Lock down AWS Fargate networking when using ECR as an image repository (VPC Endpoints)

We setup an 'internal only' Fargate task the other day that locked down all outbound egress traffic. This required more effort than anticipated and I want to have some reference I can look back on in case I run into this issue again.

Updated: September 2019 to include notes on how other VPC Endpoints can impact Fargate tasks

Bitlocker asks to verify recovery key after switch to/from legacy boot

We ran out of disk space on an old Dell Latitude E5530 and wanted to upgrade without reinstalling Windows and applications. Clonezilla and an external SATA/USB drive enclosure were used to duplicate the disk.

Once the new disk was installed we had an issue where windows would not boot without validating the bitlocker encryption key. Unfortunately for us we hadn't backed up the recovery key. Fortunately, we were able to get around this issue.

WIFI from the CLI in Linux using wpa_supplicant

I rarely need to configure a wireless connection from the CLI, but when I do it seems like I can't find a concise set of notes on how to it. This page shows some notes I've found on how to successfully configure wifi using the linux CLI.

Troubleshooting Graphics Issues with Kali Linux 2019.2 on an Inspiron 11 3180 (AMD A6-9220e Radeon R4)

It's time to refresh Kali on the systems I take down to DEF CON each year and I was surprised to see Kali didn't "just work" out of the box on my inspiron 3180 like it has in the past. In troubleshooting the issue it appears that there is kernel issue that can cause graphical issues like freezing, flickering and black screen in Linux kernel 4.19 (used by Kali 2019.2).

Extract an APK From Android Devices using ADB

While working on a side project I had a need to extract an APK from my Android phone. This post briefly describes the process on how to do that.

Equipment used: Samsung phone with Android 9, Laptop running Ubuntu 18.04

Golang Implementation of AWS STS Auth Using Kerberos + ADFS

We leverage kerb-sts to authenticate developers to use the Amazon AWS API/CLI. kerb-sts is cross-platform and uses kerberos tickets generated as part of MS AD Domain authentication that Devs use to login to their workstations anyway. This use of kerberos makes it easy to track the identity of users across the environment.

Last week I ran into a rare instance where kerb-sts stopped functioning. 'Something' had changed in our environment which I could not easily determine and that left me in a bind. While I was able to figure out and solve the problem I realized that I needed to improve my depth of understanding around kerberos/ADFS and AWS STS, so I wrote a tool that attempts to perform this authentication in Golang.

If you want to cut to the chase and see the code, head on over to gkerb-sts to take a look

Golang w/SQLite3 + Docker Scratch Image

While deploying a containerized application I made my first foray into docker scratch images. The application is written in Golang and leverages CGO to interact with SQLite databases which posed a small complication.

Curious redirect to HTTP after upgrade to NextCloud 15.02

While trying to get NC Talk to work I upgraded my Next Cloud server to 15.02 and got side tracked troubleshooting an interesting issue: why are my logins now being silently redirected to HTTP instead of HTTPS? I might not have noticed this as quickly if I hadn't disabled HTTP on the box years ago.

Edit: Updated on Feb 7 with new information

Navigating the registration process for the OSCP's PwK Course

I've signed up to take the Penetration Testing with Kali Linux course from Offensive Security and want to make a few notes for other would-be course takers on the process to get registered.

Recovering from a botched attempt at a side by side encrypted Ubuntu installation

I found some time this week to upgrade my laptop to Ubuntu 18.04 (from 16.04). To ensure I could still 'go back' if necessary I went down the path of installing a second hard drive to setup a dual-boot configuration. There's only one problem with this approach: the Ubuntu 18.04 GUI installer doesn't give users the ability to setup a second encrypted ubuntu installation side-by-side with an existing one, even if the target is a new disk.

This set me down a path of adventure and discovery!