Penetration Testing My Home Network

I have a basic router for my home network: https://www.wavlink.com/en_us/product/WL-WN530HG4.html

The builtin management tools are surprisingly sufficient, I am able to configure DDNS, DMZ, Port forwarding, and automatic wifi channel switching.

I disabled WAN access to ping and to the management page which is clearly working well when I attempted accessing it from a hotspot on my Parrot OS laptop. (learn more about ParrotOS here)

Both the DDNS address and direct IP wouldn't allow any attacks from OWASP ZAP to get through:

Even the test I ran from internal (the router sees it as LAN even though I access it via WAN at quazmoz.hopto.org) didn't have many vulnerabilities and none of them were critical. However, I was a little bummed to see the vulnerability for clickjacking...

So far so good on the pen-test. Next up is to see how it handles direct attacks against the VPN and NextCloud

UrBackup - Open-Source Backup Server

Today I managed to get my UrBackup server running fairly quickly. Linux has a small error with con files but everything else seems to be working fine. You can find the downloads and guides here: https://www.urbackup.org

In my experience, this server works well and is reliable despite being free. I have implemented it successfully both in an enterprise and homelab.

It allows backup of specific files, drives, as well as scheduling. The server has a good variety of settings that you would expect for a backup server, including AD integration and backing up over the internet.

My next project will be to see how this works using OpenVPN and going directly over the internet.

Jenkins and DDNS OpenVPN

Jenkins is configured with BlueOcean and OpenVPN is now set to use quazmoz.hoptoo.org which is a free DDNS service from noip.com. My router is set to push changes to my public IP to noip.