An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Reading back up on Vault / Secrets Engines and seeing if anything else has entered the arena recently. Had a chance at work to plug a former colleagues work https://itnext.io/aws-abac-attribute-based-access-control-using-hashicorp-vault-e9a6c07c066e
Personal: Made pot roast, dealing with housing repairs.
Pot roast is a fav.
I'm currently combining a data protection improvement project with security audits of multiple small to medium charities and we're also rebuilding our home (a solar powered fossil fuel free widebeam boat). It's exhausting. I'm also struck by how lack of key skills in some many sectors increases cost and risk!
Don't know much about boats or boat-building but that sounds pretty cool. You're building it completely from "scratch" or starting with a base boat of some kind?
We stripped it back to the hull as there were so many issues with the original fit out. The hull was largely fine, we needed a vent hole too close to the waterline closed and a beam where the weld had popped welded, and then it was re-treating the bilge with Lanoguard to prevent rusting, then building from there. The floor is in (using recycled plastic lumber and sheets) first fit electrics hopefully in the next two weeks. It's a journey :D
I've been working on a locally hosted instance of VaultWarden, deploying it locally is easy with Alpine but I want it accessible remotely. That requires some restructuring and trust. OpenBSD.Amsterdam is a good choice for that, a small instance of theirs works as my front end relaying to a system that connects over WireGuard to my local VW install with PGSQL back-end.
Presently my solution is 1P/BW for low value accounts, but a VaultWarden on a USB Armory Mk II for high value. The Somu works great for storing keys to open the VW vault. Overkill but it was fun to make.
Nice! I have a bunch of services I run locally but have been hesitant to expose to the internet so when I want remote access it's alwys over an openVPN connection. Why did you decide to go this route over just using wireguard directly from your client devices? I presume the openbsd box is just a reverse proxy?
I had some servers sitting around from a previous project and I put them to use.
As soon as I wanted a valid TLS endpoint I was going down the rabbit hole of tunneling the local services; ingress or egress I'd have "trust issues" that I would have to deal with such as where the vaults live and get the database to them, sshfs? zfs smb? nfs? So I decided to extend out for the public services and keep the private services a couple tunnels away from the internet.
The other nice part is that I can make a tmpfs/memfs mount for my vault and cache it at the edge, still working on that one. ;-)
I'm trying to NixOS a try, it's been something I'm curious about for ages. I'm typically use Arch.
Nix has been on my radar for a while too. The approach is takes to reproducibility looks very interesting
Adding timezone support to the website. JavaScript dates suck.
What time format are you using? 64 bit Unix and date time strings should be easy to parse. Just a simple new Date(x).toLocaleString()
It's not that simple. Parsing isn't a problem, it's formatting with a timezone that sucks. It's a pinch point in a lot of different ways. Because MomentJS is in maintenance mode and the Temporal library isn't ready yet, I tried to do it in vanilla JS. Date objects don't do a good job of keeping track of timezone. You can only apply the timezone when converting the Date object to a string with .toLocaleString(locale, {timeZone: "America/New_York"}) and the formatting rules available are not capable of producing the desired not-quite-ISO8601Nanos timestamp (I don't want it to be in UTC, I want that layout with a trailing timezone offset). I fell back to moment but moment-timezone doesn't work well with the Jest tests as they're written. I plan to rewrite a lot when the Temporal library is prod ready but that won't be before this sprint is over.
Just started prep for Pentest+! I'm normally a Jason Dion fan for cert prep but for this one i'm giving TryHackMe a go. It has been surprisingly engaging.
CISSP.
Godspeed.
Thanks. I am being asked to take it by my employer. Halfway through the study guide. For the most parts its been review/refresher from (8 years ago)university.
I just (begrudgingly) renewed mine for this exact reason where a (future) employer might require it.
Any study tips? I'll be taking the new 4 hour(ish) computed aided test. All my friends took the 6 hour paper test a few years ago. I assume you had the same 6 hour test?
I took it in 2016 I think so not sure my advice would be super up to date. Don’t eat a bowl of chili right before the exam like I did. Best advice I can give.
Best damn advice I've ever read
Logscale / Humio Training. Pretty interesting so far, especially seeing the differences between it and Splunk.
Non-technical: Just shipped off a mead for a competition so today will be planning for the next batch.
Technical: Side project web application browser puzzle/word game. First time developing something in node.js so it has become an interesting adventure in learning.
Gotta give the mead a infosec name like "honeytoken" 😆
Very tempted to start using computer vision algorithms in my car to identify and warn me of cops on the road
Data mining maps to geolocate stuff
Currently I’m working on a full lemmy migration, looking around and figuring out how to access everything.
For some reason the usual search method isn’t working to let me view most communities here with my blahaj account, but I can see them publicly, and I can access everything from an alt infosec account I made.
Currently I’m in the gathering and planning phase of my cybersecurity venture in my career.I’ve spent most of my working life in kitchens, but I’ve always been a triple boot style power user. I recently got a Google IT Support Cert to try to help me get my foot into the door and open up my horizons to a better more engaging career.
Same same on the Lemmy/Kbin/Threadiverse migration. My guess(es) on your searching-from-blahaj issue is that it's a defederation issue (larger instances have defederated from blahaj?), a Lemmy-based federation issue (I've seen some stuff on Mastodon recently about issues with Lemmy and federation), or could be a strange instance-specific issue. Are you the instance admin for blahaj.zone or could ask?
Good luck on your infosec journey! Hopefully this community can be of some help to ya. If it you're interested, check out my guide for getting into the field as well - https://shellsharks.com/getting-into-information-security. Cheers!
Yeah… it’s strange whatever it is. That first comment was from my Blahaj but now I can’t pull this comment up for the life of me from there.
Here on the infosec account it showed up though, so I know it went through to some extent, and you replying to me solidifies it.
Hopefully it is just growing pains.
Problem appears to be somewhat related to language settings, and while I could find this post and comment chain again, there are still certain communities from this instance that give me 404 through blahaj.
A web front end for OpenSMTPd. It’s an off/on - mostly off - project.
It’s written in Ruby On Rails and runs on OpenBSD.
It’s a very simple project really - three tables: domains, credentials and virtuals. Ensuring the security of it and writing tests to cover the models, controllers and that everything flows as it should is taking the time and effort. I’m enjoying it!!
Never got much into Ruby. Is that your preferred lang out of curiosity?
It is. The extra stuff bundled in Rails makes web development enjoyable. Ruby allows me to code without thinking too much, it just seems to flow.