SANS Holiday Hack 2023 Write-Up

Azure 101

  • Get help with az help | less
  • List all resource groups: az group list
  • List all function apps within a resource group: az functionapp list -g northpole-rg1
  • List the only VM in the resource group you have access to: az vm list -g northpole-rg2
    • You don’t have access to any VMs in the other resource group, northpole-rg1
  • Invoke a run-command against said VM so you can run RunShellScript and get a directory listing to reveal a file on the Azure VM
    • az vm run-command invoke -g northpole-rg2 -n NP-VM1 --command-id RunShellScript --scripts "ls"
[StRiNg]::JoIn( ‘’, ChaR[]) & ((gv ‘MDr’).NamE[3,11,2]-joiN
Read More

ECS Golang REST API

Background

This project involves deploying a simple Golang REST API into AWS, using managed services like ECS (with the Fargate launch type) and RDS.

Read More

DevSecOps - Culture

Issue

Teams shifting to DevSecOps implementations often put a heavy focus on technical improvements, and do not strive to align their team culture with that of proper DevSecOps principles.

Read More

DevSecOps - Cattle, not Pets

Issue

One shift from traditional software development practices to DevSecOps practices is the life cycle management of back-end infrastructure, such as servers.

Read More

SANS Holiday Hack 2019 Write-Up

7) HR Incident Response

According to the document C:\candidate_evaluation.docx, the organization “Fancy Beaver” is secretly supported by the job applicant named “Krampus”.

Read More

Docker Compose

Docker is software designed to package an application into a lightweight, portable, and fast self-contained environment. This environment is known as a container.

Read More

Anatomy of a Dockerfile

As explained in another post, a Dockerfile contains instructions on how to build your unique Docker container. It is a simple text file that is easily interpreted by both humans and the Docker engine.

Read More

Docker Quick Start

As explained in another post, Docker is software designed to ‘containerize’ applications. While it can be complex to implement on a larger scale, it is quite easy to quickly launch and test on a single machine.

Read More

Docker Overview

Docker is software designed to containerize applications. To wrap an application in a container is to package your application into a small, lightweight environment that can be run on any machine.

Read More

Python Challenge - Balance

Implementation

This program’s purpose is to determine if a user-supplied string was balanced or not. Essentially, it should determine if the user-supplied string contained the same amount of x characters as it does y characters. For example:

"xxxyyy" -> True
"xxxxyyy" -> False
Read More

Vulnerable VMs - Kioptrix Pt. 1

The Kioptrix series of vulnerable VMs closely resemble the material presented in the PWK course, and the OCSP exam. Kioptrix Level 1 starts out relatively easy, so let’s get started:

Read More