WhiteMatterTech

ADSB on Kubernetes

Sun, 08 Feb 2026 00:00:00 +0000

Setting Up an ADS‑B Flight Tracker with a Cheap Antenna on Kubernetes (RKE2 and ArgoCD)

This is the Kubernetes version of my earlier Docker‑based ADS‑B guide. In this setup, everything is defined in YAML and deployed via ArgoCD, and changes are tracked in Git and synced automatically to the cluster. Access is handled through an NGINX Ingress with TLS from cert‑manager, which is how I publish the ADS‑B UI at adsb.w3rdw.radio. If you’re comfortable editing YAML and committing to Git, you’ll feel right at home.

Using a New NTLM Hash Lookup Bulk Check API

Wed, 20 Dec 2023 00:00:00 +0000

Using a New NTLM Hash Lookup Bulk Check API

In today’s cybersecurity landscape, organizations and security professionals are continually searching for efficient ways to detect and mitigate threats. One such method involves using NTLM hash lookup services. If you’re looking to validate multiple NTLM hashes quickly, a bulk check API can be invaluable. In this post, we’ll delve into the specifics of using a NTLM hash lookup bulk check API and guide you through the process.

ADSB

Sun, 22 Oct 2023 00:00:00 +0000

W3RDW Blog - First Post

This post is copied from a separate site where I plan to document content related to one of my hobbies, HAM radio. This post is the first post I shared on my other site, https://w3rdw.radio. In the future, I plan to only post HAM radio content on the W3RDW site. You can find a link in the top right corner of my WhiteMatterTech site.

Setting Up an ADS-B Flight Tracker with a Cheap Antenna and Docker on Ubuntu

In this tutorial, I’ll walk you through the process of setting up an ADS-B flight tracker using a cheap antenna and Docker on Ubuntu. ADS-B (Automatic Dependent Surveillance – Broadcast) is a surveillance technology that allows aircraft to determine their position via satellite navigation and periodically broadcast it. By setting up your own ADS-B receiver, you can track flights in your area and contribute to the global flight tracking network.

A Roadmap to a Rewarding Career in Cybersecurity: A Guide for Beginners

Mon, 11 Sep 2023 00:00:00 +0000

Introduction

Are you considering a career in cybersecurity? That’s a fantastic choice! The world of cybersecurity is dynamic, challenging, and highly rewarding. Whether you’re a recent graduate or someone looking to make a career change, there’s a place for you in this ever-evolving field.

A cybersecurity bootcamp student recently reached out to me on LinkedIn to ask exactly how to do this. In this post, I will share some of my advice in a more blog-friendly format. I’ll walk you through some steps to break into the cybersecurity industry successfully.

Unlocking Digital Transformation: The Crucial Role of IT Services

Sun, 10 Sep 2023 00:00:00 +0000

Introduction

In today’s rapidly evolving business landscape, digital transformation has become more than just a buzzword—it’s a strategic imperative. Organizations worldwide are harnessing technology to enhance processes, elevate customer experiences, and stay ahead in the competitive race. Amid this digital revolution, IT services emerge as indispensable allies, guiding and empowering organizations in their transformative journey. Let’s explore how IT services play a pivotal role in driving this essential shift.

1. Technology Assessment and Planning

IT services providers begin by meticulously evaluating your existing IT infrastructure, systems, and processes. Through this comprehensive assessment, they identify gaps, recognize untapped potential, and craft a well-defined roadmap for your digital transformation endeavors.

My Encrypted Matrix Server with Docker-Compose

Sun, 16 Apr 2023 00:00:00 +0000

Overview

In this post, I will detail how I run my Matrix Server with Docker-Compose, how I use my Matrix Server as an encrypted notifications hub, and how I federate my Matrix Server over a Cloudflare tunnel (using Cloudflare’s Zero Trust interface).

Short Cybersecurity Note

Matrix Servers can be a part of your cybersecurity stack in your homelab or business. The component pertinent to cybersecurity related to Matrix Servers is encryption. If you’re pursuing a CISSP, you will want to be highly familiar with encryption and the process by which it is achieved.

Policy Based Routing with Unifi, PIA, and pfSense: How I Route My IoT External Traffic through PIA VPN

Mon, 07 Nov 2022 00:00:00 +0000

Introduction

In this post, I will show you how to use policy-based routing in Unifi to route specific traffic through a VPN client (I use Private Internet Access) on pfSense. This setup allows you to retain complete control of your devices and subnets via Unifi’s Network app while taking advantage of pfSense’s ability to host a VPN client.

With this setup, I am getting my full ISP speeds on devices using a VPN for encryption. Depending on your hardware, you should be able to get full speeds as well.

How to Use pfSense and Unifi to Anonymize and Encrypt VLAN Tagged Traffic

Sat, 05 Nov 2022 00:00:00 +0000

#UPDATE 11/05/2022

Original post date: 2021-04-05

This update contains specific configuration options to use 4096 bit RSA keys, SHA256 Auth digest algorithm, and AES256 encryption. The original post used the default key length of 2048 from PIA, SHA1, and allowed for AES128.

Throughout the post, I will tag updated information with #Update.

Introduction

This post aims to show you how to use pfSense within a Unifi network behind a Unifi Gateway [in my case, the gateway is the Unifi Dream Machine Pro (hereafter referred to as UDMP)]. I will explain my current network configuration including applicable subnets, VLANs, and wireless SSIDs needed to make this setup successful. The end goal is to be able to add a client on my Unifi network to a particular VLAN either by joining this client wirelessly to a particular SSID or by tagging the client’s physical port to that VLAN. This VLAN will be tied to a subnet that sends data through the pfSense machine which is acting as a VPN client (I use Private Internet Access). This method allows the UDMP to continue to act as the DHCP server for these clients while allowing pfSense to anonymize and encrypt the data of the clients in question.

How to Run Dockerized MacOS on Unraid

Tue, 25 Oct 2022 00:00:00 +0000

Introduction

For this tutorial, I will show you how to run a Dockerized version of MacOS on Unraid. The project we will use is sickcodes/Docker-OSX, which is intended for conducting MacOS security research in containerized environments on Linux and Windows.

For this tutorial, I will show you how to use Unraid’s Docker-Compose functionality to manage the container. We will also be building a special VNC-compatible image, which is required for Unraid. If you are not using Unraid, building the default image will likely work better for you.

Cloudflare Static Site Hosting

Mon, 27 Jun 2022 00:00:00 +0000

Introduction

In this previous post, I detailed my transition from WordPress to Hugo static sites. This post discussed hosting the site locally in a Docker container web server and exposing ports 80 and 443 to a reverse proxy on my DMZ network. Today, I will show you how you can host your Hugo static site on Cloudflare–FREE. This will absolve your responsibility to host the site, expose ports to the public, and deal with SSL certs. Cloudflare will automatically take care of all of this for you, and Clouflare will even automatically build your site from a Git repo when changes are pushed.

Cloudflare Tunneling to Internal Resources with Cloudflared

Mon, 27 Jun 2022 00:00:00 +0000

Introduction

This post will cover how to set up a Docker container of Cloudflared on your internal network to provide a private tunnel from Cloudflare to your internal resources. After setting up the Cloudflared tunnels, you will no longer need to expose ports 80 and 443.

This post assumes you currently have a vibrant and functioning internal network with a reverse proxy (in my case, Nginx Proxy Manager) already configured. Additionally, this post assumes you have a Cloudflare account with the ability to modify DNS records for your domain(s).

'Split-Brain DNS' for Internal HTTPS with Let's Encrypt

Fri, 13 May 2022 00:00:00 +0000

Introduction

In this previous post, I showed how to connect to a Unifi router with HTTPS, effectively ridding you of the tedious words, “Your connection is not private.” However, the method shown in that post directs your connection to an external DNS server (e.g., CloudFlare) in order to resolve your Unifi router. This adds some latency by requiring your traffic to flow out and in rather than staying local. Additionally, it requires opening some ports externally. While this is not necessarily bad, it certainly increases the risks and attack surface of your network.

Manage Linux Logs on AlienVault OSSIM

Tue, 19 Apr 2022 00:00:00 +0000

Introduction

OSSIM is a powerful open source security information and event management (SIEM) operating system. AlienVault OSSIM is the open source version of AlienVault, which is sold by AT&T.

I have used OSSIM in professional deployments in the past, and I currently use OSSIM for vulnerability scanning, asset management, and security alerts. OSSIM can often be overly complicated to set up and install, and the documentation available for troubleshooting is sparse. I have learned a lot of great tricks over the years by trial and error.

Run Graylog with Docker Compose on Unraid

Sun, 27 Mar 2022 00:00:00 +0000

Introduction

Logging and traffic monitoring are of utmost importance in information security. Having searchable stored logs can allow visibility into a variety of critical activities related to a data breach.

For example, individual computer event logs can provide insight into an attacker’s lateral movement within an environment. Active Directory authentication logs can provide more detail into this lateral movement and even help to establish a timeline of this movement. Firewall logs can provide insight into an attacker’s first contact or the first time an attacker utilized a particular command or control domain. NetFlow logs allow visibility into how a user interacts with other devices internally.

Migrating from Wordpress to Hugo

Sun, 20 Mar 2022 00:00:00 +0000

Introduction

When I initially began posting publicly on this site, my goal was to be able to host my site fully with Docker for containerization. I hadn’t experienced any other decent blogging platform besides WordPress at the time, and I was bent on getting WordPress self-hosted with Docker.

This goal was achieved, and my first public post details how I used docker-compose to deploy my blog using containers for WordPress and Traefik.

Privacy Policy

Thu, 10 Mar 2022 00:00:00 +0000

									<h1>Privacy Policy for WhiteMatterTech</h1>

At WhiteMatterTech, accessible from https://whitematter.tech, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by WhiteMatterTech and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

Log Files

WhiteMatterTech follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information. Our Privacy Policy was created with the help of the Privacy Policy Generator.

Terms and Conditions

Thu, 10 Mar 2022 00:00:00 +0000

Terms and Conditions

Last updated: March 14, 2022

Please read these terms and conditions carefully before using Our Service.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of these Terms and Conditions:

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Tails OS with Encrypted Persistence on Unraid as a VM

Mon, 24 Jan 2022 00:00:00 +0000

This post will show you how to run Tails OS as a VM with the Persistence feature enabled.

Running Tails as a VM is not recommended generally as it defeats many of the security features in Tails. For example, virtualization requires that you trust the hypervisor host, as the hypervisor has extra privileges over a VM that can reduce security and privacy of the VM.

I recommend reading Tails’s official documentation about virtualization considerations before continuing: https://tails.boum.org/doc/advanced_topics/virtualization/

Xbox2Discord: How to Forward Audio from Xbox Live to Discord

Fri, 07 Jan 2022 00:00:00 +0000

If you game on PC, you probably have Discord installed to chat with your friends as you game. Discord has relatively decent audio, and it far surpasses the in-game chat capabilities built into most games.

When gaming cross-platform, however, you’re stuck either using in-game chat or the tedious Xbox Companion app with limited controls and annoying party configs.

This post will show you how to configure a setup to forward audio from an Xbox party directly to Discord, and visa versa. This way, you can game with your Xbox friends and still use the far superior Discord.

Arduino MQ-3B Ethanol Sensor: Behavioral Neuroscience Research

Sat, 11 Dec 2021 00:00:00 +0000

Introduction

Recently, I had the opportunity to collaborate with a university research lab to build some vapor sensors to roughly measure ethanol (EtOH) vapor within an operant chamber. This project was a lot of fun.

With extremely limited circuit documentation on the web and never having personally used Arduino before, there were a lot of interesting hiccups I ran into. Overall, this project was a bit out of my wheelhouse, but with much determination, the finished product turned out rather nicely.

How to Access Twitter Without an Account, Anonymously

Fri, 19 Nov 2021 00:00:00 +0000

Interestingly, after my previous post describing how to route Docker containers through VPN on Unraid, I received a substantial lot of questions via email about my hints at accessing Twitter anonymously. This post is my response to those questions, and I will describe my workflow to access Twitter feeds anonymously, without an account.

This post will assume you have read my post on how to route Docker containers through VPN on Unraid or that you already know how to accomplish this. If you do not, start here.

How To Do An In-Place Upgrade To Windows Server 2022

Fri, 19 Nov 2021 00:00:00 +0000

I recently had to upgrade two domain controllers to Windows Server 2022. The main controller was still on Windows Server 2016 while the secondary was Windows Server 2019. Both in-place upgrades went without issue.

Both servers were running Hyper-V, Bitlocker, and AD Controller. The 2019 server had an SMTP server that it was running, but Microsoft has deprecated the SMTP stack and associated management tools, including the IIS tools. There very well may be other deprecated software or tools, and I highly recommend searching for specific functionality you utilize on your Win Servers before attempting the upgrade.

How to Route Any Docker Container Through VPN in Unraid

Wed, 17 Nov 2021 00:00:00 +0000

Today’s post will cover how you can route any Docker container through a VPN.

There are many reasons you might want to route a Docker container through a VPN. Some common considerations are privacy, anonymity, and security.

I always recommend a VPN provider that values privacy, and in your search, you should consider providers that do not keep access logs that can be tied back to you (I use Private Internet Access [PIA]).

The Ultimate Coffee Gear List for WFH

Fri, 15 Oct 2021 00:00:00 +0000

Many of us have had the pleasure (or the curse) of working from home (better known as WFH on social media or your company Teams chat) over the COVID-19 pandemic. I, for one, welcomed the increased WFH time, but the lack of open and available coffee shops over the time was definitely a bummer (among other things, obviously).

While designing cloud architecture or developing organizational NIST-compliant security policies, I require the aromatic scent of freshly ground espresso or single-origin coffee beans followed by an exquisitely crafted cortado or glass of nitro cold brew.

How to Run a Locally Hosted Docker Registry GUI with Harbor

Mon, 04 Oct 2021 00:00:00 +0000

For this post, I will show you how to easily run a Docker Registry GUI with Harbor. I am running Docker on a Ubuntu VM. Therefore, my registry will be run through Docker, and the container will reside on a Ubuntu VM. This tutorial will use docker-compose to build the required containers.

Download and Expand the Harbor Installer

wget https://github.com/goharbor/harbor/releases/download/v2.3.1/harbor-offline-installer-v2.3.1.tgz

tar -xzf harbor-offline-installer-v2.3.1.tgz

cd harbor/

Generate SSL Certs - INTERNAL ONLY

These steps should only be taken if you plan to use your registry internally. If you plan to host your registry for external access, you should obtain certs from a trusted CA to use. With that said, these steps will work on a Linux host only (if you are using Windows, you could use WSL to follow these steps).

How to Run AlienVault OSSIM as a VM on Unraid

Fri, 01 Oct 2021 00:00:00 +0000

Introduction

For this post, I will show you how to setup Unraid to run AlienVault OSSIM as a VM. OSSIM is a powerful open-source SIEM that you can leverage on your network for free. I use OSSIM for network-wide vulnerability scanning and endpoint host intrusion detection.

OSSIM’s integrated HIDS is a fork from OSSEC. Additionally, OSSIM integrates with Open Threat Exchange (OTX), which can be installed on Windows, Mac, and Linux endpoints and servers for an up-to-date, open-source vulnerability scanning tool. I deploy the OTX installer via my free Mosyle account (MDM for MacOS) and Intune (MDM for Windows).

Usability Evaluations: Findability

Tue, 28 Sep 2021 00:00:00 +0000

Abstract

This review investigated findability and its relationship to usability and usability evaluations. Definitions of usability, findability, usability evaluations, and other sub-components of these terms including navigability are discussed, and the importance of research studies using similar terminologies is considered. A series of six usability evaluation studies is presented, and the terminologies presented in each are described. Goals, findings, and conclusions of each study are considered, and applications from the conclusions are drawn. This review concludes that clear definitions of these topics are crucial to successful implementation of various study methodologies and presentation of results. The review further concluded that, based on the available research, findability is a critical factor of usability that, when effectively present, leads to greater usability and overall user satisfaction of a product or website.

A Quick Note on Leading Geographically Dispersed Teams

Mon, 27 Sep 2021 00:00:00 +0000

The ability for geographically dispersed teams to interact, engage, and collaborate effectively is a concern for increasing numbers of corporations, teams, and leadership, especially in the post-COVID-19 era workplace. Adoption of technological solutions for computer-mediated communication can mitigate some of the inherent complexities and difficulties of the geographical dispersion problem, and research teams have increased efforts to both understand the problem and design groupware solutions to support virtual team collaboration (Morrison-Smith & Ruiz, 2020). Researchers suggest that, along with the physical demands of distance for virtual teams, leaders should consider cognitive, social and emotional concerns at the forefront of the discussion in order to best address the problems and create a positive collaborative environment (Morrison-Smith & Ruiz, 2020).

How to Connect to Your Unifi Dream Machine or UNVR with SSL from Let's Encrypt

Wed, 22 Sep 2021 00:00:00 +0000

Update 05/09/2022: The conclusions of this post will route your traffic externally, requiring your local devices to reach external DNS servers (e.g., in my case, CloudFlare) in order to resolve your Unifi Gateway address. If you want to handle all of this completely locally/internally, check out my newer post: HTTPS for Internal Resources

Alright, if you have a Unifi device like a Dream Machine, Dream Machine Pro, UNVR, CloudKey, or other device, you likely have been met with the dreaded red triangle followed by the tedious words, “Your connection is not private.”

How to Easily Run A Reverse Proxy using Docker

Tue, 17 Aug 2021 00:00:00 +0000

Reverse proxies are powerful tools used typically to forward client traffic to a server. In contrast to a forward proxy, a reverse proxy sits in front of web servers or other servers and forwards client traffic to the appropriate server. In this post, I will show you how to easily setup a reverse proxy using Docker, forward the necessary ports to the reverse proxy, and configure the reverse proxy to forward traffic to various servers on your network. Specifically, I will show how to setup the reverse proxy for se with WordPress, though the applications of this reverse proxy are endless!

Live Better with Circadian Lighting

Tue, 25 May 2021 00:00:00 +0000

A Little Background and Some Thoughts

With today’s technology, we are constantly bombarded with High Energy Visible (HEV) blue light from our screens as well as inconsistent lighting throughout the day within our homes and workplaces. Like all mammalian species, we humans have our own circadian rhythms which occur naturally and are vitally important to our health and well-being. Rather than writing an essay on the importance of our natural circadian rhythms, check out the educational write-up from the NIH here. Hopefully this will help explain the “why” of this particular post.

How to Add VLAN Segmentation for HomeKit IoT Devices with Unifi

Fri, 09 Apr 2021 00:00:00 +0000

IoT Overview

The smart world of Internet-of-Things (IoT) devices is ever growing. From everyday lightbulbs to the sprinkler out front, just about every household appliance and utility has a smart-counterpart. For example, my smart home is fully Apple HomeKit compatible and consists of a Hue bridge with lightbulbs, Lutron Caseta smart dimmers/switches, Eve Aqua outdoor water hose control, iSmartGate garage door opener, Schlage deadbolt, Eve motion sensor, Sonos speakers throughout the house, a Vocolinc oil diffuser, Vocolionc power strip, a couple iRobot Roomba vacuum cleaners, some Vocolinc pluggable outlets, an Ecobee thermostat to replace each analog thermostat in the house, and a Unifi G4 Doorbell (the doorbell is not technically compatible with HomeKit, but I added support with a third-party tool known as “Homebridge”). On top of all these smart home devices, I have a handful of other Unifi Protect cameras around my property.

How to Harden Your Network Security for Your In-Home Web Hosting

Tue, 06 Apr 2021 00:00:00 +0000

Overview

The purpose of this post is to provide some tips to address some network security concerns when hosting an externally-facing web server from a device within your home network. For this post, I will be using Unifi networking gear. My screenshots will be of the Unifi controller on my Unifi Dream Machine Pro (UDMP), but I will do my best to overview the concepts so you can replicate with your own networking gear. Let’s get started!

Host Your Own Free Wordpress Site with Traefik and Docker

Fri, 02 Apr 2021 00:00:00 +0000

Update 03/20/2022: I no longer host my site with Traefik, and my site is no longer built on WordPress. I now host my site internally using an Nginx proxy hosted in Docker. My site is built with Hugo. Learn more about my transition from WordPress to Hugo on my post here: Migrating from WordPress to Hugo

My first post will, appropriately, show you how to build your own self-hosted Wordpress site utilizing Docker (just like this site)! For this setup, I am using a Ubuntu bare-metal machine behind a Unifi Dream Machine Pro . You can use a VPS or an OS on bare-metal capable of running Docker (for this tutorial though, we will use tools only applicable to Ubuntu, but you can make adjustments where necessary if you are familiar with Docker and choose not to use Ubuntu). Check out this project’s GitHub page for examples and help.

WhiteMatterTech

ADSB on Kubernetes

Setting Up an ADS‑B Flight Tracker with a Cheap Antenna on Kubernetes (RKE2 and ArgoCD)

Using a New NTLM Hash Lookup Bulk Check API

Using a New NTLM Hash Lookup Bulk Check API

ADSB

W3RDW Blog - First Post

Setting Up an ADS-B Flight Tracker with a Cheap Antenna and Docker on Ubuntu

A Roadmap to a Rewarding Career in Cybersecurity: A Guide for Beginners

Introduction

Unlocking Digital Transformation: The Crucial Role of IT Services

Introduction

1. Technology Assessment and Planning

My Encrypted Matrix Server with Docker-Compose

Overview

Short Cybersecurity Note

Policy Based Routing with Unifi, PIA, and pfSense: How I Route My IoT External Traffic through PIA VPN

Introduction

How to Use pfSense and Unifi to Anonymize and Encrypt VLAN Tagged Traffic

#UPDATE 11/05/2022

Introduction

How to Run Dockerized MacOS on Unraid

Introduction

Cloudflare Static Site Hosting

Introduction

Cloudflare Tunneling to Internal Resources with Cloudflared

Introduction

'Split-Brain DNS' for Internal HTTPS with Let's Encrypt

Introduction

Manage Linux Logs on AlienVault OSSIM

Introduction

Run Graylog with Docker Compose on Unraid

Introduction

Migrating from Wordpress to Hugo

Introduction

Privacy Policy

Log Files

Terms and Conditions

Terms and Conditions

Interpretation and Definitions

Interpretation

Definitions

Recommended Products

Homelab Networking and Security

Tails OS with Encrypted Persistence on Unraid as a VM

Xbox2Discord: How to Forward Audio from Xbox Live to Discord

Arduino MQ-3B Ethanol Sensor: Behavioral Neuroscience Research

Introduction

How to Access Twitter Without an Account, Anonymously

How To Do An In-Place Upgrade To Windows Server 2022

How to Route Any Docker Container Through VPN in Unraid

The Ultimate Coffee Gear List for WFH

How to Run a Locally Hosted Docker Registry GUI with Harbor

Download and Expand the Harbor Installer

Generate SSL Certs - INTERNAL ONLY

How to Run AlienVault OSSIM as a VM on Unraid

Introduction

Usability Evaluations: Findability

Abstract

A Quick Note on Leading Geographically Dispersed Teams

How to Connect to Your Unifi Dream Machine or UNVR with SSL from Let's Encrypt

How to Easily Run A Reverse Proxy using Docker

Live Better with Circadian Lighting

How to Add VLAN Segmentation for HomeKit IoT Devices with Unifi

IoT Overview

How to Harden Your Network Security for Your In-Home Web Hosting

Overview

Host Your Own Free Wordpress Site with Traefik and Docker