Animated Creativity | Page 11 of 55 | Animate your life. Don't be static.

SSH ed25519-sk hardware keys vs forwarded agents: when to forward, when to use a YubiKey and refuse forwarding

August 28, 2024 by

USB security key beside a laptop on a clean desk — photo by Cottonbro on Pexels

Most “hopping through bastion” SSH workflows use agent forwarding (ssh -A): the bastion gets temporary access to your local SSH keys via the agent socket, and from there it can SSH onward. It’s convenient, it’s the default in …

Detecting WordPress malware via reverse-DNS lookups on outbound POST requests: 30 lines of bash that catches exfil

August 26, 2024 by

Network switch with active port LEDs and ethernet cables — photo by Pixabay on Pexels

The interesting thing about WordPress malware in 2026 is that most of it doesn’t try to hide on disk anymore. Filesystem scanners catch the obvious things — random PHP at webroot, .hph extension shadows, polyglot images. The newer payloads live …

macOS launchd: the actual replacement for cron when you want a recurring task on your Mac

August 22, 2024 by admin

Vintage black twin-bell alarm clock next to a blank notebook on a colorful background of scattered wooden numbers — visual for time-based scheduled tasks (photo: Black Ice / Pexels)

You write a Python script that needs to run every fifteen minutes on your Mac. You add a line to crontab -e, save, walk away. Two days later you check and notice it never ran. The cron file is …

Detecting and cleaning the DOLLY WordPress mu-plugin backdoor

August 14, 2024 by admin

Hooded figure with neon mask holding tablet displaying 'Uploading Virus' progress bar — visualizing the DOLLY WordPress mu-plugin backdoor exfiltrating credentials

Last week I cleaned a six-site WordPress compromise on one of my OpenLiteSpeed boxes. The most interesting payload was the “DOLLY” mu-plugin family — a credential-harvesting backdoor that hides itself with a few clever tricks and survives most casual cleanups …

Linux capabilities for a single binary: setcap cap_net_bind_service= /usr/local/bin/myapp without running as root

August 10, 2024 by

Tux Linux mascot sticker on a blue ice tray — photo by Real Tough Candy on Pexels

The “I want my Go binary to bind port 80 without running as root” problem has three solutions of varying terribleness:

Run the whole thing as root. The traditional answer. Catastrophic if the binary has a single bug — game

…

auditd rules for a small server: the 12 rules that catch real intrusions without drowning you in noise

August 2, 2024 by

Close-up of source code on a dark monitor — photo by Pixabay on Pexels

The first time I enabled auditd with the default rules on a small VPS, /var/log/audit/audit.log grew to 2 GB in eight hours and I watched the disk fill in real time. The default ruleset is built for compliance audits — …

Bash strict mode: the 4-line preamble (set -euo pipefail; IFS=$’\n\t’) and what each flag actually buys you

July 27, 2024 by

Laptop on a wooden desk showing source code in an editor — photo by dkomov on Pexels

Most production bash scripts I’ve inherited start with a comment block, then dive straight into echos and mkdirs and cps. They look fine. They run fine, most of the time. They fail mysteriously the one time it …

Rotating WordPress salts as incident response: the step everyone skips

July 23, 2024 by admin

Close-up of a metal combination lock with rotating numeric dials — visual metaphor for rotating WordPress salts to a new secret combination (photo: Felix Moeller / Pexels)

You’ve cleaned the malware files, deleted the backdoor admin accounts, rotated everyone’s password. The site is fine, you’re fine. Three weeks later someone logs in with a session cookie they grabbed during the compromise window and creates a fresh admin …

Apple Shortcuts to rename + organize iCloud Drive screenshots automatically (the run-on-folder-change recipe)

July 23, 2024 by admin

MacBook Air on a wooden desk with macOS System Preferences open and a folder of files visible — photo by abdullah-bin-mubarak on Pexels

Your ~/Desktop has 437 files in it. Most of them are screenshots called Screenshot 2025-09-04 at 3.42.18 PM.png. You haven’t deleted them because some are useful (a tracking number, a UI bug, a recipe) but most aren’t, and you …

Home Assistant on a Raspberry Pi 4: getting started without Hue or SmartThings vendor lock-in

July 20, 2024 by admin

You’ve bought into one smart-home ecosystem — Hue lights, or SmartThings hub, or Apple HomeKit — and now every new device you consider has to be compatible with that brand. Three years in, you’ve also accumulated a Wyze camera, a …