https://blog.agood.cloud/ Recent content on Welcome Hugo -- gohugo.io en-us Sun, 15 Jan 2023 00:00:00 +0000 https://blog.agood.cloud/posts/2023/01/15/creating-a-netcat-pivoting-lab-using-k8s/ Sun, 15 Jan 2023 00:00:00 +0000 https://blog.agood.cloud/posts/2023/01/15/creating-a-netcat-pivoting-lab-using-k8s/ So Kubernetes is something I’ve been meaning to play with for a while now, but I didn’t really have a good enough use case to really try it out. Docker was doing what I needed it to do without the complexity of Kubernetes so I was all good. I tried getting into Kubernetes a few years ago, watched plenty of videos but it all kind of fell by the wayside, and was eventually forgotten about. https://blog.agood.cloud/posts/2023/01/03/sans-sec504/ Tue, 03 Jan 2023 00:00:00 +0000 https://blog.agood.cloud/posts/2023/01/03/sans-sec504/ I’ve been fortunate in that my workplace has sponsored me to take the SANS SEC504 - Hacker Tools, Techniques and Incident Handling as a 4 month on-demand course. This is the second SANS course that I have been fortunate enough to attend. The first one was the SEC511 - Continous Security Monitoring back in 2016, which was done on-site over 6 days. I have to say that with the amount of content thats jammed into these courses, I found that on-site was a struggle for me. https://blog.agood.cloud/posts/2022/12/23/using-mitre-attack-navigator-locally/ Fri, 23 Dec 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/12/23/using-mitre-attack-navigator-locally/ In my last post about the MITRE attack Navigator I covered how you can create multiple layers and then aggregate them together which is all well and good until you realise, that if you wanted to see that level of detail each time you accessed the Attack Navigator you need to specify that json file. This is where this post comes in. Its quite a straight forward process to host your own navigator and further customise it to suit your needs. https://blog.agood.cloud/posts/2022/12/17/doing-more-with-attack-navigator/ Sat, 17 Dec 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/12/17/doing-more-with-attack-navigator/ MITRE ATT&CK. Its the bread and butter for Security Operations Centres. But how are you tracking what you can detect? Does your SIEM have a built in tool?, Perhaps you have you straight up copied the matrix into Excel? or keeping score in a text file? You may or may not be aware of the online version of the MITRE Navigator. Theres heaps of functionality, allowing you to apply custom colors, heat mapping to score tallies, show all the tactic/technique ID’s as well as export functionality to Excel/SVG/JSON. https://blog.agood.cloud/posts/2022/12/07/ssh-honeypot-with-fail2ban-and-aws-sqs-to-misp/ Wed, 07 Dec 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/12/07/ssh-honeypot-with-fail2ban-and-aws-sqs-to-misp/ So I wanted to do something which has been done many times before and that was to create an SSH honeypot for some threat intelligence collection purposes. The twist to this is that I want to send the results to MISP and I came across a few hicups along the way. Ive previously blogged about Fail2Ban and it got me thinking, what if I added a secondary action to send the resulting banned ip into MISP. https://blog.agood.cloud/posts/2022/07/02/thehive5-webhooks/ Sat, 02 Jul 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/07/02/thehive5-webhooks/ When it comes to online applications some of the best functionality comes when you can programmatically tap into it as it creates countless opportunities to customise and extend the functionality to suit your needs without having to modify the underlying application. In the Context of TheHive, the API will allow you to query, post or search data which can aid in the lifecycle of an incident as well as create alerts and cases programmatically. https://blog.agood.cloud/posts/2022/06/20/docker-config-thehive5-with-cortex-and-n8n/ Mon, 20 Jun 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/06/20/docker-config-thehive5-with-cortex-and-n8n/ I’ll start by saying, that I have done these sorts of posts in the past where I have stood up TheHive and reverse proxies etc using a docker-compose file so the basic configuration etc is going to be heavily borrowed except for some minor tweaks. I am still old school so this isnt a configuration you would want to run for mission critical services, however there is a guide for how to use Docker in Production. https://blog.agood.cloud/posts/2022/06/12/thehive5/ Sun, 12 Jun 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/06/12/thehive5/ TheHive. You know i’m a huge fan of this Incident Response platform with many blog posts dedicated to it including how you can integrate and interface with it. Over the years TheHive has been on a journey and has matured and stabalised. Now with a new code base the developers have taken full control of the licensing for version 5. I do however have mixed feelings about this. On one hand i’m sad that TheHive no longer open source. https://blog.agood.cloud/posts/2022/06/08/681-days/ Wed, 08 Jun 2022 00:00:00 +0000 https://blog.agood.cloud/posts/2022/06/08/681-days/ Wow, its been a while….. 681 days since my last post. What the hell happened? I’ve been slack. I’ve wanted to keep up the blogging and documenting cool open source stuff but its been a hectic few years. You know, pandemic and such. So heres a little recap of my life since the last post. Kept up the routine of my 12Km New Years hike up a mountain (twice) Sold my house just before the COVID-19 pandemic went into full swing and Melbourne got locked down for what seemed like an eternity Moved house Bought a block of land Designed a floorplan for a new house Had said house built Moved house again Worked a few security incidents at work Learnt a lot about Splunk Phantom and SOAR Started building a new homelab Built a NAS using a few ODROIDS, and glusterfs Played around a fair bit with Home Assistant, ESP32 devices and Grafana Doesnt seem like a lot to squeeze in during that time. https://blog.agood.cloud/posts/2020/09/27/cylance-cybot/ Sun, 27 Sep 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/09/27/cylance-cybot/ Recently I attended a webinar in which the presenter from Blackberry Cylance was talking about this tool that they created called Cybot. This tool is a chatbot designed for SOCs to hopefully speed up triagae its offerings. Turns out Cybot is a pretty nifty tool and has integrations to various chat platforms like Slack and Microsoft Teams. Installation Steps There are a number of prereqs required to stand up this app. https://blog.agood.cloud/posts/2020/09/04/using-thehive4-webooks-to-create-microsoft-teams-cards-via-nodered/ Fri, 04 Sep 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/09/04/using-thehive4-webooks-to-create-microsoft-teams-cards-via-nodered/ One of the most powerful features of TheHive has to be the outgoing webhooks. You make any modification to any case, task, observable etc and if configured, the outgoing webhooks will do with it what you will. I’ve written a few blog posts about TheHive webhooks, and my platform of choice has been Nodered for this. With a highly extendable and easy to use graphical drag and drop interface, it makes it easier to visualise your workflows. https://blog.agood.cloud/posts/2020/08/28/upgrading-cortex-3-0-1-es5-6-to-cortex-3-1-0rc1-es7-8/ Fri, 28 Aug 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/08/28/upgrading-cortex-3-0-1-es5-6-to-cortex-3-1-0rc1-es7-8/ In my last post, I covered how I went about upgrading TheHive from 3.4 to 3.5RC1 along with a double upgrade of Elasticsearch. Well now its Cortex’s time. Cortex 3.1.0 also uses Elasticsearch 7.8 so we are in for a similar upgrade process. Depending on your reliance on Cortex it may be a nice addition to TheHive that is rarely used, or it may be critical to your operation. Either way, getting to the latest version is desirable as there are always welcome bug fixes and improvements with error handling, reporting and general integration. https://blog.agood.cloud/posts/2020/08/22/upgrading-thehive-3-4-0-1-es5-6-to-thehive-3-5-0rc1-and-es-7-8/ Sat, 22 Aug 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/08/22/upgrading-thehive-3-4-0-1-es5-6-to-thehive-3-5-0rc1-and-es-7-8/ TheHive 3.5.0 RC1 has now been released and my environment is in a bit of a shambles for this upgrade. You see when I performed my upgrade of TheHive 3.2.1 to 3.4.0 I elected to not upgrade to ElasticSearch 6.8 at the time as I wanted to do some more testing on it. I told myself, TheHive 3.4 was working just fine using Elasticsearch 5.6, so I never went ahead with the Elastic part of the upgrade. https://blog.agood.cloud/posts/2020/08/16/data-migration-from-thehive3-to-thehive4/ Sun, 16 Aug 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/08/16/data-migration-from-thehive3-to-thehive4/ Well its been a few months since I have written anything on my blog. Its not that I’ve been lazy, well OK its because I’ve been a little lazy and that I have been chasing squirrels and playing around with Home-Assistant and other various pieces since being in lockdown. I have also lacked the motivation to get something down in writing. Anyway, on with what I wanted to write about…. https://blog.agood.cloud/posts/2020/06/16/book-review-operator-handbook-search-copy-paste-l33t/ Tue, 16 Jun 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/06/16/book-review-operator-handbook-search-copy-paste-l33t/ Netmux’s Operator Handbook is 436 pages of infosec technology references with a seemingly never ending list of acknowledgements and contributors. I also love that there’s a section dedicated to Health & Wellness right at the start of the book. It’s a timely reminder that life will take everything that you give to it and more but our mental health needs to be looked after. The common signs and symptoms to look out for are put to paper, and more importantly details on how to get help and build a support system which is relevant for you, colleagues, friends, family and loved ones. https://blog.agood.cloud/posts/2020/06/14/adding-thehive-case-data-to-splunk/ Sun, 14 Jun 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/06/14/adding-thehive-case-data-to-splunk/ TheHive dashboards, while they are great at showing data counts and displaying then as graphs, there is one feature that was lacking in that it cant display a data table of what those cases are. So while you can build a dashboard to get a snapshot of where your team is at, you can’t see what cases and task that are in play. While there is an open issue to add this functionality, I thought i’d try something a little different with TheHive to fill that gap, and export the case and task data into a Splunk kvstore and build it out that way. https://blog.agood.cloud/posts/2020/05/41/book-review-defensive-security-handbook/ Sun, 31 May 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/05/41/book-review-defensive-security-handbook/ Recently I purchased a few infosec books, one of them being the Defensive Security Handbook written by Lee Brotherston & Amanda Berlin. While this book was written back in April 2017, the information contained within is still very relevant today and will give the reader a sound footing when it comes to what you need to have as a secure baseline in your environment. There are 21 chapters that can be read from cover to cover, or each in isolation. https://blog.agood.cloud/posts/2020/05/16/thehive_rc1-to-rc2-upgrade/ Sat, 16 May 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/05/16/thehive_rc1-to-rc2-upgrade/ With my Java issue sorted out now, here are the steps to upgrade TheHive from RC1 to RC2. This is a dirty upgrade, but since TheHive is still in Release Candidate status, we can get away with upgrading like this. Ordinarily you should ensure that you have your system backed up in case there are breaking changes. Stop TheHive service sudo service thehive stop Update apt repositories and upgrade May as well apply all the security updates while I am at it. https://blog.agood.cloud/posts/2020/05/12/thehive_4_0_0-rc2_last_error_connection_refused/ Tue, 12 May 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/05/12/thehive_4_0_0-rc2_last_error_connection_refused/ I was so excited at the thought of all the cool new features that have popped up in TheHive v4.0.0-RC2 that I went straight onto my lab to give it a spin. Little did I know that my system was broken before I even started and I spent the best part of a few hours trying to figure out what exactly happened. For a brief moment I did consider burning the lab down and just rebuilding it, but I asked myself what would happen if this were a prod system? https://blog.agood.cloud/posts/2020/05/07/thehive-in-docker/ Thu, 07 May 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/05/07/thehive-in-docker/ Docker is something that i’ve not fully embraced to date, I know, I know… I’m a little late off the mark, but as I get to know Docker more, I can see that it has some worthwhile advantages for me in some of the projects I use and generally getting to know technology is never a bad thing. For instance, why spin up a single server for a service that only has 1 of the 65535 ports used when 99% of the time that server will most likely be idle. https://blog.agood.cloud/posts/2020/04/28/adding-traefik-reverse-proxy-to-opencti/ Tue, 28 Apr 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/04/28/adding-traefik-reverse-proxy-to-opencti/ Well this one was a bit of a learning experience for me. You see I have dabbled in the past with Traefik which seems to fit naturally when it comes to reverse proxy and Docker, but my efforts have come up short in the past through no fault but my own. Perhaps it was the fact I was trying to run before I could even crawl. Not to worry though. https://blog.agood.cloud/posts/2020/04/24/adding-misp-to-opencti/ Fri, 24 Apr 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/04/24/adding-misp-to-opencti/ While im still getting myself familiar with OpenCTI and building out an actor profile, I thought I’d link it up with my MISP instance. OpenCTI provides a connector to do this which will require an update to the docker-compose.yml file and an update of the stack. If you have been following along, this post is a continuation of Installing OpenCTI. To add the MISP connector, login to Portainer and select Stacks, opencti. https://blog.agood.cloud/posts/2020/04/22/opencti-installation/ Wed, 22 Apr 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/04/22/opencti-installation/ OpenCTI is an open source Cyber Threat Intelligence platform that provides a powerful knowledge management database for storing, organising and sharing knowledge about cyber threats and uses the STIX2 schema for it structure. It has been designed for CTI analysts. The platform is built on Modern technologies of Grakn, GraphQL, Elastic, RabbitMQ, Redis and React. The project is available as a docker image which make installation simple. While I’m probably not going to do the best job of talking up the full feature set of this platform, you can view more about it on their website and github page. https://blog.agood.cloud/posts/2020/03/13/thehive-v4-more-config/ Fri, 13 Mar 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/03/13/thehive-v4-more-config/ This post is a continuation of TheHive v4 RC1 in that I am providing the instructions to add Internal Authentication to Cassandra as well as a reverse proxy so we can connect back to TheHive with https. Add Internal Authentication to Cassandra It is recommended that you don’t allow access to the cqlsh unless there is some sort of authentication mechanism attached to it. There are too many horror stories of databases being dumped, and the internal authentication will make it that little bit harder to access from the cqlsh shell. https://blog.agood.cloud/posts/2020/03/11/thehive-v4-rc1/ Wed, 11 Mar 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/03/11/thehive-v4-rc1/ TheHive version 4 RC1, it’s here, its been here for a solid few weeks and I’m only just getting around to checking it out now. The new update looks to include a few nice features and a welcome back end technology refresh which should keep the platform in support for a good while yet. At this stage, I would not suggest attempting to either upgrade your existing version 3 installations to version 4, or run a clean install as your main case management production system if you’re just starting out, but get to know this version by spinning up a new virtual machine because when the time comes around, you will give yourself a good leg up. https://blog.agood.cloud/posts/2020/03/05/unifi-site-migration/ Thu, 05 Mar 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/03/05/unifi-site-migration/ I’ve been a little absent of late. I’ve been quite busy at home having to get a few last minute things, like additional landscaping, pressure cleaning concrete, putting together flat pack furniture for my house in preparation for sale. Which brings me to why I’m writing this this post. I am a huge UniFi fan having multiple devices in my home network installation which have been flawless since installation. A few of those components include a CloudKey controller and a number of UniFi Protect cameras which naturally became a bit of a selling point for the house. https://blog.agood.cloud/posts/202/01/25/cortex-3.0.0-to-3.0.1-upgrade/ Sat, 25 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/202/01/25/cortex-3.0.0-to-3.0.1-upgrade/ Cortex 3.0.1: The better logging edition has been released now. I am quite surprised that the developers were able to release a point upgrade out while they are working on the new major release of TheHive but I welcome it as it brings a number of fixes and enhancements which you can read about on TheHive project Blog. Some of the bug fixes will make my life easier as some logging issues have been corrected which will make testing and developing responders for Cortex less painful. https://blog.agood.cloud/posts/2020/01/22/welcome-to-2020/ Wed, 22 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/01/22/welcome-to-2020/ Well what a write off of a year so far. Over the Xmas break, I wasn’t able to get in as many hikes as I would like due to the terrible fires we have had over the last few months. Given the air quality has been rated as hazardous, I’ve erred on the side of caution, not wanting to fill my lungs with it. I was however able to write up the 3 that I did. https://blog.agood.cloud/posts/2020/01/17/thehive-cortex-automated-build-with-vagrant/ Fri, 17 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/01/17/thehive-cortex-automated-build-with-vagrant/ I’ve blogged quite a bit about TheHive and Cortex to date, so much so that the wonderful people over at TheHive-project have added this blog onto the Blogs & Articles section of TheHive’s curated Awesome List. Its seems The more I write, the more I realise how much more there is to write about this stacks ability and feature set. Throughout the course of the last year, I wrote a 12 part series about standing up TheHive, MISP and Cortex detailing my experiences in how to install, integrate and upgrade each of them. https://blog.agood.cloud/posts/2020/01/12/mt-riddell/ Sun, 12 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/01/12/mt-riddell/ For the last 4 years on New Years day, I like to start the year off right, get up nice and early and take a drive out to Healesville to hike up Mt Riddell. Not sure how, why or when I decided that this was going to be a tradition, but I’d completed it a few times in the past and its kinda stuck now. New Years Day 2020 wasn’t going to stop that. https://blog.agood.cloud/posts/2020/01/09/stage1a-yarra-valley-trail/ Thu, 09 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/01/09/stage1a-yarra-valley-trail/ Our local council been quite busy over the years preparing a new 40km trail that is designed to connect with other trails in our area. The concept for this trail went back prior to Black Saturday fires in 2009 where parts of the old bridges were destroyed by fires and the project seemed to stall as a result. Recently stage 1A was opened which is a 7.5km trail from Lilydale to Yering. https://blog.agood.cloud/posts/2020/01/02/glasgow-firetrail/ Thu, 02 Jan 2020 00:00:00 +0000 https://blog.agood.cloud/posts/2020/01/02/glasgow-firetrail/ The Glasgow firetrail as its affectionately known as (it doesn’t have an official name) is a brutal unmarked track that follows a rocky riverbed up the side of Mt. Dandenong on the outskirts of Melbourne Victoria. It has an initial rise of about 400m over a distance of 1400m, or a 28% grade. It is as technically challenging navigating through the loose rock as it is physically demanding. It is also a much harder alternative than the popular 1000 steps track located on the other side of Mt. https://blog.agood.cloud/posts/2019/12/20/2019-thats-a-wrap/ Fri, 20 Dec 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/12/20/2019-thats-a-wrap/ What a crazy year its been for me. It started off with migrating my blog from WordPress to Hugo and setting up some additional AWS services to complement my domain and completing a few AWS based labs off the back of the AWS Certified Cloud Practitioner exam I sat in late 2018. I then started looking at some open source tools namely, Chris Long’s Detection Lab and Quasar RAT before starting a new role which mixed things up in a good way. https://blog.agood.cloud/posts/2019/12/18/thehive-webhooks-with-nodered/ Wed, 18 Dec 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/12/18/thehive-webhooks-with-nodered/ In my last post I wrote about Installing and Securing NodeRED. The reason behind this was twofold. First, NodeRED is pretty cool and I want to be able to do some more ETL (Extract, Transform, Load) operations for personal projects I want to start on and secondly, I’ve been looking into TheHive webhooks functionality and needed some way to drive it in a way that didn’t require hundreds of lines of bespoke python code. https://blog.agood.cloud/posts/2019/12/10/node-red-secure-installation/ Tue, 10 Dec 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/12/10/node-red-secure-installation/ Node-RED has traditionally been used for tapping into hardware devices and API endpoints to construct workflows in a drag and drop interface. It is quite extensible given you can add your own code and data manipulations. I’ve seen Node-RED used to connect into power metering hardware which cleans up the data feed, customises the output to multiple destinations (in this case Splunk and an output file). A quick YouTube search shows there are many possible home automations with Node-RED. https://blog.agood.cloud/posts/2019/12/05/making-thehive-soar-with-microsoft-power-automate-and-cortex/ Thu, 05 Dec 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/12/05/making-thehive-soar-with-microsoft-power-automate-and-cortex/ Security Orchestration and Automated Response (SOAR), its the natural evolution of where security teams are heading, and as our numbers in this space seems to never be enough, we look to SOAR tools to automate to free up our time to so we can spend it doing more productive things, like drinking coffee and threat hunting. Automation brings standard and repeatable processes which could just buy us that breathing space. https://blog.agood.cloud/posts/2019/12/02/blink-no-response/ Mon, 02 Dec 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/12/02/blink-no-response/ Defense in depth, it’s a good thing. But how much is too much? While you could argue that you can never have enough security, the answer to that question really is, how big is your wallet? You want the best of breed everything, then its going to cost you….. dearly, while it would be amazing if that level of cash could be splashed, its not always the case and its not always the best solution for your organisation. https://blog.agood.cloud/posts/2019/11/28/releasing-my-first-responder-for-thehive/ Thu, 28 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/28/releasing-my-first-responder-for-thehive/ Now that I’ve gone through a series on TheHive, I’ve started to expand on the capabilities of this DFIR platform by starting to write my own Responders. Responders are essentially a way to perform an enhancement action on a given case, alert or observable. The built in Responders from the Cortex GitHub repo include a responder that will email the case or alert details to you as well as responders that interface with CrowdStrike, QRadar, Umbrella and ZeroFox. https://blog.agood.cloud/posts/2019/11/26/fullstack-dev/ Tue, 26 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/26/fullstack-dev/ I’ll start with I am not a developer. I can script, and have been known to dabble in batch files, Pascal (remember that?) Visual Basic, VBS, PowerShell, C++, C# and Python, and using scripts I’ve been able to cobble up some amazing tools for myself and teams I’ve worked in. I’ve even attached nice looking GUI’s on my PowerShell scripts at times with MahApps or the lesser looking WinForms. These tools have only really been useful on the machine thats been running them. https://blog.agood.cloud/posts/2019/11/22/do-you-exif/ Fri, 22 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/22/do-you-exif/ I want to talk today about EXIF data and just how much of a double sword it can be depending on your use case. With todays modern technology it seems that every picture you take wants to have its geolocation information added to it if its connected to a GPS somehow, and if your camera just happens to be a mobile phone then this might just be happening. Take the following picture I took as an example: https://blog.agood.cloud/posts/2019/11/14/recaptcha-with-lambda-part-2/ Thu, 14 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/14/recaptcha-with-lambda-part-2/ In the previous article I covered all the steps and code that was required so that I can add a contact form with a reCaptcha on this very blog. These are the actual implementation steps I took to include them. Don’t worry the hard part has been done in part 1! Create contact form Using the client side HTML code I created the /content/contact.html file ensuring that I included the correct API Gateway URL’s for the post requests and the reCaptcha site key. https://blog.agood.cloud/posts/2019/11/12/recaptcha-with-lambda-part-1/ Tue, 12 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/12/recaptcha-with-lambda-part-1/ “You need to add reCaptcha to your webforms” - Its advice I’ve given out to security teams each time I see a malicious link or some spam pusher in the resulting email. Its the poor user who cops the brunt of them, increasing the chance of a click, increasing that chance of compromise. Reading through formspam is just a waste of time for everyone. I recall an instance where an internal securiy team miscofigured a tool they were using, set it to run overnight and that mailbox ended up with 35k+ emails in it. https://blog.agood.cloud/posts/2019/11/07/a-qualys-journey-from-a-to-a-plus-part-2/ Thu, 07 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/07/a-qualys-journey-from-a-to-a-plus-part-2/ In my last post, after updating the blog to use TLS1.2 and adding a CAA record thinking I would clear an A+ rating, I only retained an A rating. In this post I continue the journey striving for that A+ rating. Enabling HSTS It turns out that Mozilla observatory has a test you can also run, one that looks to be way stricter and they were not as impressed giving my site an F rating with a score of zero! https://blog.agood.cloud/posts/2019/11/04/a-qualys-journey-from-a-to-a-plus-part-1/ Mon, 04 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/04/a-qualys-journey-from-a-to-a-plus-part-1/ When it comes to your website, whats better than an A on your Qualys report? Why it has to be that A+! It might not seem like a big deal, but I still wanted to max out my score where I could. Little did I know I was about to get an education in the process. The Qualys SSL labs tester can be accessed via this URL https://www.ssllabs.com/ssltest/analyze.html. My initial report came back as follows: https://blog.agood.cloud/posts/2019/11/02/last-month-in-aws/ Sat, 02 Nov 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/11/02/last-month-in-aws/ Last month in AWS saw me rack up a bill of US$0.86 and with the terrible US/AUD exchange rate I’m out of pocket a whole AUD$1.30. As im playing around with new technology and integrating various services that AWS provides, I touched a few services this month, and discovered I should probably decommission services I’m not actually using anymore. No surpise to me that I excceded the free tier limits for S3. https://blog.agood.cloud/posts/2019/10/31/serverless-screenshots/ Thu, 31 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/31/serverless-screenshots/ This is a project that I have wanted to get working for some time now, but everytime I tried it, it failed on me. There was always some dependency error or some random obscure error. I’ve used url2png.com in the past to capture screenshots of malicious and unknown websites, and while I have scripts that replicate this functionality via PowerShell, I’m not comfortable running that script on a production machine at work. https://blog.agood.cloud/posts/2019/10/27/hugo-shortcodes/ Sun, 27 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/27/hugo-shortcodes/ This post I want to talk about how easy Hugo Shortcodes are to use and I’m totally kicking myself for not trying them out sooner! I have a number of blog posts that have turned into a blog series and I wanted to have some kind of Table of Contents or reference in them and doing this manually each time, for every post just wasn’t sustainable. If I wanted to make a minor change, then every post would need updating, and there would be all this extra markdown in the post. https://blog.agood.cloud/posts/2019/10/25/vlc-via-chromecast/ Fri, 25 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/25/vlc-via-chromecast/ Time poor. Always time poor. If theres any way I can achieve 2 things at the same time, then I’m going to take that option. Call it doing more with less if you will. Listening to a podcast or watching some training videos while exercising on a treadmill meets this need for me. There is only 1 problem with that, I have a monitor mounted on the wall above my treadmill and my computer is too far away to connect into it. https://blog.agood.cloud/posts/2019/10/23/the-lazange-project/ Wed, 23 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/23/the-lazange-project/ Warning - Dragons ahead The following post is for educational purposes only. The Lazagne project is a Python based tool that will attempt to extract username and password details from various applications on your Windows, Linux and Mac systems. As such, it would be considered a hacking tool. Portions of this tool have been adapted for use in the Qealler Malware. I decided that i’d run up a test Windows Virtual machine to run this against but can confirm that the tool works equally as well in Linux. https://blog.agood.cloud/posts/2019/10/21/podcast-roster/ Mon, 21 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/21/podcast-roster/ I’ve been listening to some podcasts of late…. 1200 hours in fact. 50 days worth of pods back to back. Well thats probably been over the course of a few years but you get the drift. I’ll listen to them on my travels to and from work, sometimes when im out walking and other times when I’m having a relax on the couch. My lineup is so full that I listen at chipmunk speed (1. https://blog.agood.cloud/posts/2019/10/19/part-ix-pokemon-value-over-the-long-term/ Sat, 19 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/19/part-ix-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX I’m changing my attention away from the value of Celestial Storm for the moment and onto some new sets I have been tracking. This time it’s Sun and Moon - Unbroken Bonds. https://blog.agood.cloud/posts/2019/10/17/lets-go-phishing/ Thu, 17 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/17/lets-go-phishing/ User awareness training, it matters, more than you think it does. These days security is everybody’s responsibility and not just those running your information security team. Defense in depth and technical controls are not foolproof and it only takes a single well crafted email and your organisation could be owned. People are the last line of defense so we need to train staff to adopt a critical mindset in the hostility of email. https://blog.agood.cloud/posts/2019/10/14/mailtrap_io/ Mon, 14 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/14/mailtrap_io/ Recently I’ve been working with python and smtplib to automate sending emails based off a template. The sending part of the emails worked flawlessly but I had issues where the emails were being delivered into the junk folder instead of the Inbox folder in Outlook. Now, if you’re going to a scripting emails to send out notifications, newsletters and general communications, losing your audience because the email gets trashed isnt ideal. https://blog.agood.cloud/posts/2019/10/12/wrapup-of-thehive-misp-cortex/ Sat, 12 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/12/wrapup-of-thehive-misp-cortex/ This is the formal end of this series but I wanted to write a quick conclusion peice, so this post is a reflection about this 4 in 1 open source threat and incident response platform and the journey to get there. All the other posts in this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP https://blog.agood.cloud/posts/2019/10/11/browsing-elasticsearch-with-kaizen/ Fri, 11 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/11/browsing-elasticsearch-with-kaizen/ Recently I had a few questions about what a particular Elasticsearch NoSQL Database was holding and I started poking using curl and the json search language, and for the untrained it can be daunting. Heaps of syntax, nesting and JSON arrays. It was overwhelming at first. On the plus side, its super granular so if you know exactly what you are looking for its super quick. Well I had a problem, I wasnt 100% sure what I was looking for and merely just wanted to browse the data for you know…. https://blog.agood.cloud/posts/2019/10/09/revamping-the-blog/ Wed, 09 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/09/revamping-the-blog/ It’s been just over 12 months since I’ve started bloging and this is now the 3rd iteration of the blog. First it was Wordpress on Lightsail. There was a cost involved and if you really want to make wordpress useful you need to add the security holes also know as plugins. It’s not that Wordpress was a bad solution, but I had no need for all the bells and whistles it could provide. https://blog.agood.cloud/posts/2019/10/05/upgrading-cortex/ Sat, 05 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/05/upgrading-cortex/ This is part 11 of the series about TheHive/MISP/Cortex and im covering off an upgrade of Cortex from 2.1.3 to 3.0.0. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex https://blog.agood.cloud/posts/2019/10/03/updating-misp/ Thu, 03 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/03/updating-misp/ This is part 10 of this series. In this part I’m updating multiple minor versions of MISP. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex https://blog.agood.cloud/posts/2019/10/01/upgrading-thehive/ Tue, 01 Oct 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/10/01/upgrading-thehive/ This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive https://blog.agood.cloud/posts/2019/09/29/integrate-misp-to-thehive/ Sun, 29 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/29/integrate-misp-to-thehive/ This is part 8 of the Cortex build. In this part I’m integrating TheHive with MISP and it doesnt go as smooth as I would have liked, but I got some good troubleshooting done in the process which I’ve documented. This will allow us to post observables to MISP from TheHive and vice versa! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive https://blog.agood.cloud/posts/2019/09/27/integrate-thehive-and-cortex/ Fri, 27 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/27/integrate-thehive-and-cortex/ This is part 7 of the TheHive/Cortex/MISP build. In this part I’m integrating TheHive with Cortex. This is where the real magic happens! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex https://blog.agood.cloud/posts/2019/09/26/setup-reverse-proxy-for-cortex/ Thu, 26 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/26/setup-reverse-proxy-for-cortex/ This is part 6 of the Cortex build. In this part I’ll add, configure and test out an analyser. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex https://blog.agood.cloud/posts/2019/09/24/adding-analysers-to-cortex/ Tue, 24 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/24/adding-analysers-to-cortex/ This is part 5 of the Cortex build. In this part I’ll add, configure and test out an analysers. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex https://blog.agood.cloud/posts/2019/09/22/building-cortex/ Sun, 22 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/22/building-cortex/ This is part 4 of TheHive/Cortex/MISP build. In this part were standing up Cortex. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive https://blog.agood.cloud/posts/2019/09/18/documentation-as-code/ Wed, 18 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/18/documentation-as-code/ The older I get the more I have come to despise Microsoft Word for technical documentation. In my world, documentation requires constant updates and periodic review and revision and when things go bad in Word which invariably happens, it goes really bad. Throw in multiple editors and multiple revisions over time and you usually end up with something that starts to lose its formatting over time and when your heading structure and auto-numbering breaks, well then all bets are off and sometimes your better off to spend the time and rewrite it. https://blog.agood.cloud/posts/2019/09/13/tcg-storage/ Fri, 13 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/13/tcg-storage/ So ive been collecting Pokemon since late 2016 now and during this time ive accumulated close to 2,000 cards. All the bulk is pretty much given away or stored in a not so cared for way. From the start ive sleeved the cards and then kept them in deck boxes, then another deck box, a larger deck box and so on all the way up to my current predicament, so I’ve been through various iterations of how to store these cards up to today. https://blog.agood.cloud/posts/2019/09/12/upgrading-thehive-3.2.1_1-to-3.4.0/ Thu, 12 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/12/upgrading-thehive-3.2.1_1-to-3.4.0/ Its upgrading time! Its been a while since ive visited TheHive and version 3.4.0 has been released. The astute reader will noticed that when I originally stood up my instance of TheHive I opted for version 3.3.1 and yes, that will be getting an upgrade, but the reason for this post is that this is a test run for the instance upgrade at work and thats what were using, so thats what im testing about. https://blog.agood.cloud/posts/2019/09/08/fail2ban-setup/ Sun, 08 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/08/fail2ban-setup/ Fail2Ban is a great piece of software to keep those who would try (and fail) to access your services. It’s easy to setup as well, and can be as complicated as you want. Firstly perform the install by using this command. This will perform the install and create a service so that when you reboot, fail2ban will automatically start. sudo apt install fail2ban The configuration I am going to be performing will be for sshd, however there are stacks of pre-configured jails that can be used, and if it doesn’t have a pre-canned option, if your app has a log file file, then it can be customised accordingly. https://blog.agood.cloud/posts/2019/09/08/part-viii-pokemon-value-over-the-long-term/ Sun, 08 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/08/part-viii-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX So the last time I talked about the progress of the Celestial Storm booster box was back in Feb 2019 and now we are around the 12 month mark since its release and there has been a fairly steady increase in value. https://blog.agood.cloud/posts/2019/09/06/too-much-time-has-past/ Fri, 06 Sep 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/09/06/too-much-time-has-past/ OK - so way too much time has passed since ive updated this blog. Way too much time. I guess its easy to become so bogged down with home life, study and work and ive had a bit on my plate of recent. In all this time that has passed sadly I feel like I don’t have much to show for it. On the work front, I’m nearly 6 months into a job i’m really loving, working with great people, awesome tech and a heaps to learn. https://blog.agood.cloud/posts/2019/04/29/building-misp/ Mon, 29 Apr 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/04/29/building-misp/ This is part 3 of TheHive/Cortex/MISP build. In this part were installing MISP. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive https://blog.agood.cloud/posts/2019/04/24/setup-reverse-proxy-for-thehive/ Wed, 24 Apr 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/04/24/setup-reverse-proxy-for-thehive/ This is part 2 of TheHive/Cortex/MISP build. In this part I’ll add a reverse proxy to TheHive. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex https://blog.agood.cloud/posts/2019/04/22/building-thehive/ Mon, 22 Apr 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/04/22/building-thehive/ This is the first post about my journey of standing up a TheHive/Cortex/MISP environment. Other posts can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive https://blog.agood.cloud/posts/2019/03/11/journaling-activity/ Mon, 11 Mar 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/03/11/journaling-activity/ Keeping a work journal is something I’ve been thinking about for years but never got around to finding the right solution. Having the ability to go back to any given day to see what I got up too is incredibly powerful as generally my day to day line of work is so busy that theres a good chance I’m not going to remember the things I did last week, let alone last month or last year. https://blog.agood.cloud/posts/2019/03/03/behind-quasar/ Sun, 03 Mar 2019 08:38:17 +1100 https://blog.agood.cloud/posts/2019/03/03/behind-quasar/ Warning - Dragons ahead The following post is for educational purposes only. I intend to show you what can happen if you get infected with a remote access tool (RAT) and just how easy it is to setup the Command and Control (C2) server. Don’t attempt to analyse malware on a system that you aren’t prepared to destroy and certainly do not be attempting this sort of analysis on ANY system you are not authorised for! https://blog.agood.cloud/posts/2019/03/01/last-month-in-aws/ Fri, 01 Mar 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/03/01/last-month-in-aws/ Last month in AWS saw me rack up a bill of US$3.52 and while I expected this to be lower compared to last month, it turns out I got a little trigger happy with EC2 and S3. This was primarily due to the Detection Lab infrastructure that I was playing with. EBS stored volumes caused by AMI’s will cause your bill to shoot up quite quickly. I was also still performing some other lab based stuff and introduced SES into my permanent list of services ill be using. https://blog.agood.cloud/posts/2019/02/24/part-vii-pokemon-value-over-the-long-term/ Sun, 24 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/24/part-vii-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX This month saw the opened Celestial Storm booster box peak at US$72.38 (AUD$101.54) but then settle down to a value of USD$71.74 (AU$100.64). Prices fairly steady but falling which I guess is in line with the set not being as new anymore. https://blog.agood.cloud/posts/2019/02/17/building-detection-lab-in-aws-part-ii/ Sun, 17 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/17/building-detection-lab-in-aws-part-ii/ With the local lab built these are the instructions for getting the Detection Lab into the AWS. How to stand up DetectionLab in AWS - Part II Pre-requisites Part I - Local Install Terraform installation Export VM’s as OVA’s Shutdown each VM and open up the VirtualBox GUI. Select each VM and select “File, Export Appliance”. Select the VM to export Select the output file Enter in any additional product information. https://blog.agood.cloud/posts/2019/02/13/building-detection-lab-in-aws/ Wed, 13 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/13/building-detection-lab-in-aws/ Recently I was made aware of a GitHub project by Chris Long named “Detection Lab” which allows blue teams to see what a particular piece of malware does in an environment and conversely allows the red team to see what breadcrumbs their software may leave behind. Its a 4 lab server consisting of: Microsoft Windows AD Server Splunk Logging A Windows Event Forwarding Server Client Win10 machine Based off the back of last weeks CyberGym training and the fact that there are TerraForm templates for this setup, I decided to give this a shot. https://blog.agood.cloud/posts/2019/02/09/cybergym-defensive-training/ Sat, 09 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/09/cybergym-defensive-training/ This week I had an amazing opportunity to participate in a weeks worth of Cyber Defensive training at Cybergym. Cybergym is an Israeli based IT security company who provide organisations with the training, knowledge and tools to better defend their systems. They provided a tailored training solution with case studies, technical know how, hands on experience through live malware labs. Most importantly, we were able to spend 2 days in their “Cyber Arena” where we were able to apply the new found skills that we had learnt in a full on, real-time simulated environment where our network was attacked by Cybergym hackers brought in from Israel. https://blog.agood.cloud/posts/2019/02/03/setting-up-email-via-ses-and-gmail/ Sun, 03 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/03/setting-up-email-via-ses-and-gmail/ Email for the blog? well that was the next thing I was wanting to tick off the list. Not only for the blog (I’m 99.99% certain I wont ever get an email), but I’ve always wanted to just pass out throw away email addresses for when I attend conferences - just to see who’s giving my email address around. Luckily AWS have a solution called Simple Email Service (SES) which is designed for just this use case. https://blog.agood.cloud/posts/2019/02/01/last-month-in-aws/ Fri, 01 Feb 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/02/01/last-month-in-aws/ Last month in AWS saw me rack up a bill of $3.40 and I expect this to be much lower next month now that I have abandoned Lightsail. The cost breakdown was as follows: As you can see, I did hit a wide range of services for the month and most of the stuff I played with had a free tier limit applied. Its great for spinning up a lab or three and the cost really was minimal. https://blog.agood.cloud/posts/2019/01/30/adding-a-code-repo-to-the-blog/ Wed, 30 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/30/adding-a-code-repo-to-the-blog/ Now that I’ve established the blog, I would like to proof of concept a Continuous Integration, Continuous Deployment (CI-CD) pipeline for it. Its something that I know I will be able to utilise in the future and its a valuable skill to be across given that my line of work does include automation and scripting for both personal and professional reasons. Having the code stored in a git repository is the first step to this. https://blog.agood.cloud/posts/2019/01/29/acloudguru-serverless-for-beginners/ Tue, 29 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/29/acloudguru-serverless-for-beginners/ So the “Serverless for Beginners” is another lab based course brought to you by the folks at A Cloud Guru. Its course details how to build a video transcribing service with a web front end using multiple cloud technologies using node.js. It’s quite a cool little application, I’m not sure I have a real world use for such an application, but any “lab” that gets me to build with multiple technologies isn’t a bad thing when I’m studying for the exams. https://blog.agood.cloud/posts/2019/01/28/edx-aws-developer-building-on-aws/ Mon, 28 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/28/edx-aws-developer-building-on-aws/ So in my AWS studies I came across a course from edX titled “AWS Developer: Building on AWS”. This is an awesome course that gives you hands on experience with multiple services in AWS. Its structured in such a way where each week will only take a few hours to complete and there are 6 weeks of courses. If I recall as long as you are not “overly testing” your solution (which would have to be significant) you are unlikely to go over the free tier on AWS. https://blog.agood.cloud/posts/2019/01/24/part-vi-pokemon-value-over-the-long-term/ Thu, 24 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/24/part-vi-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX In my absence of not blogging, I’ve still kept this little side analysis going, and the full box has now been opened and the result was just as I was expecting. https://blog.agood.cloud/posts/2019/01/23/adding-ssl-to-s3-static-website-via-cloudfront/ Wed, 23 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/23/adding-ssl-to-s3-static-website-via-cloudfront/ So now that i’ve moved the blog over to a serverless architecture I thought I’d take the time to post how I went about enabling SSL and where to from here. Simple Storage Services (S3) Getting a static website up via S3 is super easy. Open up the S3 console -> select your bucket -> go to Properties -> Static Website Hosting. Select Use this bucket to host a website. https://blog.agood.cloud/posts/2019/01/22/goodbye-wordpress-hello-hugo/ Tue, 22 Jan 2019 00:00:00 +0000 https://blog.agood.cloud/posts/2019/01/22/goodbye-wordpress-hello-hugo/ Its been a while since I posted a blog. I have just been really busy with what seems like a never ending stream of things that need to be done. Over the last month or so, I have been getting into AWS a lot for both work and personal use. I was fortunate enough to get a subscription to A Cloud Guru and I have hit that content hard. Very hard! https://blog.agood.cloud/posts/2018/12/21/part-v-pokemon-value-over-the-long-term/ Fri, 21 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/21/part-v-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX So its been a few weeks since I’ve posted an update of where this is at, with the hiking trip and some extra bribery for the kids happening we are now at the 1⁄2 box mark. https://blog.agood.cloud/posts/2018/12/19/hiking-trip-2018-day-7-bimbiri-wilderness-and-home/ Thu, 20 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/19/hiking-trip-2018-day-7-bimbiri-wilderness-and-home/ Despite the rather long week there were just a few more walks to tick off the list. The first being a short 3km return trip to the Rainbow Lake just outside of Perisher. It was a nice stroll through the snow gums. The water had a shade of pink to it which cause by some type of water lily. After that short stroll we drove into the Bimbiri wilderness to have a look at the Blue Waterpools and the Coolamine Homestead. https://blog.agood.cloud/posts/2018/12/19/hiking-trip-2018-day-6-11-peaks-walk/ Wed, 19 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/19/hiking-trip-2018-day-6-11-peaks-walk/ Sleep – its totally overrated, especially when you are the one not getting any sleep to begin with. The overnight weather was perfect. About 10 degrees, not cold at all, but I had made a critical mistake yesterday, one that I didn’t realise in time and that was not applying sun-cream. I was burnt. My legs, arm and face all copped a lot of exposure on the range. Trying to get comfortable wasn’t happening, I’d roll on my side and my burnt legs stuck, on my back and my arms were sticking on the tent floor. https://blog.agood.cloud/posts/2018/12/17/hiking-trip-2018-day-5-11-peaks-walk/ Mon, 17 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/17/hiking-trip-2018-day-5-11-peaks-walk/ This was the start of the main event. We had well intentioned plans at the start to take on the 11 peaks walk at Mt Kosciuszko National Park. Michael and I had many discussions about just about every aspect of this walk up to this point. From the extra weight in our packs, camping at Mullers Pass, daytime weather, night weather, short term forecasts, amount of time available, the amount of snow out on the range, the amount of walking we had already covered up to this point, the way we were feeling at this point etc. https://blog.agood.cloud/posts/2018/12/16/hiking-trip-2018-day-4-mt-buffalo/ Sun, 16 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/16/hiking-trip-2018-day-4-mt-buffalo/ So with my foot about as good as it was going to be with the recovery time I had, today was another test before we drove a further 320kms north. This was a critical point. If my body wasn’t going to hold up then I was going to make the call to come home early. The drive up to Mt Buffalo isn’t the nicest of drives. Its slow, uphill and full of curves. https://blog.agood.cloud/posts/2018/12/15/hiking-trip-2018-day-3-bungalow-spur-razorback-bon-accord-spur/ Sat, 15 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/15/hiking-trip-2018-day-3-bungalow-spur-razorback-bon-accord-spur/ Well today was the big one one. With a bung foot I made the call to not do this long hike in the hope that I still had a chance to complete some of the other walks we had planned later in the week. I dropped my friend Michael off at the trail head nice and early so that he could try to get ahead of the heat and I spent the day soaking my feet in hot baths of Epsom salts, icing my foot and munching on anti-inflammatories. https://blog.agood.cloud/posts/2018/12/13/hiking-trip-2018-day-2-the-kelly-tree-bright/ Thu, 13 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/13/hiking-trip-2018-day-2-the-kelly-tree-bright/ Leaving Mansfield in the morning I had pain, a lot of pain…. Show stopping pain in my right foot. I knew it was bad as I hobbled around and it threatened the rest of the week. We were due to take a day out at Mt Buffalo but given the development, we decided to take an easy day and drove out to the Kelly Tree located less than a km off the Tatong-Tolmie Rd. https://blog.agood.cloud/posts/2018/12/12/hiking-trip-2018-day-1-mt-buller-to-mt-stirling/ Wed, 12 Dec 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/12/12/hiking-trip-2018-day-1-mt-buller-to-mt-stirling/ So it begins, a week of epic hiking planned and it started a day earlier than expected. Lucky for me, I had an easy morning planned in preparation. We left my house around 1:30pm on Sunday with a drive out to our first hike starting at the Mt Buller Alpine Village. The drive is fairly straight forward until you start heading up the Mt Buller Road where there are a series of hairpin turns as you ascend the mountain. https://blog.agood.cloud/posts/2018/11/25/part-iv-pokemon-value-over-the-long-term/ Sun, 25 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/25/part-iv-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX 10 Celestial Storm packets opened now, another bunch of nothing cards from these few packs. Wondering how long it will be before we get some half descent cards now. https://blog.agood.cloud/posts/2018/11/25/setting-up-an-elk-stack/ Sun, 25 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/25/setting-up-an-elk-stack/ Splunk. Love it to bits, use it at work heaps, but sadly for personal use once you go past that 500Mb/day license requirement thats it, get your wallet out. This is where ELK comes into play. Being open source I thought i’d give it a crack. Here is my experience. I know there are plenty of guides online for this, but went through a bit of trial and error for my setup. https://blog.agood.cloud/posts/2018/11/20/part-iii-pokemon-value-over-the-long-term/ Tue, 20 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/20/part-iii-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX 8 Celestial Storm packets opened now, another bunch of nothing cards. The current card counts by rarity are as follows: 33 Common 24 Uncommon 9 Rare 1 Ultra Rare 1 Secret-Rare Total Value as of 19 November 2018 = USD$22. https://blog.agood.cloud/posts/2018/11/18/wols-track/ Sun, 18 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/18/wols-track/ So in an effort to keep on training for the big week I decided to tackle the Wols track located in the Dandenong Ranges National Park. I really do like this NP as it about 4km away from my place, its located in bushland, has a lot of variety and distances as far as I would ever want to do in a day. More on that another time. First walk 50m of vertical up this hill…… https://blog.agood.cloud/posts/2018/11/11/part-ii-pokemon-value-over-the-long-term/ Sun, 11 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/11/part-ii-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX 4 Celestial Storm packets opened now, nothing too special out of these packs, although I did see a drop of USD$0.76 in the course of a week for the cards that have been taken out. https://blog.agood.cloud/posts/2018/11/06/part-i-pokemon-value-over-the-long-term/ Tue, 06 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/06/part-i-pokemon-value-over-the-long-term/ This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX So we finally cracked open the Celestial Storm booster box the other day and I dished out the first 2 packets to the kids, and I thought it would be interesting using my TCG Player API key to track the value over time of both the cards that are contained in the boosters and the booster box itself. https://blog.agood.cloud/posts/2018/11/06/training-for-a-big-week-ahead/ Tue, 06 Nov 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/11/06/training-for-a-big-week-ahead/ So in about a months time, I have an epic week of hiking taking in the Alpine regions in both Victoria and NSW, so I am starting to “train” knowing that there will be a few big days ahead. That being said, I recently completed Mt Juliet which was a good incline primer, but I know one of the days we have planned is a 30km behemoth so I need to get some distance in the legs now. https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-mt-juliet/ Tue, 30 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-mt-juliet/ Before I start ill say that this is not a hike for the faint of heart. The Mt Juliet walking track is a grade 4 track recommended for experienced hikers. It has a reputation of being one of the nastiest hills in Victoria in terms of vertical accent over a short distance. Australian walking track grading system specs can be found here: https://www.ffm.vic.gov.au/recreational-activities/walking-and-camping/australian-walking-track-grading-system Early on Saturday my hiking mate Michael made the trek out to my place (poor bastard had to catch a 5:40am train) so that we could both experience what it would be like to have your ass kicked by a “hill”. https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-wilsons-prom-day-2/ Sun, 28 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-wilsons-prom-day-2/ So the night was warm and the sleep interrupted by toilet runs, kids waking up and birds walking on the roof, but we got a sleep in to around 6am which was a nice change from yesterday. Being awake I took a stroll down to the beach and captured this sunrise picture. Sunrise overlooking the northern part of Wilsons Prom from Yanakie Caravan Park. We had plans to tackle 2 walks today, but the weather looked like it was going to be a wet one. https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-wilsons-prom-day-1/ Sun, 28 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/28/hike-wrapup-wilsons-prom-day-1/ Wilsons Prom, if ever you get the chance to head down to this part of Victoria you wont be disappointed. Its a paradise. I’ve taken my family here a few times now and we are slowly ticking the walks off the list. We started our adventure bright and early on Friday morning leaving at 5am with 200 odd kms to travel to the southern part of the state. A few years ago we attempted the walk from Darby River to Tongue point but it was something that alluded us at that time. https://blog.agood.cloud/posts/2018/10/18/hobby-time-trading-card-games/ Thu, 18 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/18/hobby-time-trading-card-games/ Many moons ago when I was back in high school a few of my school mates introduced me into the world of collectable card games, and in particular the Decipher Star Wars CCG, this was an instant hit with me. I mean what’s not to love about card games and Star Wars? The game had an easy mechanic that didn’t involve anything more than just the cards and the games were relatively quick. https://blog.agood.cloud/posts/2018/10/13/adding-letsencrypt-ssl/ Sat, 13 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/13/adding-letsencrypt-ssl/ Adding a digital certificate from LetsEncrypt was not to hard to achieve. Instead of reinventing the wheel there were 2 documents that I followed from the Bitnami support pages. The high level steps are taken from this link https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ Download the lego client Generate a certificate supplying your email address and domain Configure the web server to use the new certificate Restart the web server Test to ensure you have the certificate installed correctly Setup auto renewal via crontab The next thing I went about doing is ensuring that http is redirected to https. https://blog.agood.cloud/posts/2018/10/09/agood.cloud-is-born/ Tue, 09 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/09/agood.cloud-is-born/ Finally. A domain attached to the blog. Thinking of a domain name is one thing, but ensuring its available is a whole other beast. As a technical person, sometimes creativity eludes me and with such a generic surname finding a name was a bit of a challenge. To register a new domain was quite simple using the Route 53 console within AWS. The cost was USD $23 for a 1 year subscription and the wizard is quite easy to follow. https://blog.agood.cloud/posts/2018/10/02/setting-up-a-wordpress-blog-using-aws-lightsail/ Tue, 02 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/02/setting-up-a-wordpress-blog-using-aws-lightsail/ I am going through a learning curve with AWS, so what better way to get into it than by standing up a new blog using Lightsail. The setup was very straightforward. Login to the AWS console and select Lightsail. Select “Create instance” The AWS Lightsail console Specify the instance location, platform and blueprint to use Follow the bouncing ball through the wizard Select the instance plan and give it a meaningful name. https://blog.agood.cloud/posts/2018/10/02/welcome/ Tue, 02 Oct 2018 00:00:00 +0000 https://blog.agood.cloud/posts/2018/10/02/welcome/ Welcome A blog… Something I probably should have done a long time ago. It’s amazing just how quickly you forget stuff when its not written down! I am an IT Security Engineer / Automation Specialist located in Melbourne, Australia and enjoy coding, technology, trading card games and spending time in the great outdoors with my family, friends and my own. Hoping to share some of my learnings with the blog as a bit of a personal journey. https://blog.agood.cloud/posts/1/01/01/11/ Mon, 01 Jan 0001 00:00:00 +0000 https://blog.agood.cloud/posts/1/01/01/11/ Case #11: Introducing the Reporter responder Table of Contents Case Summary Case Description Task Log Entries Task Group : Task Title default : Where does the report go? default : This is a closed task Case Observables Traffic Light Protocol (TLP) Definitions and Usage Case Summary TLP:WHITE - Disclosure is not limited. | | | | :— | :— | |Severity |Medium| |Created By |admin| |Assignee |admin| |Tags |responder| |Case status: |Open| |Start Date|2019-11-17T05:36:00Z| https://blog.agood.cloud/contact/ Mon, 01 Jan 0001 00:00:00 +0000 https://blog.agood.cloud/contact/ Want to contact me? I'd love to hear from you! Hit me up on Twitter: @agoodcloud_blog or use the form below! $(document).ready(function() { $("#submit").click(function(e) { e.preventDefault(); var name = $("#name").val(), email = $("#email").val(), comment = $("#comment").val(); $.ajax({ type: "POST", url: 'https://eh397ovl0d.execute-api.us-east-1.amazonaws.com/default/reCaptcha', contentType: 'application/json', data: JSON.stringify({ 'name': name, 'email': email, 'comment': comment }), success: function(res){ $('#contact-submit').text('Email was sent.'); }, error: function(){ $('#contact-submit').text('Error.'); } }); }) });