stream of engineering
If you have a need to store secrets in a secure manner there are numerous options out there; one of the more popular and cloud agnostic ones out there is Hashicorp Vault. If you've used Vault you are likely familiar with its concept of tokens, but you may or may not be familiar with the … Continue reading Simplified orphan token creation for Hashicorp Vault
Slack "Slash Commands" can be a very useful tool to write a CLI to interact with other applications that you manage. In short the contract works something like this; from within a slack channel that the commands are available you would type: /my-command [text arguments] Seems simple enough, however you need to implement a REST … Continue reading Slack Slash Command security
This article is a followup to my previous post about testssl.sh-processor. In short, now that I had mass execution of many endpoints, I now needed to be able to do something with all the testssl.sh command invocation JSON result files laying around. My goal was to be able to react to each JSON result file … Continue reading Slack alerts for testssl.sh
If you secure your entire infrastructure at the transport layer with end to end SSL for both internal and external traffic, then you likely have a ton of endpoints, each with their own SSL software stacks and a wide array of different certificates, some CA signed, others not etc. Both the amount of these and … Continue reading Batch processing testssl.sh commands
In the recent past I was helping on a project who's objective was to migrate off of a very costly proprietary appliance based API gateway solution, and move into a cheaper alternative; preferably an open source api gateway offering. The main challenge was that a large percentage of the APIs to be migrated were legacy … Continue reading Migrating APIs to Tyk
Had an Asus router die today, so in a pinch I went out and bought a Google WiFi router after hearing "good things". I have a few wired devices and several wifi connected devices and I also have needs for port forwarding. The first thing you will notice that is quite different from other routers … Continue reading Google Wifi router, port forwarding, you have no devices, privacy
Note: the information here is out of date: take a look at: https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information Often when building a docker container, your Dockerfile needs to pull down some code from a privately secured source control system like Git or SVN via SSH. In order to do this, the build process will need a valid ssh configuration local … Continue reading Safely build docker images with git svn ssh private keys
Please see: https://github.com/bitsofinfo/powershell-credential-encryption-tools Recently I had the need to store some credentials for a powershell script (i.e. credentials that I ultimately needed in a PSCredential object). The other requirement is that these credentials be portable and "user" independent, meaning that they could not be encrypted using the DPAPI (windows data protection api) as that binds … Continue reading Encrypting and storing powershell credentials
Note, the patch described below is now merged into the official logstash-filter-cipher plugin as of January 2016, version 2.0.3 UPDATE: Note the pending patch to fix various issues and add random IV support for encrypting logstash event messages is located here here: https://github.com/logstash-plugins/logstash-filter-cipher/pull/3 Logstash can consume a myriad of data from many different sources and … Continue reading Encrypting Logstash data
Recently had a need to take tons of raw ModSecurity audit logs and make use of them. First used Logstash and then attempted with Apache Flume (see previous articles). Next in line was Fluentd which is what this article is about, long story short I ended up just having to write a Fluentd output plugin to take the output … Continue reading Processing ModSecurity audit logs with Fluentd
bits.of.info 