Fixing an Unbootable EndeavourOS System

Last Friday, just before closing my laptop and enjoying my weekend I managed to break my EndeavourOS VM by accidentally shutting it down while it was still updating the kernel in another terminal session. It no longer booted as a result. To fix it, I found a helpful blog post by Edmund Goodman which proved useful, albeit slightly different from my environment. Goodman was using GRUB and Ext4, whereas my environment is using Systemd-boot and Btrfs. ...

October 6, 2025 · 2 min

On Chat Control

Troubling times ahead: Chat Control 2.0 is coming up, a law that would force all EU citizens to surrender their private messages, effectively breaking end-to-end encryption for everyone. I’m sad to see this issue is back on the table again (after previous failed attempts), and even more saddened by the severe lack of critical thinking and media coverage around this topic. Just in case you missed it, here’s a brief explainer, courtesy of stopscanningme.eu: ...

October 1, 2025 · 6 min

On Upcoming Dutch Elections and Digital Sovereignty

My previous post discussed the importance of EU’s digital sovereignty, especially considering historical and recent geopolitical developments, namely our overdependence on (US) Big Tech. This post will focus on the Dutch elections coming up next month. So far I’ve seen some but overall little interest from most major parties to invest heavily in digital sovereignty, apart from of course the Pirate Party. I do understand, we sadly have more matters to attend to. The housing crisis for one, which is much more tangible to most voters, because it directly affects a large part of our population, and their children. We should’ve built much more housing over the last decade, but at the very least it is one of the more popular election topics this time around. And rightfully so, I do believe housing is indeed a crisis, affecting our demographic personally. ...

September 24, 2025 · 3 min

On EU Digital Sovereignty

In an effort to practise digital sovereignty and reduce being dependent on (US) Big Tech, the EU is very, very slowly looking for secure digital alternatives, on its own soil. While the EU acknowledges this threat, it is not a new one, really. The classic example being Europe’s overdependence on Microsoft, and being turned into a Software Colony as a result. Even more so when Europe increasingly migrated its data to US-based cloud services for more than a decade ago now. ...

September 24, 2025 · 4 min

Home Assistant on TrueNAS Community (SCALE)

My previous post discussed how to get a headless Steam instance running on TrueNAS SCALE. I had a spare GPU which I wanted to repurpose to play (older) video games without first needing to boot my desktop. This post roughly documents how I run my Home Assistant instance on my TrueNAS SCALE server. The official website details several installation methods, which mainly comes down to two installation types: either a full-fledged OS image (HA OS), or; a (less feature-complete) containerised version. ...

September 13, 2025 · 2 min

Forging Kerberos Tickets

These are some scribbles if I ever need to look up how to forge my own Kerberos Tickets, such as Silver, Golden, Diamond or Sapphire Tickets. I might expand on this later…​ ℹ️ This is nothing new, most of this stuff can be easily found on the Internet. This is just for my own reference. Please excuse my brevity. Environment Previously, I’ve documented (also for myself) how to Kerberoast and ASREProast. For this article, we’re assuming we’ve already compromised the domain and have gotten our hands on the KRBTGT secrets (NTHash, AES keys). In other words, we’ve already got DA. ...

August 9, 2025 · 6 min
Kyber KEM, now FIPS 203 ML-KEM by NIST

Using ML-KEM Post-Quantum Key Exchange in Caddy

My previous post discussed the introduction of a Module-Lattice Key Encapsulation Mechanism (ML-KEM) post-quantum key exchange algorithm implementation in OpenSSH, and how to specify it in your SSH configurations. ML-KEM is the new FIPS 203 standard, previously known as Kyber, which was standardized by NIST on 2024-08-13. OpenSSH’s implementation of ML-KEM is a PQ/T hybrid approach that combines the post-quantum ML-KEM with the traditional X25519 key exchange algorithm. This post will cover the ML-KEM implementation in Caddy, the popular web server and reverse proxy. ...

July 28, 2025 · 3 min

Using ML-KEM Post-Quantum Key Exchange in OpenSSH

OpenSSH 9.9, released on 2024-09-19, first introduced support for the new FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) post-quantum key exchange algorithm, previously known as Kyber. ML-KEM was formally standardized by NIST on 2024-08-13, and is designed to be secure against quantum attacks, making it a suitable choice for future-proofing cryptographic systems. The OpenSSH implementation of supporting ML-KEM, specifically the mlkem768x25519-sha256 key exchange algorithm, is a hybrid approach that combines the post-quantum ML-KEM with the standard X25519 key exchange algorithm. The benefit of a hybrid approach is that in the event that, after further cryptanalysis, the ML-KEM algorithm ends up being broken, the X25519 key exchange algorithm will still provide a secure fallback. At least for now, while we don’t yet have a Cryptographically Relevant Quantum Computer (CRQC) that can break X25519. There is currently an IETF draft for Post-Quantum Traditional (PQ/T) hybrid key exchange methods based on ML-KEM and Elliptic Curve Diffie-Hellman (ECDH) algorithms (also including X25519) for use in SSH. OpenSSH’s mlkem768x25519-sha256 key exchange is exactly such an example thereof, and is being described there. ...

July 24, 2025 · 3 min

Hashcat on Docker

I finally got hashcat running on Docker, with GPU support for NVIDIA cards. First, I needed to install Docker and NVIDIA Container Toolkit on my system, and add my user to the docker group. root $ pacman -S --needed docker nvidia-container-toolkit root $ systemctl enable --now docker.service root $ usermod -aG docker user Then I created a Dockerfile to set up the hashcat environment with NVIDIA support (using a BlackArch image): FROM blackarchlinux/blackarch:latest RUN pacman -Syu --noconfirm && \ pacman -S --noconfirm \ blackarch/cracken \ blackarch/pack \ blackarch/pipal \ extra/hashcat \ extra/hashcat-utils RUN mkdir -p /etc/OpenCL/vendors && \ echo "libnvidia-opencl.so.1" > /etc/OpenCL/vendors/nvidia.icd RUN mkdir /cracking...

June 19, 2025 · 1 min

Steam Headless on TrueNAS Community (SCALE)

After watching Lawrence Systems' video about why it’s time to move off TrueNAS CORE—​which I had been putting off for too long already—​I finally migrated to Community (SCALE). I guess it was the last push I needed, really. I even migrated most of my services inside my VMs to either separate TrueNAS Apps, or vanilla docker containers I manage via Dockge (such as Nextcloud AIO). But then I also noticed another available TrueNAS App which piqued my interest: Steam Headless. ...

June 18, 2025 · 2 min