I've been using Wireguard for years to access some key servers from wherever I am without even thinking about it, recently I've been testing a few new services and decided to try another method for getting access to them, one that would not require any action on existing enabled devices. I remember trying nebula some years back, I think I didn't bother making it permentant as Wireguard was working fine for me at the time.
To set this up the plan is to:
nebula-certlocally for genertation of certs.
- Manually setup 1 x standard node.
- Manually setup 1 x lighthouse node (lighthouse is a publically accessible server, at least one is required for best results).
- Automate the process to add additional standard nodes using python or ansible or a combination of both.
I have a very neglected Nagios installation on my LAN monitoring some servers/ services. I never got around to adding additional items to monitor. Finally getting around to it now, I decided to setup a Zabbix server instead as I've used it more recently in production and I know it's pretty straight forward to add additional items to be monitored. The hope being I will be more inclined to keep it up to date.
Install is taken from the excellent documentation, listing my specific steps to help if I ever have to re-do. I'm installing Zabbix 6.4 on a minimal install of Ubuntu Server 22.04.2 LTS.
After moving to a new VM platform I had a large amount of data to transfer from the old host to a new disk on a VM. In order to work within the availalbe space I had to transfer a lot of data, delete it from the host and then grow the disk on the VM so I could transfer the rest of the data over.
First step was to add the initial disk to the VM and bring it online and get it mounted.
For whatever reason, most of the content and training I've consumed to gain better understanding into cyber security has been focused on open source technologies. Someone recently suggested I take a look at Microsoft Sentinel, I looked through some Microsoft Learn content and while the content is very good and informative, I much prefer to learn by doing so decided to implement a quick trial.
Most of the content and steps will be taken from content direct from Microsoft but my goal is, should the opportunity arise for a production implementation in the future, I'll have a jump on things.
Restoring select files and folders from Azure backup is a straight forward process, a disk is mounted in the OS you're restoring to and you can just browse and copy/ paste what you want out. There can be permissions issues however that add some complications to this. Two examples that spring to mind are:
- You have a folder with very restricted access (think management or CEO) and by design Domain Admins do not have access.
- You've setup redirected folders using Microsoft's recommended configuration which by design, has restrictive permissions.
There should be no issue with the above, the backup runs under System so the files get backed up however the way Azure backup does selective files/ folder restores adds complications. The mount is read only (so you can't change ownership) and the permissions persist in the mount (so your admin ac won't have access).
Unauthorised PowerShell scripts can and should be a cause of concern on a network, at the higher end of the risk level many Windows malware or Ransomware campaigns can utilise PowerShell scripts as part of their attack. Blocking PowerShell scripts entirely is not an ideal solution so setting a secure policy Domain wide is a good middle ground.
Key steps for the process are:
- Set domain wide policy.
- Create a code signing certificate and distribute.
- Sign our PowerShell script.
I never got around to deploying Microsoft Local Administrator Password Solution (LAPS) in the previous domains I managed but it seems more and more like a tool I would want to deploy to help reduce lateral movement or domain wide exposure in an Ransomware situation. I'm going through the setup and config in a test environment to see what's what.
I have a Ubiquiti AP at home and configured it a long time ago (years), I wanted to tweak some settings in the config but have long since lost the controller install and config so went to install it again on a VM. I hit a few issues around Java so I'm briefly documenting the steps here for my future self (or anyone else that might find them useful)
I recall first installing Nagios many years ago and having a lot if issues, happily things have improved a lot including some excellent documentation. Below outlines the steps to get my initial installation up and running, I will add a follow up post later when I've got everything I want to monitor added, and have the final structure configured.
I recently took some blue team challenges at Blueteamlabs and a few of them involved analysing a .pcap file to pick some info out and determine what sort of an attack took place and answer a few questions. The first of these was relatively straight forward as the .pcap file was pretty concentrated around the attack so viewing in WireShark it wasn't too difficult to spot the attack and extract the relevant info.
While doing the challenge and scrolling (and scrolling...) through WireShark I wondered what the experience would be like using a more purpose built tool. I'd played around with Security Onion before so spun up a VM (more detailed post on that to follow sometime) to see how the next challenge would go.