Hot take: Stop putting your ssh keys on GitHub!!! For that matter, stop putting your keys in any kind of repository. Seriously, your private keys are private for a reason. Okay, let’s back up a little here. This morning some articles made their rounds about Cisco distributing network device firmware with keys and certs embedded in them. Now that happens all the time (ugh) but in this particular case, they were the keys of presumably a Huawei employee.

I have, for a long time, been fascinated and terrified by “Virtual SAN” solutions. The idea of combining storage and compute seems on the surface very attractive. It allows us to scale out our storage and compute together or separately in relatively small and affordable units, helping avoid the sticker shock of the upfront cost of storage systems. And as somebody especially prone to capex-phobia, that really is a great solution.

Editor’s note (2021-01): This particular hacking method no longer works after 2019-11 windows update. I had this article on ice for a very long time and feel confident that it won’t be abused at this time. Preface I feel like I shouldn’t have to say this, but please use your powers for good and not evil. The methods I’ll reveal here have quite impressive post-exploit abilities for lateral movement. If you’re thinking about getting arrested for something dumb, please don’t bring up my website at your trial.

I don’t like Microsoft NPS. That’s not to say that it’s a very convenient server role, which it absolutely is, or that it doesn’t have a place, which it sort of does. It’s just that it’s almost always, in my own opinion, a better idea to go with another option. So what’s wrong with using NPS? Requires a full windows license. Personally, I have an aversion to throwing away money, even if it’s somebody else’s money.

Ever wanted pull up the password for a WiFi network your computer remembers but you don’t? If you’re anything like me, the computer remembers far more than I do. Luckily, Windows not only stores these keys in plaintext, but some of them can even be retrieved without administrator access! (Is that good? I think it is but something tells me it might not be…) And of course, let’s go one step further and make a neat little script to pull out all of these keys and present them in a convenient way.