This is an old talk which I think is still fairly relevant in 2020. Apart from this talk I co-authored a book on the subject Security Automation with Ansible 2 System Hardening using Ansible I presented this talk at AllDayDevOps 2016. It was fairly well received and the ideas presented here resonated with the audience. If you are here for the materials, please follow the links Talk Materials Links Slides on Speakerdech Slides on Speakerdeck Slides as PDF for download Slides as PDF Video of the talk YouTube Video !
Postman URL Handler in Ubuntu for Desktop Integration Create a desktop file Create the following file ~/.local/share/applications/Postman.desktop Encoding=UTF-8 Name=Postman Exec=/path/to/applications/Postman/app/Postman %U Icon=/path/to/applications/Postman/app/resources/app/assets/icon.png Terminal=false Type=Application Categories=Development Run the following commands xdg-mime default Postman.desktop x-scheme-handler/postman xdg-settings check default-url-scheme-handler postman Postman.desktop
Tidying up Docker Containers and Images using the command line Over time I have accumulated a lot of Docker containers and images. Just like virtual machines (VMs), I tend to keep the containers in stopped mode till I need them running. This ensures my laptop RAM isn’t being used up when I don’t need it to. But recently disk space was low and I realised that I could reclaim some of it.
Doing SecOps using Cloud Native Slides with my notes for download I gave a talk on 26th April 2019 at the Cloud Security Conference by ISC2 Bangalore. Abstract SecOps or Security Operations is changing enterprise IT the same way how DevOps transformed enterprise Dev. By leveraging Cloud Native Services such as Serverless (Cloud functions, Lambda), Container runtimes (Docker) and Container schedulers (Kubernetes) we can bring in near real time detection and blocking of security attacks, analyse incidents and even remediate potential security holes before they become a problem.
Reaching my goal weight and talking about coaches and coaching I was on a diet since 29th of October 2016. On 31st August 2018, I reached my goal weight. It was the 672nd day of my diet. Before I tell you more here is the obligatory before/after pic. Whilst I am not very keen to share what was my total weight loss in kgs, I do want to point out that I persevered on my diet for over 670 days.
While most people have moved to sites like Medium, I have finally decided it is time to blog and that too on my own website. The only concession is that I will be using a static site generator Hugo and deploying using CI/CD offered by Netlify.
Web development is hard. Secure web development is harder. Running applications on the internet without security incidents is almost impossible. A non-exhaustive list of infrastructure services that you rely on for running any website. The following are references for the talk given at Microsoft Ventures Accellerator on 28th April 2015 References General An illustrated guide to computer security Security News Hackers temporarily take control of Tesla’s website and twitter Fundamentals DNS Resource Records Tools DNS Recon DNS Recon Using DNS Recon tool DirBuster DirBuster Using DirBuster Video Using DirBuster like a pro wfuzz wfuzz wfuzz basics Bruteforcing web applications webslayer a similar tool fuzzdb fuzzdb Using fuzzdb for testing website security Web app URLs default list web app urls pwnwiki cewl cewl - Wordlist generator Concepts Ocean’s 11 Movie Plot Trust OWASP OWASP OWASP Top 10 OWASP Top 10 OWASP Mobile Top 10 OWASP A1 Injection Injection Exploits of a Mom Bobby Tables SQL Injection Command Injection XXE OWASP A3 Cross Site Scripting XSS Apache.
Security is always a concern. Microservices make some things easier to secure and somethings need to be paid attention to. List of security issues to think about Network Layer of each service needs protection for exposed ports DNS, NTP are critical infrastructure resources when everything hinges on service discovery Each service requires transport layer security, request authentiaction and based on requirement additional authorization information Logs etc. required for audit trails need to be captured, stored and observed If services are geographically distributed, enabling TLS on them exposes the services to OSINT due to certification transparency logs Network, Transport and Ports Typically all services listen on TCP ports providing high level functionality wrapped in HTTP or RPC
Step 1 SSH to the kali box ssh root@kali Now we create a weird tunnel thing ssh -L 8001:localhost:8002 email@example.com -t ssh -D 8002 firstname.lastname@example.org Now in Burp Suite in Kali give the following for SOCKS proxy. `Socks Proxy Host` 127.0.0.1 `Socks Proxy Port` 8001 Note: You can also use socat in TCP forwarder mode and forward the local 8001 port to other interfaces so that you can proxy directly using your host computer.