December 17, 2021

Server Rebuild

Rebuild my main server, which currently has a 2x2 striped mirror ZFS pool (8TB usable), KVM, LXC and a few native servers. I needed more space (so adding another 4tb), which meant a case change (from an old Supermicro workstation to a cheap 3u rack mount). Unfortunately, this new case didn’t work out: I needed more SATA ports, so I needed a HBA, so I needed more PCIE slots, so I needed to change out to a full ATX board, which doesn’t fit with the HDD bays mounted. Now, I need to get a 4u chassis, move the server to that, and use the 3u for a container host to serve replies for the ZFS pool.

December 13, 2021

Progress

In lieu of any real progress on my prior projects, I am just getting some more thoughts down. The goal is still to do some Haproxy server from a VPS into the local network, where there will be a containerised and segmented DMZ for the servers to show off. These will all be behind some form of MFA based SAML login server, (thinking Keycloak with one of a few SAML servers) to keep people who they say they are.

November 22, 2021

Identity Woes

Been looking at server to use as identiy backends for a build out of my infrastructure in a clear and manageable way. I want to use centralised identities, and in my head I had SAML, but the servers I use do not use it natively. I can look into locking down the reverse proxy with SAML and just use Keycloak, as an easy server to set up, but going with a different tool such as Gluu or LemonLDAP-ng would give me multiple backends to work with. That brings into question what’s really the point of settings up security with MFA if I end up using LDAP or RADIUS and disregard the MFA to begin with?

November 16, 2021

Projects

Been struggling again keeping the projects on going, but I started a page of notes regarding projects and some dev ideas. I intend to build up an Okta-like universial directory, with LDAP, SAML, etc, and plug infra into it. Some who have been following may have noticed the codenames.py application, which is intended to be a part of a game I want to write about espionage.

At work, we have been going to lunch often, so I want to write a program that suggests where to go based on what people like/want, balanced against things that are important to them, such as time, distance, price, etc. Could be fun, would likely try it in Go, as the coworkers like that.

October 29, 2021

Blackarch

I have been using BlackArch linux for some pentesting and live USB work. It is an arch based distro with its own special repo for the pentesting tools. So far, it has worked out for me, really as much as I felt Kali did. It uses fluxbox as the WM instead of XFCE like Kali live does, which is a ligher footprint, but not as easy when using live to use wireless. I have used wpa supplicant before, but had issues with DHCP on blackarch for some reason.

October 25, 2021

HackTheBox Day 2

I spend the day yesterday on hackthebox.eu. I breezed through the Proving Grounds sections, then got dropped in with the released labs. I’m in for some learning. I was on the right track in the one lab I did complete, but was missing some pieces to complete the pwn by myself. Looking forward to my first no-cheating attack.

Also expect to learn some skills from the challenges. I like the OSINT ones or ZIP file based where you have to do the analysis and get it yourself. Stay posted, as I start sharpening skills there and build up a decent lab. I rebuilt my switching and intend to build up a DMZ to lock down whatever bad things I put there.

October 18, 2021

gameutils Progress

I spent a lot of time, perhaps an hour a day working on my gameutils frostgrave script. It is currently in a bit of a borked state as I left something unfinished for too long as I was reading a book and need to put in the final stretch. I do want to finish it, as I want to get a project going for the Level1Forums devember challenge. I have some ideas, some more grandiose than others.

October 18, 2021

Virt-Builder at Work

At work, we use a very basic KVM stack. It’s bog standard KVM, with virt-manager to mess with VMs as needed. I would not recommend this, but its legacy and its there. VPSes like AWS and Linode have some pretty great scripts to roll out VMs based on a distro and a “tshirt size” of small, medium or large, essentially. We wanted to recreate this process without using any special tools like OpenStack or Proxmox, so we ended up doing it with virt-builder and Ansible.

September 26, 2021

Cyberattack

At work last week, I saw my first real cyber attack. It involved a comprimised user account and our VPN, and I saw how woefully unprepared our org was for such an event. The IT team did not really know how to respond, and we had so little in place in terms of safeguards or even watchguards. I’m glad that I have embraced security as my profession, and am able to help people in this world of cyber crime. It has helped me make my choice on career and certs in the remainder of the year.

September 21, 2021

More gameutils

I started moving a script I was writing from go to python, but I am now seeing the different tiers of closeness to the machine between go, python, and sh. In sh, I am used to using variables where-ever, including stringing them together to call things by “string” + $var. That does not work in go or python. But, with python I do not need to worry about reflection in lists/arrays, as I can call the contents of the arrays by index number.