validation rules and then configure that class to inherit from “dict” or “list” directly?

For example:

Other than looking a bit awkward, the above works just fine. You can append, update, and pop entries…


TrueNAS uses Network UPS Tool (NUT) under the covers for UPS monitoring, but what if your UPS isn’t supported by NUT?

This was the position I found myself in when using an APC BX1500M. These UPS’s are relatively cheap, reliable, and high-quality. It appears that NUT does not currently support them, or at least I could not get it to recognize my UPS.

In the world of FreeBSD, it appears that my only option was apcupsd (http://www.apcupsd.org/). No problem, I could set that up in a jail, and let that do the monitoring, right? The problem is how to handle…


A couple years ago, I got a great deal on a few Orange Pi R1’s. I’ve always had an affinity for the Orange Pi series of Raspberry Pi clones. They are stupidly cheap, generally solid and tend to have far better hardware features than you would find on a similarly priced Raspberry Pi. They also have good software support which is not a given for Pi clones.

This lot of Orange Pi R1’s has been languishing in a hardware bin, waiting for a potential use case. The other night, I decided to pull one out for a project (which I…


TrueNAS has several built in alerting mechanisms, however I wanted the ability to have NAS alerts pushed to my phone via PushOver. To accommodate this, I needed to abuse one of the existing alerting methods to send alerts to my custom script.

Of the existing alerting mechanisms, the SNMP Trap method seemed like it would be the easiest to bend to my will. I created a jail called “Monitoring” (using Basejail) which will contain all my various monitoring and utility scripts. Make sure you configure this jail to automatically start. …


I recently wanted to update my NAS to use TrueNAS as it has come a long way from the old days of FreeNAS. However, my current NAS solution was a custom Debian server, with OpenZFS on Linux, CrashPlan Pro, Plex, Syncthing, and various monitoring scripts to scrub the ZFS tank, monitor my UPS, and send me phone alerts. Most of this stuff was easy to transition to TrueNAS. Unfortunately, CrashPlan has not been supported for a long time, and I could not find a good guide to setting this up, so I made my own…

Crashplan is not supported for…

shellster

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store