Using NodeJS to Connect to Elasticsearch with a Private Certificate Authority

21st Nov 2018

I was asked to help troubleshoot a NodeJS project recently where the team was encountering trouble connecting to an elasticsearch instance securely (via https/tls). They would get an error back about 'self signed certificate in certificate chain`. In examining further, we were able to come up with a client configuration for the elasticsearch library that addressed the issue.


Notes on Navigating an AWS s3 Glacier Restore

14th Nov 2018

Yesterday marked a first for me: I had to restore a few objects from a large S3 bucket that was backed up to Glacier. Along the way I learned a few things:

  1. Objects sent to glacier permanently retain the GLACIER storage class
  2. If your S3 objects were replicated across an AWS Account boundary, you might not have 'full control' of your objects (but AWS will gladly let you pay them to store them)
  3. The AWS CLI is unhelpful when it comes to recursively copying objects that are restored from glacier

The objects can be restored and downloaded, it just takes some specific knowledge


Exploring the Qualys API with golang

25th Oct 2018

This past week I've been getting to know the Qualys API by writing an integration with Go. Along the way I've found some quirks that are worth mentioning for anyone getting to know the Qualys platform at the API level.

To jump straight to the sample code repository, you can go to the qualys-api-samples repo on GitHub.


Get Started with SQLBoiler [SQLite]

23rd Oct 2018

Over the last year I've been learning the Go programming language and overall it's been a pretty positive experience- except when it comes to quickly and easily interfacing with databases. While Go does include a 'sql' package targeted at low level interaction with database backends, out of the box you are not provided with something higher level (think rails ActiveRecord). For higher level abstraction there are many community supported packages available, which makes it time consuming to try/test each one and see if it fits your needs. Today I'm writing about SQLBoiler, specifically about working with its SQLite integration.

Update (2018-10-25): Now includes instructions for building sqlboiler as well as sqlboiler-sqlite3 and ensuring both of them are in the same directory or system path before usage.


EC2 Metadata Extractor

16th Oct 2018

While performing a security assessment this last week I found that the applications ran in a containerized environment on AWS EC2 instances. The EC2 meta-data service was available to be queried from within these application containers (not a best practice) and exposes a rich array of information for any would-be attackers who can gain a shell into the container or cause the application to perform SSRF against the local metadata service endpoint.

I wanted a quick way to query all of the meta data and user-data exposed by the EC2 meta-data service and created this metadata extractor script.


Get SmallWorld 2 running on Ubuntu 16.04

14th Oct 2018

I'm a big fan of the Small World board game and was pleased to see they have a version available on Steam. Unfortunately it did not run correctly on my primary system (Ubuntu 16.04). In fact, it did not start at all. When I ran it at the CLI I found error messages that aided me in my quest to get the game running. Read on for the details.


DEF CON 26 Notes

25th Aug 2018

This is my 6th DEF CON and I plan on coming back for more! There is a lot of life and energy at the con that I haven't been able to find at other conferences. A big appeal to me is that DEF CON itself is kind of a wrapper event where you find a number of mini-conferences (called Villages), so even if the main tracks don't interest you, odds are you'll find something at the 27-ish villages that run at the same time.


Black Hat 2018 Session Notes

11th Aug 2018

This year's Black Hat USA conference was pretty solid. Every timeslot had something available that I found interesting and often times I had to pick between competing sessions that captured my interest. Conference organization and crowd control was excellent again as usual. The mobile app this year had more features than in previous years, which I appreciate, though it does lose a few points for complicated and missing capabilities.

For a quick reference on the sessions and tool demos, see the Briefings and Arsenal pages


Review of Black Hat Advanced Infrastructure Hacking Training (2 day edition)

8th Aug 2018

I had the chance to attend Black Hat this year and attend a 2 day of my choice. This year I took the Advanced Infrastructure Hacking - 2018 Edition: 2 Day session sponsored by NOTSOSECURE. It can be hard to find reviews of these trainings so I think it's worthwhile to post my thoughts here.


Rough Notes From RSA 2018 Conference Sessions

23rd Apr 2018

My notes from RSA 2018 sessions and labs. I've sanded off the rough-edges from my raw notes. Might still be a bit 'bumpy'